White House AI Executive Order Highlights Growing Cybersecurity Gap for Critical Infrastructure

The White House's latest executive order on artificial intelligence is designed to accelerate federal AI adoption and strengthen America's leadership in the technology race. But as agencies move to integrate AI across government operations, cybersecurity experts warn that a deeper challenge is emerging beneath the policy discussions: critical infrastructure operators may not be equipped to defend against the rapidly evolving threats that AI is helping create.

The June 2 executive order emphasizes speed, innovation, and government-wide adoption of advanced AI systems. While those goals align with national competitiveness priorities, security leaders say the conversation must also address the widening divide between AI-powered offensive capabilities and the defensive resources available to many organizations that deliver essential services.

That concern is particularly acute across sectors such as healthcare, water utilities, transportation, and municipal services, where aging operational technology environments often coexist with limited cybersecurity budgets.

Recent research from Claroty's Team82 security research group illustrates how dramatically AI could reshape vulnerability discovery. According to the company, a large language model was able to conduct end-to-end vulnerability research in under ten minutes, identifying previously documented weaknesses and generating a disclosure-quality report with minimal human involvement.

The findings underscore a growing reality facing defenders. Tasks that once required highly specialized expertise and significant time investment can increasingly be automated, potentially reducing the time between vulnerability discovery and active exploitation.

For critical infrastructure organizations already struggling to keep pace with cyber threats, the implications are significant.

Many operators function with limited security staffing and constrained budgets while managing systems that support essential public services. Industry experts have increasingly described these organizations as operating below the "cyber poverty line," facing sophisticated threats without access to the resources commonly available to large enterprises.

Compounding the challenge is the age of many industrial and operational systems. Unlike traditional IT environments, critical infrastructure operators often rely on equipment designed decades before modern cybersecurity threats emerged. Many devices cannot be easily patched, upgraded, or replaced due to operational requirements, safety concerns, or cost constraints.

As a result, the assumption that organizations can simply modernize their infrastructure to accommodate AI-era security challenges often fails to reflect operational reality.

Jen Sovada, Public Sector General Manager at Claroty and a former U.S. Air Force Colonel with more than 25 years of intelligence and national security experience, believes resilience must remain the priority as government agencies accelerate AI adoption.

"It’s important that our government agencies move with intentionality when it comes to AI adoption and take a resilience-first approach," Sovada said. "The Executive Order aims to move fast, which is necessary given the speed of frontier model access, but agencies need to keep in mind the domain-specific needs of critical infrastructure sectors."

According to Sovada, network segmentation remains one of the most effective defenses available for operational technology environments where legacy systems cannot easily be updated or secured using conventional approaches.

"Foremost among these considerations is establishing robust network segmentation as the primary defense strategy, especially in operational technology (OT) environments where devices are often end-of-life, lack encryption, and cannot be taken offline for updates due to mission-critical functions," she said.

She added that segmentation should be viewed as a foundational security requirement rather than a supplementary control.

"A strong segmented architecture provides the foundational defense necessary to protect systems that cannot be conventionally maintained, with patching and remediation as secondary. Achieving this ensures resilience in environments where operational downtime would otherwise have potentially devastating impacts."

The broader question raised by the executive order extends beyond AI governance and regulatory frameworks. As AI capabilities continue to compress attack timelines and lower barriers for offensive research, policymakers and infrastructure operators alike face a pressing challenge: ensuring that defensive resilience evolves at the same pace.

For critical infrastructure sectors that depend on aging operational technology, the success of AI adoption may ultimately depend less on how quickly organizations embrace the technology and more on whether they can strengthen the security foundations needed to withstand AI-accelerated threats.