The rapid advancement of artificial intelligence (AI) is reshaping the technology landscape, prompting policymakers to address its implications. Over the past decade, developments in cloud computing, social media, and the Internet of Things have transformed organizational operations and data flows, creating new vulnerabilities for cyber threats. As AI accelerates these changes, it has emerged as a top priority for lawmakers, who are now tasked with balancing its benefits against associated risks.
In 2025, approximately 1,000 AI-related bills were proposed across the United States, with all 50 states considering legislation on the topic. However, the momentum of these legislative efforts may be affected by federal directives stemming from Executive Order 14365, issued on December 16. This order initiated various workstreams for federal agencies, which could significantly influence state laws. The evolution of AI policies will be closely monitored as the interplay between federal and state regulations develops.
Policymakers, both domestically and internationally, are likely to grapple with the implications of AI for years to come. The critical integration of strong cybersecurity measures into AI governance is essential. National and international efforts can inform state-level policy decisions, impacting the broader regulatory landscape.
In 2025, comments were submitted regarding the America AI Action Plan and similar initiatives in the European Union and Canada. These comments emphasized the interplay between AI and cybersecurity. The U.S. plan comprises over 90 assigned actions that will shape federal AI usage and influence requirements within the private sector, states, and global standards.
Regulatory approaches are shifting from broad, uniform frameworks to more targeted sector-specific policies. This trend is particularly evident in critical infrastructure areas such as defense, healthcare, and finance. CrowdStrike, a prominent cybersecurity firm, has actively engaged with regulators in states like New York and California, where agencies are implementing sector-focused strategies that could set national precedents. The healthcare sector, for instance, accounted for 9% of documented cyber intrusions in 2024, as noted in CrowdStrike’s 2025 Global Threat Report. This has spurred both New York and the European Commission to advance cybersecurity guidelines for hospitals, which may influence global practices in 2026.
While sector-specific regulations can provide tailored benefits, they also present challenges, such as potential fragmentation and overlap with existing frameworks. Without prioritizing harmonization, these regulations could inadvertently hinder innovation and impose new challenges on the very industries they aim to protect. CrowdStrike is urging policymakers to carefully weigh these trade-offs to avoid unintended consequences.
Many traditional security standards were designed for an era dominated by on-premises systems and static networks. The evolution of cloud-native environments and increasingly complex supply chains necessitates a modernized approach. In 2025, regulators accelerated efforts to update these standards, as seen in initiatives like the National Institute of Standards and Technology’s Privacy Framework update and FedRAMP’s review of cloud authorization processes.
Modernizing legacy standards is vital not only to eliminate outdated requirements but also to clarify expectations surrounding cloud security, identity management, software supply chain risk, and continuous monitoring. When widely adopted standards lag behind current practices, organizations are left to navigate requirements that may not enhance security and could even introduce exploitable gaps.
Looking ahead to 2026, CrowdStrike aims to influence effective cybersecurity policy that helps organizations defend against evolving threats. For years, the firm has encouraged the inclusion of endpoint detection and response, threat hunting, and quicker security operations in cybersecurity regulations—now recognized as foundational tools. Today, CrowdStrike is advocating for the smart application of cloud security, next-generation security information and event management, identity threat detection and response, and AI-enabled cybersecurity measures to protect AI systems themselves.
2026 is poised to be a year of intensified policy action as a new National Cybersecurity Strategy is anticipated, alongside potential executive orders and rapid movement among states. Policymakers are set to make decisions that will shape the security landscape for years to come. As these efforts unfold, CrowdStrike will continue to provide practical expertise, aiding policymakers in crafting effective measures that enhance cybersecurity resilience and empower organizations to counteract daily cyber threats.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
