The White House’s America’s AI Action Plan gives the Department of Homeland Security (DHS) and the intelligence community (IC) a timely nudge: Harden AI systems, mature incident response for AI-dependent missions, and ready secure infrastructure for national-security workloads. For program leaders trying to turn pilots into production, that policy tailwind sets the stage for a shift from reactive cyber operations to AI-enabled cyber intelligence that finds weak signals early and prioritizes what to fix first.
That shift – and what it looks like on the ground – was the focus of a recent conversation with two General Dynamics Information Technology (GDIT) leaders supporting DHS and the IC: Ryan Deslauriers, who leads the Eclipse Digital Accelerator, and Nabeela Barbari, business area vice president for cyber, law enforcement, intelligence, and citizenship.
AI is going to help us become “more proactive than reactive,” Barbari said. “Industry and the commercial community are going to find some of these adversarial behaviors [with AI] before the government will – and vice versa. Our trusted partnership is one of the biggest keys to our shared success in this space.”
Turning Data Sprawl Into Risk Decisions
On large, distributed networks, security teams can drown in scans, tickets, and dashboards. Deslauriers said GDIT built Evergreen to change the workflow by aggregating data across systems, mapping relationships, and applying AI to prioritize risk.
Evergreen’s impact is showing up in hard numbers. On multiple government programs, it has helped increase cyber remediation by nearly 400 percent, Deslauriers said. Tasks that once took eight days can now be completed in seconds, according to GDIT – offering a preview of what AI-accelerated remediation can look like at scale.
As agencies expand AI usage, national frameworks are taking shape to secure it. Announced in July 2025 as part of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST is developing a “Cyber AI Profile” to dive deep into the full AI tech stack, and guide the cybersecurity community on AI security risks, usage, and development. Workshop discussions will include supply chain security with AI, continuous monitoring, transparency, workforce training, data stewardship, and red-teaming – covering measures to assess, secure, and monitor AI systems.
Moving From Hygiene to Higher-Order Tradecraft
Early cybersecurity wins with AI inside DHS and IC agencies have centered on automating routine cyber hygiene – continuous scanning and patching – so analysts can move up the value chain. “We’re trying to work around the clock to stop enemies against us,” Deslauriers said of the push to automate scanning and vulnerability assessments.
That higher-order work is where AI starts to look like cyber intelligence. Evergreen aggregates telemetry and context across enclaves and tools, normalizes it, and applies analytics to expose blast radius and time-to-impact. For distributed DHS and IC operators, the output is a single operating picture that tells you what to fix next – and why.
Seeing Signals of Compromise Sooner
Beyond risk scoring, Deslauriers said teams are applying AI to behavioral analytics: “We’re tracking user behavior to understand what’s normal and flagging when it’s not.”
Barbari uses a bar-door analogy to describe predictive analysis: Imagine the bouncer who checks IDs is also scanning the room for early signs of trouble and moving people out before an incident. With identity, access, and activity data in hand, the same pattern applies to cyber – spot anomalies early and act faster.
Keeping Humans in the Loop – by Design
Both leaders emphasized that AI is an augmentation, not a replacement. The point isn’t to replace humans; it’s to free them for the “so what” and “what next” decisions, Barbari explained. AI can augment decision-making, modernize operations, and improve efficiency, but it won’t replace the mission understanding, ethical reasoning, and creative problem-solving that human analysts bring to national security.
While AI can surface risk faster, humans are still essential for model tuning, context interpretation, and strategic direction, Deslauriers emphasized.
“We try to start on the right – what the customer wants to see – and work backwards,” he said. “Fine-tuning models to actually do what we want them to do is still a human job.”
Embracing AI for Cyber Intelligence Today
DHS and the IC are sitting on an unprecedented volume of operational and cyber telemetry; AI gives agencies a way to turn that data into prioritized action – today.
“It is going to exponentially make government more efficient and more effective in ways we’ve yet to see,” she said.
The bottom line: With policy momentum and proven templates in hand, DHS and the IC can move from pilots to operational cyber intelligence, using capabilities like Evergreen to predict, prioritize, and preempt.
The payoff: faster time-to-defend and measurable risk reduction.
To learn more about cyber intelligence in homeland security and intelligence agencies, view the discussion and gain additional insights.