For years, the government has had a threat intelligence problem that had nothing to do with the quality of its intelligence.

The NSA, CISA, and the Defense Intelligence community have long collected some of the most sophisticated threat data in the world. The problem was never what they knew: it was how fast they could share it, who could actually receive it, and whether the organizations on the other end had the tools to do anything with it.

For the Defense Industrial Base, that gap has been quietly dangerous for a long time. Nation-state adversaries have learned to exploit it, actively targeting the parts of the supply chain where intelligence doesn't reach, where it arrives too slowly, or where there's no one available to act on it.

AI is beginning to change that equation in meaningful ways. But understanding how requires understanding the gap it's trying to close and where the DIB needs to change its approach to cybersecurity. 

The intelligence gap the DIB has been living with

When Morgan Adamski, who led the NSA's Cybersecurity Collaboration Center before joining the private sector, described the early days of government-to-industry threat intelligence sharing at the 2026 Secureframe National Cybersecurity Summit, she was direct about what wasn't working.

"The problem we were trying to solve by creating the Collaboration Center was ensuring that we could have real-time conversations between the individuals that understood the intelligence and the people that needed to receive it and action it."

The word "real-time" is important. Traditional threat intelligence sharing with the DIB was slow, transactional, and often arrived stripped of the context that would have made it actionable. A raw indicator (an IP address, a malware signature) tells a security team that something is bad. It doesn't tell them why they should care about it today, whether their environment is likely affected, or what to do first.

As Adamski explained, "Context allows defenders to prioritize things. So if I tell you this actor's trying to steal your crown jewels, you're likely going to care about it more than me telling you, oh, hey, I think there might be something over there."

The second structural problem was scale. Working directly with large prime contractors was feasible. Reaching the thousands of smaller subcontractors and suppliers that make up the broader DIB supply chain wasn’t, at least not through human-driven processes. "The difficulty with the defense contractor base is that there's so many defense contractors, and not all defense contractors were equipped to be able to take that information and do something with it," Adamski noted.

The third problem was timing. The threat intelligence gap isn't just about volume, it's about velocity. As Rob Joyce, former NSA Director of Cybersecurity, told Summit attendees: "The adversary is running an AI speed campaign. Your defense can't move at manual audit speed."

That asymmetry is accelerating. The 2026 Verizon Data Breach Investigations Report found that vulnerability exploitation has surpassed credential theft as the leading breach vector for the first time, with time-to-exploit now measured in hours rather than days. Third-party supply chain breaches jumped 60% year over year, now accounting for nearly half of all confirmed breaches. The median time-to-patch has grown to 43 days (up 34% from the prior year) even as attack windows compress.

The gap between when a threat is known and when it reaches the organizations that need to defend against it has become a primary attack surface.

6 in 10 DIB organizations have tangible threat intelligence gaps 

Poll data collected across the Summit sessions painted a detailed and sobering picture of where DIB organizations stand today. 

When asked how confident they are in their organization's ability to detect and respond to a nation-state level cyber threat, 46% of respondents said they were only "somewhat confident". Another 11% said they were not confident at all, lacking visibility or resources. Only 28% described their detection and response capabilities as mature.

That's nearly 6 in 10 DIB contractors who know they have gaps against the kind of threats that Joyce and Gen. Paul Nakasone named as the primary risk to the supply chain.

The threat intelligence picture was equally revealing. When asked what types of threat intelligence their organizations currently consume, 16% of respondents said they don't consume any structured threat intelligence at all. Of those who do, fewer than half are accessing government feeds such as CISA alerts or FBI Flash Reports, despite those being freely available to any organization with a DoD contract.

When asked which emerging threats concern them most over the next 12 to 24 months, AI-powered cyberattacks and deepfake-based social engineering ranked first, selected by the overwhelming majority of respondents and often in combination with escalating nation-state aggression and quantum computing threats to current encryption. The threats organizations are most worried about are precisely the ones that outpace human-speed defenses.

Nearly a third of respondents described their cybersecurity strategy as built primarily around meeting compliance requirements. Another 16% said their security and compliance efforts are still being defined. Only 10% reported operating a security program that functions independently of compliance.

In a threat environment where adversaries are operating at machine speed with AI assistance, compliance-first security programs have a structural problem: they're optimized for audits, not for the continuous detection and response that a nation-state intrusion demands.

The relationship problem AI can't solve 

Adamski was careful to identify one element of effective threat intelligence sharing that technology cannot substitute for: trust built in advance of a crisis.

"You can't build trust in a crisis. Nobody likes when a firefighter shows up with an extinguisher after a fire has already happened. So I think it's important that you build relationships, you have honest conversations, you know how to pick up the phone when you're in the middle of something that you don't know how to deal with."

This is where the human side of the intelligence gap persists. Automated systems can push indicators and context at scale, but they can’t replicate the operational relationship between a contractor's security team and a government liaison who already understands that organization's environment, priorities, and constraints.

For DIB contractors looking to close this dimension of the gap, Adamski's message was clear: the government's collaborative infrastructure (the Collaboration Center, the DIB-ISAC, sector-specific ISACs) exists specifically for this purpose and is underutilized. 

Despite ISAC sharing being one of the more structured and actionable forms of threat intelligence available to DIB contractors, fewer than half of Summit respondents indicated they were participating in any ISAC program.

Joyce reinforced this directly, noting that the NSA Cybersecurity Collaboration Center serves "well over 100,000" eligible organizations. "So many of you on the call qualify and don't know it. You're not alone in this.”

Why federal cybersecurity leaders are optimistic about the future of defensive AI

General Paul Nakasone, who led the NSA and U.S. Cyber Command for nearly six years, offered both a warning and a longer-term framing at the Summit.

The warning: the adversary's AI capability is already operationally deployed. China's approach combines scale, sophistication, and speed in ways no other nation can match, and AI is accelerating all three vectors simultaneously. "We've known about Volt Typhoon for three-plus years, but we still haven't been able to remediate, for the large part, where they're at in our critical infrastructure."

His long-term view was more optimistic: AI-driven defense, in Nakasone's view, will eventually be harder to breach than human-operated defenses. Not because AI is infallible, but because a well-configured AI-driven system eliminates the human scheduling, attention, and fatigue limitations that adversaries have learned to exploit.  

"Long term, I'm super optimistic that these tools and AI will give defense a huge advantage. It will be super hard to get into a well-configured system that AI is driving and maintaining. But this window between today and that nirvana of AI as really good defense is going to be a painful time for some of us."

Practical steps for DIB organizations to protect themselves

The most effective path forward for the DIB combines accessing the government resources that already exist, building the relationships that make those resources useful, and deploying AI defensively.

Access free NSA resources

The NSA Cybersecurity Collaboration Center at nsa.gov/ccc offers threat intelligence sharing, protective DNS, attack surface management scanning, and a vulnerability disclosure pipeline, all free to any organization with a DoD contract. If you haven't registered, this is the highest-return action available to any DIB contractor regardless of size.

Participate in sector ISACs

The DIB-ISAC exists specifically to share threat intelligence relevant to defense contractors. Poll data from the Summit suggests participation rates are low. ISAC sharing provides contextualized, sector-specific intelligence rather than generic alerts, and that distinction matters when you're trying to prioritize a finite response window.

Move threat intelligence from receipt to action

Many organizations receive government feeds but lack the internal process to act on them within a relevant window. AI-assisted monitoring tools can automate the triage step, flagging what's relevant to your specific environment and prioritizing by exploitability, reducing the time between receiving intelligence and acting on it.

Build relationships proactively 

As Adamski emphasized, trust cannot be built in a crisis. Engaging with your CISA regional advisor, participating in joint exercises, and establishing contact with sector information sharing programs before an incident gives you a network to call on when the window to act is measured in hours.

Treat compliance as part of your security program, not the foundation 

Nearly a third of Summit attendees described their cybersecurity strategy as primarily compliance-driven. Rob Joyce's summary of where that leaves organizations was direct: "Compliance is the floor, not the goal. Continuous protection is where you've got to go."

How Secureframe Defense helps close the gap

Acting on threat intelligence requires more than awareness. It requires knowing exactly what's in your environment, maintaining continuous visibility into how your controls are performing, and being able to move quickly when something surfaces.

Secureframe Defense gives DIB contractors continuous, automated visibility into their cybersecurity and compliance posture, so that when a threat feed flags a vulnerability or a new advisory lands, your team knows immediately whether it's relevant to your assessed environment and what controls are affected.

Secureframe helps DIB organizations:

• Maintain an accurate, live picture of their environment. Asset inventory and continuous control monitoring mean your SSP reflects how your systems actually operate today, not how they looked on assessment day. That real-time accuracy is the foundation that makes threat intelligence actionable.
• Detect drift before it becomes a gap. Continuous control monitoring and automated evidence collection flag when something changes in your environment, so you're not discovering a compliance gap during an adversary intrusion or your next C3PAO assessment.
• Reduce the manual work that competes with proactive security and remediation. Automated SSP generation, POA&M tracking, and evidence collection free your team to focus on the security operations that remediation efforts that strengthen your defenses.
• Move from periodic to continuous assurance. The annual assessment cycle is a compliance requirement. Continuous protection is a security requirement. Secureframe Defense is built to support both, so your compliance and security postures stay aligned between assessments.

Talk to one of our product experts to see how Secureframe Defense can help your organization build the security program that your threat environment actually demands. 

Note: Quotes from Rob Joyce, Morgan Adamski, Bob Costello, and General Paul Nakasone are drawn from their sessions at the Secureframe National Cybersecurity Summit, May 11–13, 2026. Poll data reflects responses from Summit attendees across multiple sessions.