In an era where a cyber attack happens every 37 seconds, the federal government faces unprecedented challenges in protecting its IT systems and infrastructure. As nation-state actors and cybercriminals become more sophisticated, traditional security approaches are no longer sufficient.
Federal agencies must remain secure while balancing new regulations, limited budgets, and the rise of artificial intelligence (AI). While not a silver bullet, AI technologies are proving to be powerful allies in the fight to secure federal systems. They help agencies do more with limited resources and quickly adapt to emerging threats. At the same time, the software development boom — driven in part by AI and open source — will require agencies to ensure they have more visibility into the license and security risks associated with their software.
Here are four major changes we expect to see in federal cybersecurity during 2025:
1. AI will help stop cyber attacks before they happen
In the past, agencies would often react to cyber attacks after they happened. Now, AI is becoming essential for proactively preventing attacks. For example, the Department of Homeland Security uses AI to look through huge amounts of data to find possible threats.
More agencies will start using AI in 2025. GitLab research found that nearly half (47%) of public sector respondents were already using AI in the software development lifecycle in 2024; another 33% plan to start using AI by 2026. It makes sense that federal agencies would embrace AI tools that can spot dangerous activity much faster than humans can — sometimes in minutes instead of days. This is especially helpful for agencies that don't have many staff members.
However, AI isn’t perfect on its own. People still need to check its work and ensure it’s making good decisions. Humans are also needed to guide AI and devise new ways to use it.
2. AI will help agencies modernize legacy code
Many government systems use old programming languages that aren’t very secure. About 70% of security problems come from this legacy code. AI can help agencies modernize legacy code to reduce the risk of security vulnerabilities.
The federal government has prioritized memory-safe programming languages to help avoid common software vulnerabilities. AI can automate tasks like code refactoring and analysis, helping organizations transition from memory-unsafe languages like C to more secure alternatives such as Rust or Go.
AI tools can also look at old code and suggest ways to make it better and more secure. This helps agencies modernize their systems more quickly and protect against new threats.
3. AI will simplify compliance
DevSecOps, compliance, and AI are on a collision course. Automation is the key to making compliance integral to software development and making it a more real-time activity than the traditional clipboard or checkbox approach.
Government leaders are increasingly grappling with the complexities of compliance. AI simplifies this process by automating monitoring. It can warn agencies about problems immediately and help fix them, reducing the burden on compliance teams.
Compliance checks will become a natural part of creating and updating software as technology improves. AI tools will proactively scan code for compliance violations and enforce security policies. While AI won’t completely automate this process in the near term, the shift to intelligent automation will help improve security and efficiency.
4. SBOMs will become a requirement, not just a best practice
AI requires testing, guardrails, and management by humans and other tools, especially regarding security. A dynamic software bill of materials (SBOM) can give agencies full visibility into the license and security risks associated with their software, including any open source components.
SBOMs help agencies understand exactly what’s in their software and what security risks might exist. The lists update automatically to show real-time information about potential problems.
GitLab research has shown that use of open source software is on the rise: 67% of developers say that at least a quarter of the code bases they work on is from open source libraries. However, only 21% of respondents say they are currently using SBOMs to improve the security of the software development lifecycle.
As we move into 2025, SBOMs will become central to federal cybersecurity efforts. Defense agencies will lead the way, and civilian agencies will follow. The increased adoption of SBOMs will help defense and civilian agencies verify that nation-state actors have not made malicious contributions, promoting transparency and accountability within the federal government.
Many agencies will likely require companies they work with to provide SBOMs — and potentially refuse to work with vendors that cannot comply.
Read more about SBOMs and why they’ve become an integral part of modern software development.
Looking ahead: From risk to resilience
As cyber threats continue to evolve, a strong security posture is essential. Agencies are finding creative ways to use AI to improve their security. By using AI to automate tasks, find problems quickly, and modernize old systems, agencies can better protect their critical information and systems. These investments in AI and security will help agencies stay ahead of future threats and safeguard critical assets.
How to build a resilient software development practice
In the rapidly evolving world of software development, enterprise leaders face a critical challenge: how to guide their teams to meet today’s business demands and adapt to tomorrow’s uncertainties. This guide presents a strategic approach to implementing a standardized software development platform, ensuring systems are secure by design, and empowering high-performing teams to lead by example.
Key takeaways
- AI is becoming essential for federal cybersecurity, enabling agencies to detect and prevent cyber threats in minutes rather than days. However, human oversight remains crucial for guiding AI systems and validating their decisions.
- Legacy code poses a major security risk, with 70% of vulnerabilities stemming from outdated systems. AI-powered tools will help agencies modernize their code bases and transition to more secure programming languages.
- Software bills of materials (SBOMs) will become mandatory for federal contracts, giving agencies better visibility into their software supply chains and associated security risks. Vendors unable to provide SBOMs may lose opportunities.