State Department Exploring AI Integration Into Software Security Testing

The Department of State’s Bureau of Diplomatic Security is developing a continuous integration/continuous delivery pipeline that involves using artificial intelligence to automate end-to-end testing of software under development.

“The more that it is automated and the more … code that is built by constant best practices and that is not modified by a human, then the better it is,” said Manny Medrano, director of cybersecurity monitoring and operations at the State Department, on Federal Insights-Best Practices in Secure Software Development.

Medrano acknowledged the risks that come with using artificial intelligence for cybersecurity but noted that such risks can be reduced by involving humans in the automated processes to validate the findings, Federal News Network reported.

The cybersecurity director said his office is working with the industry to perform penetration testing of AI models and systems.

Medrano shared that the State Department employs blue and read teams comprising cybersecurity experts to assess the security of various applications and identify the strengths and weaknesses of systems, respectively.