The White House’s proposed fiscal 2027 budget includes a $707 million reduction to CISA, significantly decreasing funding, building on earlier reductions, including a third of its workforce, and further scaling back the agency’s overall budget.
The budget outlines a shift in CISA’s focus toward federal network defense and critical infrastructure protection, while proposing cuts to programs related to external engagement, international affairs, and certain information-related initiatives. Previous proposals from the administration have also targeted reductions in staffing and program consolidation.
The White House’s 2026 budget tried to cut about $491 million from CISA’s spending, but Congress eventually only approved a reduction of approximately $135 million.
The new proposal will require approval from Congress, where funding levels and program priorities may be revised as part of the appropriations process.
Doc McConnell, Head of Policy and Compliance, Finite State serves up this insight:
“When CISA was created in 2018, it was built on a recognition that cybersecurity is a shared problem that no single organization can solve alone. CISA’s value lies in the connective tissue it creates, early warning of emerging threats, coordinated vulnerability assessment, and remediation, and partnerships with state and local governments and critical infrastructure operators that bolster our national resilience.
“That mission is more urgent than ever. Nation-state adversaries are actively and strategically exploiting weaknesses in U.S. cyber defenses, and sophisticated threat actors are targeting critical infrastructure with increasing persistence. While manufacturers bear responsibility for the cybersecurity of their products, including proactively identifying and remediating vulnerabilities and managing supply chain risk. Those efforts are most effective when backed by a strong government cybersecurity function. Now is the time to strengthen our collective ability to detect and respond to threats, not reduce it.”
Aaron Colclough, VP of Operations, Suzu Labs adds this comment:
“The FY2027 budget proposal ties CISA to a refocus away from weaponization and waste, which tracks with a lot of this administration’s stated priorities for the term. The examples in the text stay high-level, so it is still unclear what exactly would be cut; nothing maps dollars to line items. That vagueness overlaps with functions or offices that were already reduced, so we’re not in a position to say what is net-new from the wording alone. This looks like the president’s usual high opening bid before Congress settles the real numbers.”
John Carberry, Solution Sleuth, Xcape, Inc.:
“The proposed $707 million reduction to CISA signals a retreat from the public-private partnership model, effectively ending the agency’s role as a primary intelligence collaborator for the commercial sector. By eliminating the Stakeholder Engagement Division and the Joint Cyber Defense Collaborative (JCDC), the administration is forcing enterprise security teams to manage nation-state threats without a centralized federal clearinghouse. This shift places the entire burden of national collective defense onto individual firms at a time of unprecedented geopolitical volatility.
“Security leaders must immediately de-risk their dependency on CISA for threat telemetry and sector-specific alerts, instead prioritizing deeper involvement in private Information Sharing and Analysis Centers (ISACs) and direct vendor partnerships. Since CISA will pivot its remaining resources almost exclusively toward federal network defense, organizations should also prepare for more aggressive compliance enforcement on federal contractors rather than collaborative support.
“It turns out “Shields Up” was a limited-time offer.”
Seemant Sehgal, Founder & CEO, BreachLock had this comment:
“You don’t cut the fire department and then wonder why buildings burn. CISA isn’t the bureaucratic overhead, for practitioners it’s the lifeline between government intelligence and the private sector running the infrastructure this country depends on. Cutting its budget by $707 million, on top of what’s already been cut, is a gift to every nation-state actor that’s been quietly targeting U.S. critical infrastructure.”
This is a pretty dumb idea from the White House. Though I am not shocked by this as this is how this administration rolls. And I suspect it will not take long for this administration to figure out how dumb this idea is.
Meta pauses work with Mercor after supply chain breach raises risk to AI training data
Posted in Commentary with tags Facebook on April 6, 2026 by itnerdAs first reported by Wired on Friday, Meta has paused all work with AI data startup Mercor following a confirmed security breach linked to a supply chain attack involving the LiteLLM open-source project, which impacted thousands of organizations globally.
Mercor, which provides proprietary training data to major AI companies including Meta, OpenAI, and Anthropic, said it was among those affected and has launched an investigation with third-party forensic experts.
The breach raised concerns about potential exposure of sensitive AI training data and internal datasets, which are used to develop and fine-tune large language models. Reports indicate that Mercor’s systems were impacted as part of a broader compromise involving malicious updates to widely used AI tooling, though it remains unclear what specific data was accessed.
Michael Bell, Founder & CEO, Suzu Labs had this comment:
“The Mercor breach is what happens when the companies building the most valuable AI models in the world outsource the creation of their training data to vendors running on Airtable and shared passwords. A single poisoned open-source package gave attackers VPN credentials, and from there they walked through Mercor’s systems and took 4TB of proprietary datasets, source code, and contractor PII.
“We’ve been investigating these AI data vendors for months and found the same structural failures at Sama, Teleperformance, Scale AI, and Cognizant we see unrotated credentials, info-stealer infections on contractor endpoints, and access controls that don’t exist. The training data behind every major frontier model is sitting inside vendors that wouldn’t pass a basic security audit, and now that data is on an extortion site. This is a national security problem dressed up as a vendor management failure.”
Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc. adds this comment:
“This incident alerts us that AI training data should be treated as critical infrastructure, subject to stricter security scrutiny and regulation.
“The breach also underscores the risks of relying directly on open-source projects in enterprise environments. Supply chain attacks, like the compromised LiteLLM library in this case, can introduce vulnerabilities at scale and expose highly sensitive data.
“At a minimum, enterprises should adopt thoroughly tested and commercially supported versions of such components, with stronger security guarantees and accountability.”
Noelle Murata, Sr. Security Engineer, Xcape, Inc. provided this comment:
“Meta’s indefinite suspension of its partnership with Mercor underscores how the AI industry’s rush to outsource training data has effectively liquidated billions in proprietary methodology. By allowing a poisoned version of the LiteLLM gateway (versions 1.82.7 and 1.82.8) to persist in their environment, Mercor gifted attackers 4 TB of data, including the precise “secret sauce” protocols Meta and OpenAI use to tune their models.
“This was not a sophisticated zero-day; it was a basic supply chain failure where a compromised security scanner (Trivy) was used to poison a niche dependency that nobody bothered to pin. For anyone surprised that an autonomous, interconnected AI stack would eventually expose sensitive data to the internet, the lesson is clear.
“If you are not auditing your data vendors for basic dependency hygiene, your IP is already public property. Defenders must immediately scan for litellm_init.pth files, which provide stealthy persistence on every Python startup, and rotate all LLM provider API keys and cloud tokens. Protecting training integrity now requires treating every AI data broker as a high-risk production endpoint and enforcing strict, pinned Software Bill of Materials (SBOM) standards.
“If your AI supply chain is this leaky, you are not training a model; you are just broadcasting a technical manual to Lapsus$.”
Supply chain vulnerabilities are real. If your organization doesn’t take them seriously, your organization will get pwned. It’s as simple as that. And you can double that if AI is involved.
Leave a comment »