Skip to content
Sign Up for Our Newsletter
About
Close About
Open About
About the Institute for Security and Technology
Our Team
Board Of Directors
Careers
Contact Us
Featured Events
Cyber Policy Awards
Critical Effect DC
Projects
Close Projects
Open Projects
AI and NC3
Pioneering action-oriented efforts to explore how advanced AI capabilities will be integrated into nuclear command, control, and communications
AI Antitrust and National Security
Exploring how to more effectively account for national security considerations in AI antitrust cases while respecting precedent, scope, and the core principles of antitrust law
AI Risk Reduction Initiative
Assessing the emerging risks and opportunities of AI foundation models and developing risk reduction strategies
AI Chip Export Control Initiative
Safeguarding U.S. national competitiveness by closing critical compliance and enforcement gaps
AI Risk Barometer
Measuring national security professionals’ perceptions of AI futures through a technically-informed survey
CATALINK
Preventing the onset or escalation of conflict by building a resilient global communications system
Energy FIRST
Powering U.S. and allied security & prosperity through a resilient energy future
Ransomware Task Force (RTF)
Combating the ransomware threat with a cross-sector approach
Religious Voices and Responsible AI
Engaging religious communities on safe and beneficial AI
SL5 Task Force
Strengthening AI security through a multistakeholder approach
UnDisruptable27
Driving more resilient lifeline critical infrastructure for our communities
All Projects
» Explore all of IST's projects, past and current
Focus Areas
Future of Digital Security
Geopolitics of Technology
Innovation and Catastrophic Risk
Events
Insights
Contact
Search
Donate
Archive
Report
Report
Comparative Analysis of National and Regional Product Cybersecurity Frameworks
Author Taylor Roberts presents a structured, data-driven analysis of product cybersecurity frameworks across multiple jurisdictions for policymakers.
Australia
,
comparative analysis
,
cyber
,
Cyber Resilience Act
,
EU
,
FAR
,
product cybersecurity
,
South Korea
March 19, 2026
Report
AI Loss of Control Risk: Indications & Warning
Though technologists and policymakers alike are eager to address AI Loss of Control–a state in which an AI system diverges from authorized constraints–there are significant gaps in the ways stakeholders understand, anticipate, and perceive this risk. "AI Loss of Control Risk" proposes applying the Indications & Warning (I&W) methodology used by the intelligence community to monitor this risk.
AI
,
AI Loss of Control
,
artificial intelligence
,
deception
,
model drift
,
risk reduction
,
scheming
February 19, 2026
Report
Fighting Cyber-Enabled Fraud: A Systemic Defense Approach
Phishing and cyber-enabled fraud are escalating global threats affecting users, consumers, organizations and countries alike. A new white paper, developed by the World Economic Forum’s Partnership against Cybercrime in collaboration with IST, presents a systemic defense framework to confront this challenge.
cybersecurity
,
DNS
,
fraud
,
ICANN
,
phishing
,
systemic defense
,
WEF
December 2, 2025
Report
The Missing Middle: How to Close America’s Deep-Tech Financing Gap in Strategic Competition with China
The United States and China are locked in competition to finance & deploy foundational technologies that will underwrite economic leadership and ensure national security for decades to come. Building on the prior work of IST’s Strategic Balancing Initiative, "The Missing Middle" digs into the systematic gap between early-stage capital and late-stage financing facing American deep-tech companies and the strengths and weaknesses of China's bifurcated system.
capital
,
China
,
deep tech
,
finance
,
hardware
,
national security
,
quantum
,
venture capital
October 31, 2025
Report
AI, NC3, and Strategic Stability: Scenario Exercise
How might the integration of AI into global NC3 systems transform strategic stability and deterrence dynamics? In Washington, D.C. this spring, IST convened more than 60 senior officials, technical experts, and civil society actors for an in-depth analysis of the risks and opportunities of AI in NC3 using this scenario exercise.
adaptive targeting
,
AI
,
decision support
,
nuclear
,
nuclear command
,
scenario
,
strategic warning
,
TTX
October 16, 2025
Report
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerability identifiers has been a core element of software security since 1999. But recent funding issues have laid bare fundamental challenges, and without action, the vulnerability identification landscape will fragment. This report provides recommendations for global policymakers on how to reimagine the CVE Program for the next 25 years.
Common Vulnerabilities and Exposures
,
CVE
,
Global Vulnerability Catalog
,
National Vulnerability Management Program
,
software
,
vulnerability identification
,
vulnerability management
October 8, 2025
Report
Artificial Intelligence in Nuclear Command, Control & Communications: A Technical Primer
AI has been integral to nuclear weapons systems and operations for decades, but rapidly advancing “novel” models pose unforeseen technical opportunities. For the Institute for Security and Technology’s scenario-driven workshop on the integration of AI into NC3 systems, IST’s Sylvia Mishra and Philip Reiner co-authored a short primer to establish what constitutes 'novel' AI in the context of nuclear weapons decision-making.
AI
,
artificial intelligence
,
NC3
,
nuclear
,
system of systems
September 10, 2025
Report
Improving Private Sector Cyber Victim Notification and Support
Building off the Cyber Safety Review Board’s recommendation that cloud service providers work with mobile device platform vendors to develop an “amber alert”-style notification mechanism, IST Adjunct Advisor Rob Knake explores the challenges to developing the native-notification concept and lays out a roadmap for overcoming them.
cyber
,
incident response
,
Victim Notification
August 14, 2025
AAR
,
Report
Exercise VEIL STORM I: After Action Report
In partnership with Europol, the Institute for Security and Technology and the Ransomware Task Force’s International Engagement Working Group designed and delivered Exercise VEIL STORM I, a tabletop exercise focused on operational collaboration across international law enforcement agencies and private sector firms in responding to cyber incidents. This after-action report summarizes the proceedings and key takeaways of the exercise.
cyber insurance
,
cybersecurity
,
disruption
,
Europol
,
information sharing
,
operational collaboration
,
public-private collaboration
,
Public-private partnerships
,
Ransomware
July 23, 2025
Report
Plan directeur de défense contre les rançongiciels
En réponse à la mesure 3.1.1 du rapport du Groupe de travail sur la lutte contre les rançongiciels, qui recommande à la communauté de la cybersécurité d’« élaborer un cadre clair de mesures exécutables d’atténuation, d’intervention et de récupération relatives aux rançongiciels », le Groupe de travail sur le Plan directeur de défense contre les rançongiciels a intégré au présent document un sous-ensemble structuré de mesures de protection essentielles en matière de cyberhygiène3, puisées dans le site Web Contrôles de sécurité essentiels du contrôles du CIS® v8.
blueprint
,
cybersecurity
,
defend
,
protect
,
Ransomware
,
respond
July 14, 2025
Report
Nuclear Command, Control, and Communications (NC3): A Primer on Strategic Warning, Decision Support, and Adaptive Targeting Subsystems
Originally drafted to guide substantive discussions for a scenario-driven workshop hosted by IST in Washington, DC on the risks and opportunities of AI integration in NC3, this primer provides a technical and in-depth overview and analysis of strategic warning, decision support, and adaptive targeting subsystems that comprise the NC3 “system of systems.”
adaptive targeting
,
decision support
,
NC3
,
NC3 architecture
,
nuclear
,
strategic warning
,
system of systems
July 7, 2025
Report
Securing the Signal: Mitigation Strategies to Strengthen Crisis Communication Channels
As global norms are challenged and emerging technologies accelerate, crisis communication systems between nuclear-armed states face urgent new threats. This report identifies four critical scenarios and outlines a matched set of mitigation strategies designed to reinforce the reliability of crisis communications in high-stakes environments.
CATALINK
,
cold war
,
crisis communications
,
electromagnetic pulse
,
EMP
,
escalation
,
miscalculation
,
nuclear
May 28, 2025
AAR
,
Report
Strengthening Nuclear Crisis Communications: Steps to Implement Mesh Networks to Enhance Resilience & Security
To advance work on secure crisis communications, IST convened a diverse group of experts for a technical workshop to explore potential avenues for improving the resilience of nuclear crisis communications networks, including IST’s CATALINK Initiative. In this report, IST’s Christian Steins shares critical takeaways from their discussion.
crisis communications
,
mesh network
,
nuclear weapon state
,
resilience
,
ROCCS
May 22, 2025
Report
Enhancing Cyber Resilience through Insurance: Revisiting Anti-Bundling Regulation
In Enhancing Cyber Resilience Through Insurance, authors Sophia Mauro and Taylor Grossman make the case that cyber insurance has the strategic potential to go beyond consequence management, actually helping its insureds achieve better proactive, pre-incident cybersecurity.
cyber insurance
,
cyber resilience
,
cyber risk
,
cyber threats
,
insurance
,
Ransomware
,
risk-mitigation
,
underwriting
April 28, 2025
Report
Navigating AI Compliance, Part 2: Risk Mitigation Strategies for Safeguarding Against Future Failures
"Navigating AI Compliance, Part 2: Risk Mitigation Strategies for Safeguarding Against Future Failures" presents 39 risk mitigation strategies co-created by a multistakeholder working group of experts that aim to avoid institutional, procedural, and performance failures of AI systems.
AI
,
artificial intelligence
,
compliance failure
,
infrastructure protection
,
institutional failures
,
performance failures
,
procedural failures
,
risk reduction
March 20, 2025
Report
Deterring the Abuse of U.S. IaaS Products: Recommendations for a Consortium Approach
Informed by a year of working group discussions with IaaS providers and other experts, authors Steve Kelly and Tiffany Saade make recommendations for how a consortium to join the Abuse of IaaS Products Deterrence Program, powered by AI and privacy-preserving technologies such as federated learning, could be shaped to best accomplish the government’s overall objective of deterring abuse.
AI
,
cloud
,
federated learning
,
Infrastructure-as-a-Service
,
Trust and Safety
February 27, 2025
Previous
Page
1
Page
2
Page
3
Page
4
Page
5
Next
Search
Search
Home
About
CATALINK BRIEF
FAQ
Our Team
Why do we need crisis communications?
Activities
Events
Insights
Podcasts
Press
Get In Touch
