Defending at the Speed of Innovation: 4 Takeaways from the 2026 National Cyber Innovation Forum

How can the United States combat adversaries operating at machine speed?

What does it take for defenders to act faster without breaking the trust that security depends on?

How can national security and private industry collaborate more effectively?

Can AI give defenders the advantage?

The fourth annual National Cyber Innovation Forum addressed these essential questions head-on. Held at the U.S. Capitol in Washington, D.C. on May 21, the invitation-only forum convened senior leaders from across government, industry, and technology for candid, strategic conversations on national security, defending critical infrastructure, and technology innovation. Forgepoint was honored to co-host the forum alongside the National Security Institute (NSI) at George Mason University, Carahsoft, Snowflake, Forescout, and numerous supporting sponsors.

As the program unfolded, leaders from the U.S. federal government, including the White House and National Security Council, the Departments of War and Energy, the FBI and NSA, and Congress, shared the stage with private industry innovators from frontier AI labs, defense tech companies, venture capital firms, and cyber and AI startups. The dialogue reflected the scale and urgency of the challenges ahead, with conversations spanning AI and national defense, cyber resilience, fraud prevention, energy security, workforce development, and emerging technology.

Four themes from the forum stood out, each pointing to the outlook for cyber, AI, and national security in the next year.

1) Speed is central

Tempo was a major through-line across sessions. Government and industry leaders discussed a threat environment that moves at machine speed and a defensive posture operating a step behind it, weighed down by legacy controls and accumulated technical debt.

The speed of AI is rewriting the assumptions at the core of cybersecurity programs, both in defending against AI-enabled threats and in adopting AI to counter them. Federal agencies are rethinking how they handle vulnerability management, disclosure, and remediation, recognizing that traditional human-paced controls can’t keep up. Frontier AI labs are engineering models for speed in enterprise and government contexts, balancing responsible use with quick adoption. Startup and enterprise innovators are partnering with military and defense leaders, testing and deploying new defense technology in rapid cycles to enhance national security. In federal payment systems, agencies are partnering with private industry to close policy and implementation gaps and fight against real-time fraud threats.

Across the board, AI and cyber technology adoption velocity is becoming a differentiator and difference maker in national security and private industry.

2) Public-private collaboration must become the operating model

National security and industry leaders have long called for increased public-private partnerships. At this year’s forum, the message became more urgent than ever.

Industry is now central to national resilience. Government systems and critical infrastructure are largely built, owned, and operated by private companies. Yet, U.S. public-sector capacity and partnership with private industry have not kept pace with adversaries. Case in point: China’s ability to direct its private sector with state backing to marshal cyber operations and AI innovation at an unmatched scale.

Leaders across the spectrum of industries and political parties at the forum agreed that defending government and civilian networks must become a shared national priority. The private sector has the capacity to deliver technological innovation with the necessary speed, talent, and reach, while the public sector’s security intelligence can be applied to strengthen key systems and infrastructure. As the shared mission accelerates, national resilience will depend upon both commercial technology and guidance from government agencies.

3) From defense to advantage

For decades, cybersecurity operators have faced a structural disadvantage. Attackers only need to succeed once, while defenders have to close every gap. Several forum sessions pointed to a shift in the dynamic as AI and a more assertive posture give defenders a chance to contest that asymmetry.

Offensive capabilities are gaining traction across public and private sectors. Federal agencies, including the FBI, are using offensive capabilities to take down and seize adversary infrastructure. The private sector is increasingly applying offensive techniques to test and strengthen systems and security controls. Demand is moving from reactive approaches that absorb attacks to proactive technologies that anticipate and disrupt them.

In addition, advanced AI has the potential to enable defenders to find and close vulnerabilities as fast as or faster than attackers can exploit them. The constraint here centers on real concerns around AI trust and security that slow adoption. Leaders should weigh the risks of deploying a given AI capability, and the controls available to manage them, against the risks of declining to deploy it and ceding the advantage to an adversary.

The opportunity to empower defenders is real but conditional. Innovators building credible AI and offensive security capabilities are positioned to help public and private cyber operators contest the asymmetry, but only if organizations and agencies are willing to take a more proactive posture.

4) Speed only strengthens security when it is built on trust

The most durable insight of the day cut against the grain: speed without trust is fragile. Public and private organizations must rebuild the trust layer of security to run at machine speed rather than treating it as the brake on velocity.

Consider the domain of security assurance and compliance. Periodically verifying security posture may meet compliance expectations, but adversaries don’t wait for the next audit cycle. Continuous assurance needs to become the standard to make compliance an operational outcome rather than a snapshot of a moment in time. When treated as a growth strategy rather than a compliance cost, continuous assurance becomes an advantage for the institutions that adopt it.

Questions of data and technology ownership and sovereignty also took center stage. Data sovereignty has moved beyond compliance to become a structural national security imperative. Public and private security leaders are interrogating where AI data and computation reside, and how to secure open-source code underpinning critical infrastructure amid a wave of attacks.

Sovereignty and assurance are key design constraints that innovators must build around and adopters must plan for, in where data lives, where models run, and the code their platforms depend on. The next category leaders will not simply deploy new capabilities the fastest: they will create machine-speed technologies that organizations trust enough to deploy in mission-critical systems.

Bridging the gap between machine speed and human institutions

Technologies and attacks now operate at machine speed while our institutions lag behind. This year’s NCIF delivered a working answer to the problem: not to simply move faster, but to rebuild the connective tissue of national defense, public-private partnerships, continuous assurance, and sovereignty by design so trust can move at the speed of the threats we face.

We are grateful to everyone who joined us at the Capitol to advance that work, and we look forward to convening this community again next year.

With appreciation

Thank you to the speakers and moderators who shared their insights:

• Colin Ahern, Director of Security & Intelligence, State of New York
• Dmitri Alperovitch, Executive Chairman, Silverado Policy Accelerator
• Nick Andersen, Acting Director, CISA
• Katie Arrington, CIO, IonQ
• Rep. Don Bacon (R-NE)
• Robert Bair, Head of Cyber & National Security Policy, Anthropic
• Doug Barbin, President, Schellman
• Aaron Bishop, Acting Principal Deputy CIO, Department of War
• Tatyana Bolton, Principal, Head of Cyber Practice, Monument Advocacy
• Alexei Bulazel, Special Assistant to the President, Senior Director for Cyber, National Security Council
• Sam Corcos, CIO, Department of the Treasury
• Alex Fitzsimmons, Associate Deputy Secretary of Energy, Department of Energy
• Laura Galante, Senior Fellow, Center for European Policy Analysis
• Billy Gouveia, CEO & Founder, Surefire Cyber
• Todd Hemmen, Deputy Assistant Director, Cyber Capabilities Branch, FBI
• Jamil Jaffer, Founder & Executive Director, National Security Institute; Venture Partner, Paladin Capital Group
• Sam Jones, CEO & Founder, Method Security
• Alison King, Vice President of Government Affairs, Forescout Technologies
• Benjamin Kohlmann, Assistant Secretary of the Navy, Department of War
• Ashutosh Kulkarni, CEO, Elastic
• Ambuj Kumar, CEO, Simbian
• Joseph Larson, VP & Head of Government, OpenAI
• Anup Malani, Chief Economist, Centers for Medicare & Medicaid Services
• Earl G. Matthews, General Counsel, Department of War
• Joe McCaffrey, CISO, Anduril Industries
• Andrew McCarthy, CTO, Task Force to Eliminate Fraud, The White House
• Dr. Alina Polyakova, President & CEO, Center for European Policy Analysis
• Ramesh Ponnuru, Editor, National Review
• Brandon Pugh, Principal Cyber Advisor, U.S. Army
• Clayton Romans, Associate Director, Joint Cyber Defense Collaborative, CISA
• Matthew Rose, Head of Corporate & Government Affairs, Snowflake
• Christopher Steed, CIO & Managing Director, Paladin Capital Group
• Eric Stride, CSO, Huntress
• Katherine Sutton, Assistant Secretary of War for Cyber Policy, Department of War
• Darren Turner, Senior Executive, NSA
• Rep. James Walkinshaw (D-VA)
• Mike Walsh, President, Forescout Technologies
• Alex Whitworth, Director, Sales, Carahsoft

Our thanks to the co-sponsors who made the forum possible: the National Security Institute (NSI) at George Mason University’s Antonin Scalia Law School, Carahsoft, Forescout, Snowflake, Booz Allen Hamilton, DataTribe, Knox Systems, Okta, Paladin Capital Group, Palo Alto Networks, Schellman, Akin Gump Strauss Hauer & Feld, CoreStack, SailPoint, Gula Tech Adventures, IQT, Surefire Cyber, Ark Strategy, and WorldWideTech.

With Andrew McClure, Alberto Yépez, Timothy Neslony, Ernie Bio, Shane Shook, and the Forgepoint team.