Research Library

Tracking Cybersecurity Policy Developments Across State Legislatures: 2025 Enacted Legislation

By: Shannon Pierson, Sree Varsha Bhanoor

A new report from researchers at the Center for Long-Term Cybersecurity’s Public Interest Cybersecurity Program presents a first-of-its-kind empirical analysis of every cybersecurity-related bill enacted in all 50 states during the 2025 legislative sessions. The research identifies nationwide patterns in the cyber policy issues states addressed, the regulatory approaches they adopted, and the entities and sectors they chose to regulate.

Agentic AI Risk-Management Standards Profile

By: Nada Madkour, Jessica Newman, Deepika Raman, Krystal Jackson, Evan R. Murphy, Charlotte Yuan

A new paper authored by researchers from the Center for Long-Term Cybersecurity’s Artificial Intelligence Security Initiative (AISI) focuses on “AI agents” or “agentic AI,” AI systems that can autonomously pursue goals and take actions with little to no human oversight, often through interaction with external environments and tools.

AI Risk-Management Standards Profile for General-Purpose AI (GPAI) and Foundation Models v1.2

Coming soon… The General-Purpose AI Risk-Management Standards Profile (“GPAI Profile”) Version 1.2 is planned for release in March 2026. View Version 1.1 released in January 2025. Contact Nada…

Toward Risk Thresholds for AI-Enabled Cyber Threats: Enhancing Decision-Making Under Uncertainty with Bayesian Networks

By: Krystal Jackson, Deepika Raman, Jessica Newman, Nada Madkour, Charlotte Yuan, Evan R. Murphy

Artificial intelligence (AI) is increasingly being used to augment and automate cyber operations, altering the scale, speed, and accessibility of malicious activity. For example, AI can be used…

Securing Mutual Aid: Cybersecurity Practices and Design Principles for Financial Technology

By: Elijah Baucom, Anna Lanzino, Yvette Vargas, Nicholas Perematko

Mutual aid organizations, such as food banks, disaster relief, direct cash assistance, and bail funds, serve as critical community pillars, yet their efforts are increasingly under threat in…

Enhancing Cyber Resilience for Equitable Healthcare: Analysis of Cyberattacks Targeting Sexual and Reproductive Facilities and Services

By: Pavlina Pavlova

Healthcare is among the most targeted and vulnerable sectors for cyberattacks. Sexual and reproductive health (SRH) facilities and services in particular face financially motivated ransomware attacks and data…

Building Trust: Quantifying Use of the .gov Domain Below the Federal Level

By: Chris Babcock

Trust in digital government services relies on users’ ability to verify that websites and emails genuinely represent official institutions. The .gov top-level domain (TLD), managed by the Cybersecurity…

A Path to Long-Term Cyber Resilience for Under-Resourced Organizations

By: Michael Razeeq

Across the United States, state, local, tribal, and territorial governments (“SLTTs”), small- and medium-sized businesses (“SMBs”), and nonprofits are frequently targeted in cyber attacks, leading to significant financial…

Economics of Cyber Policies for Critical Care

By: Aden Klein

  Cyberattacks are a pressing threat to hospital operations, patient health data, and, most importantly, patient lives. Cybersecurity insurance has become a key component of resilience for the…

The Roadmap to Community Cyber Defense: A Path Forward from the Cyber Resilience Corps

By: Sarah Powazek, Grace Menna

Community organizations — including nonprofits, hospitals, schools, local utilities, city governments, and small businesses — deliver vital services to the public, but they are often the least prepared to…