The agency responsible for defending America’s civilian digital infrastructure is getting smaller at precisely the moment the threats are getting smarter. CISA, the Cybersecurity and Infrastructure Security Agency, has shed roughly 1,000 employees since January 2025, amounting to about one-third of its total workforce.
The numbers tell a grim story
The Trump administration’s proposed FY2026 budget calls for a 17% funding cut to CISA, translating to approximately $420 to $495 million less in operational spending. The agency plans to eliminate 1,083 positions under that proposal, and a further $707 million cut has been floated for FY2027.
Specific divisions are absorbing disproportionate damage. The Stakeholder Engagement Division, which coordinates directly with private-sector operators, has lost 96 of its 189 staff members. That’s a 62% reduction in the team whose entire job is helping companies defend themselves.
The National Risk Management Center faces a 73% budget cut. Support for the Multi-State Information Sharing and Analysis Center, known as MS-ISAC, has been reduced by $10 million. Funding for the Elections Infrastructure ISAC has been eliminated entirely.
Lisa Einstein, CISA’s former chief AI officer, announced her resignation in February 2025.
AI threats are no longer hypothetical
Google confirmed the first AI-generated zero-day exploit capable of bypassing two-factor authentication in May 2026. An AI system independently discovered and weaponized a software vulnerability that could defeat one of the most common security measures protecting everything from bank accounts to crypto exchange logins.
Former officials and industry leaders have voiced concerns that CISA no longer has the capacity to help utilities, banks, and other critical infrastructure operators prepare for this wave of AI-fueled cyberattacks.
What this means for crypto and digital assets
CISA’s ISACs have historically served as early-warning systems, sharing threat intelligence across sectors. With MS-ISAC funding cut by $10 million and the Elections Infrastructure ISAC defunded entirely, that early-warning network is degraded.
Large, well-capitalized platforms like Coinbase or Kraken can afford to build out internal security teams and purchase enterprise-grade threat intelligence. Smaller protocols and DeFi platforms, which already struggle with security budgets, face a widening vulnerability gap.
Threat intelligence from agencies like CISA often comes with classified context that no private firm can replicate. The kind of attribution work that identifies whether an attack originated from a North Korean state group or a freelance ransomware crew requires resources that live inside government infrastructure.