U.S. cybersecurity officials are considering one of the most aggressive overhauls of federal cyber defense policy in years, as fears grow that a new generation of artificial-intelligence systems could dramatically accelerate the speed and scale of cyberattacks against government networks.

According to people familiar with the discussions cited by Reuters, officials are weighing plans to slash the time federal civilian agencies have to fix actively exploited software vulnerabilities from the current two-to-three-week average to just three days.

The proposal reflects mounting anxiety inside Washington that advanced AI models are rapidly transforming cyber operations from a largely human-driven process into one increasingly automated, scalable, and capable of operating at machine speed.

Those concerns are centered on sophisticated AI systems such as Anthropic’s Mythos and OpenAI’s GPT-5.4-Cyber, which security researchers and policymakers fear could significantly reduce the technical expertise and time traditionally required to conduct advanced hacking campaigns.

For years, cybercriminals have used automation and machine learning to improve phishing schemes, malware generation, and reconnaissance. But cybersecurity officials say the latest frontier models appear capable of going much further: rapidly identifying previously unknown vulnerabilities, analyzing newly disclosed flaws within minutes, generating exploit code, and coordinating multi-stage intrusion campaigns with limited human involvement.

That shift is fundamentally altering how governments think about defense. Until recently, organizations often had weeks or even months between the public disclosure of a software flaw and the appearance of large-scale exploitation campaigns. Officials now worry that AI-assisted attackers may compress that timeline to mere hours.

“If you’re going to protect civil agencies, you’re going to have to move faster,” said Stephen Boyer, founder of cybersecurity firm Bitsight, which has previously assisted the Cybersecurity and Infrastructure Security Agency in cataloguing vulnerabilities. “We don’t have as much of a window as we used to have.”

The discussions are reportedly being led by acting CISA director Nick Andersen and U.S. national cyber director Sean Cairncross, according to sources familiar with the matter.

The proposal centers on CISA’s Known Exploited Vulnerabilities database, commonly known as the KEV catalog. The list tracks software flaws already being actively exploited by criminal organizations or state-backed hacking groups and serves as a mandatory remediation guide for federal agencies.

Historically, agencies were generally given around three weeks to patch vulnerabilities once they were added to the KEV list, according to cybersecurity researcher Glenn Thorpe. That timeline has gradually shortened in recent years, but a universal three-day standard would represent a dramatic escalation in urgency.

The move underscores how seriously U.S. officials are beginning to view the intersection between AI and offensive cyber capabilities. Some security analysts compare the current moment to the arrival of industrial automation in manufacturing: cyberattacks that once required teams of highly skilled operators may increasingly become partially automated workflows assisted by AI reasoning systems.

That prospect is especially alarming for governments because it could allow smaller criminal groups or less sophisticated state actors to conduct operations previously reserved for elite hacking units.

The concern extends well beyond federal agencies. Industry executives expect any tighter CISA standards to quickly influence state governments, contractors, hospitals, utilities, banks, and other critical infrastructure operators.

“This is a signal to others that says, ‘Hey you need to do this more quickly,’” said Nitin Natarajan, former deputy director of CISA under President Joe Biden and now head of NN Global.

Natarajan said accelerating patch timelines makes strategic sense given the speed of emerging threats, but warned the federal government may lack the resources necessary to sustain such an aggressive posture.

“We’ve seen a reduction in their resources, both in funding and expertise,” he said.

That concern reflects broader strain across the U.S. cyber apparatus.

CISA has faced repeated budget pressures, staffing reductions, and operational disruptions tied to government shutdown fights under President Donald Trump. Former officials and private-sector analysts warn that compressing deadlines without significantly increasing staffing, automation, and coordination could overwhelm already stretched cybersecurity teams.

The challenge is particularly acute in large enterprise environments, where applying patches is rarely straightforward. Major organizations often operate thousands of interconnected systems that involve legacy software, third-party vendors, industrial controls, and sensitive operational technology. Security updates typically require testing, compatibility reviews, and staged deployment processes to avoid outages or operational failures.

“Realistically, three days is simply impossible for some environments,” said Kecia Hoyt, vice president at threat intelligence firm Flashpoint.

John Hammond, senior principal security researcher at Huntress, said the proposed timeline would represent “quite a change” for the industry.

While Hammond said he was cautiously optimistic about the push for faster remediation, he added that “only time will tell how well the industry keeps up.”

The discussions are unfolding amid broader concerns that the global AI race is beginning to outpace the development of security guardrails and governance frameworks.

In recent months, frontier AI developers have faced increasing scrutiny over whether advanced models could assist cyber intrusions, biological research, or other high-risk activities. Several governments have quietly expanded national-security reviews of AI systems capable of advanced reasoning, coding, and autonomous task execution.

The banking industry has become particularly sensitive to the issue. Financial regulators in the United States, Europe, and Asia have reportedly intensified reviews of AI-related cyber risks amid fears that automated attacks could target payment systems, trading infrastructure, and customer data on an unprecedented scale.

At the core of Washington’s concern is a growing realization that cybersecurity doctrines built for the pre-AI era may no longer be sufficient. For decades, defenders largely relied on the assumption that discovering, weaponizing, and operationalizing vulnerabilities required time, expertise, and coordination. AI may now be eroding all three barriers simultaneously.

If that proves true, cybersecurity could shift from a contest measured in weeks and days to one increasingly measured in hours and minutes — forcing governments and corporations alike into a far more reactive and relentless security posture.

The tech industry’s aggressive push into artificial intelligence is creating a paradox that few saw coming: massive capital spending on AI infrastructure is coinciding with widespread layoffs, even as many companies admit that human labor remains cheaper than AI in most real-world applications today.

Meta’s announcement last week that it would cut roughly 10% of its workforce, about 8,000 jobs, and scrap plans to fill 6,000 open positions was framed internally as a necessary efficiency move. In the memo, the company said the reductions would help “run the company more efficiently and to allow us to offset the other investments we’re making,” a thinly veiled reference to its enormous AI outlays.

Microsoft has offered thousands of employees a voluntary buyout — the largest in the company’s history. Across the sector, Layoffs.fyi data shows more than 92,000 tech jobs have already been eliminated in 2026, a pace that is outstripping last year’s total of around 120,000 cuts.

At first glance, the numbers suggest the long-predicted shift from human workers to AI is already underway. But conversations with executives and analysts reveal a more complicated picture: AI is not yet delivering clear cost savings. In many cases, it is costing companies more than the humans it might eventually replace.

Nvidia vice president of applied deep learning Bryan Catanzaro put it plainly in a recent Axios interview. He said: “For my team, the cost of compute is far beyond the costs of the employees.”

An MIT study from 2024 reached a similar conclusion. After analyzing the technical requirements for AI to match human performance, researchers found that automation would be economically viable in only 23% of roles where vision is a primary component. In the other 77%, it was still cheaper to keep humans in the job.

According to Fortune, Keith Lee, an AI and finance professor at the Swiss Institute of Artificial Intelligence’s Gordon School of Business, described the situation as a classic short-term mismatch.

“What we’re seeing is a short-term mismatch,” Lee told Fortune.

AI companies are often losing money on flat subscription models that fail to cover the high operating costs for heavy users. As a result, some firms are starting to view AI more as a complementary tool rather than an immediate labor substitute.

The scale of the spending is staggering. The four major U.S. tech giants that reported earnings this week, Alphabet, Meta, Amazon, and Microsoft, have collectively signaled AI-related capital expenditures that are now projected to top $700 billion this year, up from around $600 billion previously. Alphabet raised its annual capex forecast by $5 billion to between $180 billion and $190 billion, with plans for another big increase in 2027. Microsoft expects $190 billion in 2026 spending, with roughly $25 billion tied to rising component costs. Meta lifted its ceiling to as much as $145 billion.

Uber chief technology officer Praveen Neppalli Naga recently told The Information that the company’s pivot to AI coding tools had blown up its budget.

“I’m back to the drawing board because the budget I thought I would need is blown away already,” he said.

According to McKinsey projections, AI expenditures could reach $5.2 trillion globally by 2030 in a base case, or as high as $7.9 trillion at an accelerated pace. AI software fees have already risen 20% to 37% over the past year, according to Tropic.

Despite the spending spree, widespread productivity gains or large-scale job displacement have not yet materialized. The Yale Budget Lab has pointed to a lack of robust data supporting the idea of AI broadly replacing workers. Federal Reserve figures show that only about 18% of companies had adopted AI tools by the end of 2025, a 68% increase since September, but adoption remains early-stage and uneven.

Lee sees a clear path toward AI becoming economically superior, but it will take time and several breakthroughs. Inference costs for large language models with 1 trillion parameters are expected to drop more than 90% over the next four years, according to Gartner. Improvements in infrastructure, model efficiency, and hardware supply will help, and pricing models are likely to shift from flat subscriptions to usage-based structures that better align costs with actual value delivered.

But viability will ultimately depend on reliability.

“It’s not just about AI becoming cheaper than humans,” Lee said. “It’s about becoming both cheaper and more predictable at scale.”

For now, companies are making a high-stakes bet on that future. Google Cloud’s 63% revenue surge in the March quarter, far above estimates, was driven primarily by AI tools for enterprises for the first time, vindicating Alphabet’s heavy investment in turning research into commercial products. CEO Sundar Pichai noted that capacity constraints limited even stronger growth, a problem echoed across the industry.

Analyst Lee Sustar of Forrester observed that Google is capturing new workloads, sometimes from companies new to the cloud or seeking to diversify.

“It is capturing new workloads for the most part — sometimes from companies new to cloud, often additional workloads from customers of other clouds who want to be less dependent on a single cloud provider or who like Google data, analytics and AI offerings,” he said.

The current wave of heavy spending and selective layoffs reflects a painful transition period. Companies are investing aggressively in AI while trimming costs elsewhere to protect margins and reassure investors. Human labor remains cheaper and more reliable for many tasks today, but the scale of the capital bets suggests executives believe the economics will eventually flip as the technology matures.

The discrepancy between soaring AI costs and continued reliance on human workers underscores that the great labor shift to AI is not happening overnight. It is a multi-year, high-risk wager on future efficiency gains that have yet to fully materialize. Currently, the most visible impact is not mass replacement of workers, but a costly arms race to build the infrastructure that might one day make AI the cheaper, more scalable option.