Two federal lawmakers introduced a bipartisan bill on Wednesday that preserves key regulation that facilitates the sharing of cyber-threat data between private companies and the federal government.

The Cybersecurity Information Sharing Extension Act, introduced by U.S. Sens. Gary Peters (D-MI) and Mike Rounds (R-SD), would extend provisions of the Cybersecurity Information Sharing Act of 2015, which is due to expire in September.

The law encourages businesses to share information about ongoing cybersecurity threats with the federal government and is one of few legislative actions that has actually had an impact on real-world cybersecurity, security experts said.

Specifically, the Cybersecurity Information Sharing Act of 2015 gives incentives to companies to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware or malicious IP addresses, with the Department of Homeland Security (DHS).

The law does this by providing legal protections for companies that do so by providing federal antitrust exemptions and precluding them from being held accountable for state and federal disclosure laws.

“From a defender’s standpoint, the Cybersecurity Information Sharing Act has been one of the few legislative tools that truly moved the needle,” Chad Cragle, CISO at cybersecurity resilience technology firm Deepwatch, told Cybersecurity Dive via email. “It gave the industry the legal clarity to share threat intel quickly, directly and without second-guessing the lawyers.”

Indeed, the law has been instrumental in investigations of major cybersecurity incidents, including the widespread SolarWinds supply chain attack, which affected both government agencies and private sector companies such as Microsoft. The law also provides support for Information Sharing and Analysis Centers (ISACs), member-driven organizations that collaborate on threat info-sharing to help critical infrastructure owners and operators protect their facilities.

“Cybersecurity is a team sport, and the truth of this idea is only becoming more obvious in a progressively more hostile global environment,” said Casey Ellis, founder of crowdsourced cybersecurity firm Bugcrowd. “The Cybersecurity Information Sharing Act provides a safe framework for information sharing, and underpins both public/private partnership sharing that powers U.S.-based ISACs.”

Strong case for extending the law

In separate statements, both senators also stressed the importance of maintaining the act’s protections, particularly in the current cybersecurity climate, where both the public and private sectors face constant security threats from both state-sponsored bad actors and others.

“As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable — it remains essential for our national security,” said Sen. Peters.

Meanwhile, Sen. Rounds said that allowing the Cybersecurity Information Sharing Act of 2015 to lapse “would significantly weaken our cybersecurity ecosystem,” especially as the act “has been instrumental in strengthening our nation’s cyber defenses.”

At the same time, however, the new act should be crafted to take into consideration the evolution of the threat landscape since the 2015 act was drafted and not just be a “rubber stamp” that doesn’t add anything new to the legislation, Cragle noted.

“This is an opportunity to fine-tune the law, preserving its core strength while ensuring it reflects today’s privacy expectations, supply chain realities, and operational complexity,” he said. “Getting this right means building on what works while adapting to what has changed.”

Dive Brief:

• Enterprises are ramping up agentic AI use and adoption plans despite identifying implementation roadblocks and areas ripe for improvement, a Cloudera report published Wednesday found. The data management vendor surveyed nearly 1,500 enterprise IT leaders earlier this year.
• Nearly all — 96% —  of those surveyed plan to expand AI agent use in their organization in the next 12 months, with half preparing for widespread implementation. Businesses are most interested in performance optimization agents, followed by security monitoring agents and development assistants. 
• Despite adoption ambitions, execution isn’t simple. IT leaders pointed to stronger data privacy and security features and faster training and customization as key changes they’d like to see in existing agents. Nearly 2 in 5 enterprises found integrating the technology with current systems very or extremely challenging.

Dive Insight:

IT leaders continue to express enthusiasm for AI agents as early adopters begin to hit their stride and vendors build out agentic portfolios.

Two-thirds of IT decision-makers said they are building agents on enterprise AI infrastructure platforms, and 3 in 5 point to embedded agentic capabilities in existing applications as a primary source, according to the Cloudera survey. 

“Agentic AI is taking center stage, building on the momentum of generative AI but with even greater operational impact,” Cloudera Chief Strategy Officer Abhas Ricky said in a press release. Enterprises that have yet to take the leap can start with a contained, high-impact project to accelerate internal confidence and help prove ROI. 

Governance is key as experiments begin, analysts have told CIO Dive. IT leaders should help their business understand what problems agents will solve, identify the guardrails needed and set up a monitoring plan. 

Early adopters are finding there’s no shortage of use cases for the technology. 

Google Cloud said its partners have built more than 1,000 AI agent use cases for customers across a variety of industries during its annual conference earlier this month. Organizations built more than 400,000 custom agents in Microsoft’s Copilot Studio in just three months, the cloud giant said last month, naming Estée Lauder Companies as part of the initial wave. In January, ServiceNow said it had nearly 1,000 customers using its AI agents, including EY and Rolls-Royce.

A plethora of implementation options doesn’t always make adoption easier, however. Around 7 in 10 early generative AI adopters said they have more potential use cases than they can fund, according to a Snowflake survey. The majority are struggling to decide which use case to prioritize as pressure mounts for projects to succeed. 

Cloudera identified several industry-specific trends on agent adoption in its report. 

Finance and insurance institutions are more likely to be using the technology to detect fraud, assess risk and advise investments. Manufacturers, meanwhile, are exploring supply chain optimization, process automation and quality control. Retailers primarily target their agentic efforts toward customer service, price optimization and demand forecasting.

Dive Brief:

• Companies at the most advanced stage of AI adoption plan to prioritize hiring of machine learning engineers and AI researchers, according to an EPAM Systems survey of IT leaders published Wednesday. The software services firm surveyed 7,300 C-suite, IT executives and developers in nine countries.
• Nearly two-thirds of respondents said they are familiar with the skills necessary to deploy AI projects at the enterprise level, although nearly half of those that identified as advanced adopters plan to hire for AI-related roles.
• More than 2 in 5 leaders believe their staff needs to upskill to meet the talent needs of AI adoption, according to the report.

Dive Insight:

The enterprise push toward AI adoption has put a strain on the availability of in-demand skills. For CIOs, filling specialized job openings — including AI developers and data scientists — has emerged as a key challenge for AI deployment plans. 

“Within the findings, a compelling truth emerges: The success of AI depends not just on technology but on empowering the human expertise behind it,” said EPAM chief learning scientist Sandra Loughlin in the report. “This revelation shows the urgency to upskill and cultivate AI-fluent cultures at scale.”

AI and ML analysts soared to the top of Robert Half‘s list of in-demand roles published in February, another sign of rising enterprise competition to bring specialists aboard. More than two-thirds of executives said the skills shortage had increased year over year, according to Robert Half. 

LinkedIn also saw LLM know-how and overall AI strategy rise in a ranking of in-demand engineering skills it published last month. The company evaluated hiring success and demand across multiple engineering domains.

Despite the AI skills surge, overall IT hiring has begun to show mixed signals amid roiled economies in an escalating trade war. IT roles across the economy fell by nearly 30,000 in March, according to a CompTIA analysis. 

Dive Brief:

• Citigroup touted AI productivity gains as it moved forward with ongoing IT transformation Tuesday during the company’s Q1 2025 earnings call. “I’m not sure any bank finishes its modernization,” CEO Jane Fraser said. “We’re still innovating and investing in supporting our business with new innovations.”
• The bank poured $2.4 billion into technology and communication investments during the first three months of the year, up from $2.3 billion in each of the prior two quarters and $2.2 billion in Q1 and Q2 2024, according to the earnings presentation.
• Citi retired or replaced 130 applications during the quarter, on top of 2,000 legacy applications decommissioned over the last three years. The bank also saw efficiency gains after deploying two internal chatbot assistants, as well as a developer tool that completed roughly 220,000 automated code reviews, according to the presentation.

Dive Insight:

IT system upgrades and generative AI adoption have gone hand in hand across the financial sector, as banks look to ease internal operations and smooth customer interactions. Citi’s modernization push was also motivated by compliance imperatives.

The Federal Reserve Board found deficiencies in Citi’s data quality management in 2020, which triggered $135.6 million in regulatory penalties last year.

Fraser has been blunt about the prior state of Citi’s data infrastructure. The executive pointed to decades of underinvestment shortly after the Fed and the Office of the Comptroller of the Currency levied the 2024 fines.

“We fell behind in data, particularly regarding regulatory reporting,” she said Tuesday. “We’ve taken action to get that into shape, and we’re confident in how that’s now progressing.”

Citi’s data system investments are part of a broader transformation aimed at upgrading digital systems and simplifying processes across banking operations.

“There’s still work to do,” Fraser said, pointing to ongoing efforts to retire legacy applications and consolidate Citi’s technology onto unified platforms. “Many of the efforts are now impacting how we run the bank better and more efficiently.”

Data quality assurance is a crucial step along the road to the safe and effective implementation of AI capabilities.

Citi provided 30,000 of its developers with coding tools and tapped Google Cloud’s Vertex AI platform for further adoption last year. Last month, the company announced that former Morgan Stanley data and AI executive Dipendra Malhotra will join the bank’s wealth management unit as head of wealth technology in May.

The bank recruited former PwC senior partner Tim Ryan to head technology and business enablement and drive enterprisewide AI adoption last summer. Citi furnished employees with several generative AI tools designed to help with routine tasks in December, Ryan said in a LinkedIn post.

“We are also integrating AI directly into our business operations to improve the client experience,” Fraser said Tuesday. “The latest example is Agent Assist, our first generative AI tool for customer service in U.S. Personal Banking. It is designed to help our team resolve inquiries faster and is now being piloted in credit cards.”

Dive Brief:

• Rather than struggling to identify generative AI implementation ideas, enterprises are finding it difficult to know which use case to prioritize, according to a Snowflake and Enterprise Strategy Group survey of 1,900 business and IT leaders in nine countries. 
• Around 7 in 10 early AI adopters say they have more potential use cases than they can fund, the report published this week found. More than half find it difficult to lean on objective measures like costs, business impact and ability to execute when deciding what to pursue.
• The stakes are high to pinpoint the optimal application, as 71% believe selecting an undesirable use case will hurt their company’s market position. Nearly 60% admit that advocating for the wrong use case could endanger their job security.

Dive Insight:

The recent waves of AI have added a sense of urgency to most longtime IT gripes, from data dilemmas to project prioritization. 

“You can’t tackle it all,” said Sorin Hilgen, chief digital officer and in-country CIO at EG America. “Nobody has unlimited resources.”

Overloading a business with AI projects has consequences. IT pros report AI project delays of up to six months as organizations grapple with budget constraints, skill shortages and computing availability, according to a Civo report published in January. 

AI project failure rates are also on the rise, with many businesses stuck in pilot purgatory. CIOs who can identify AI success stories — and suss out when AI is not the answer — are a vital asset to their businesses.

How enterprises decide to rank use cases varies. 

Aflac pursues AI opportunities with an eye on business impact and alignment with broader strategic goals, leaning on its innovation lab to support use case prioritization goals. General Mills has worked to narrow its list of use cases by focusing on areas where value is guaranteed. Executives at Estée Lauder Companies have kept implementation speed and high-value opportunities top of mind when deciding where to aim adoption efforts. 

EG America, which operates Cumberland Farms, Kwik Shop and several other convenience retailers, tackles use cases with the highest business value first, aligning that with resources and expected timelines. 

But technology leaders alone shouldn’t hand down the decree, Hilgen told CIO Dive. 

“It’s a collaborative decision between IT and the business,” Hilgen said. “Obviously, we have a strong say in that, simply because of the technology capabilities and deliverables, but it’s not technology for technology’s sake.”