The feds and top U.S. technology companies unveiled a plan today for reporting and trading details about ongoing security threats targeting AI models, according to materials shared exclusively with Axios.

Why it matters: Security flaws found in AI systems affect more than just model makers.

• Any company running an AI model in its own applications could be hacked if it doesn't properly patch newly discovered flaws.

Driving the news: The Cybersecurity and Infrastructure Security Agency (CISA) published a new playbook today outlining how companies can report and share details about ongoing security threats, including system vulnerabilities and ongoing cyberattacks.

• The playbook came from the AI-focused arm of CISA's Joint Cyber Defense Collaborative (JCDC). Anthropic, Amazon Web Services, Google, Microsoft and OpenAI are among those who contributed to the playbook.

The big picture: Security flaws in AI systems could allow bad actors to poison models, steal confidential information and even control autonomous agents.

• "AI systems are evolving rapidly. There's no single entity that has all the information to manage AI-related risks," CISA Director Jen Easterly told Axios. "This is an area where we have to work together and collaborate and share."

Zoom in: CISA's playbook includes two checklists for sharing new information, with one for reporting details about ongoing attacks and another about new vulnerabilities.

• The playbook also includes directions for various scenarios, such as reporting suspicious behavior and sharing publicly available reports about new threat actors.
• CISA and its partners designed the playbook to be a resource for security analysts, incident responders and other technical staff.

Catch up quick: Much of the playbook was inspired by feedback collected at two AI tabletop exercises that the JCDC hosted last year.

• Microsoft hosted the first one in June in Northern Virginia, as Axios previously reported.
• Scale AI hosted another in San Francisco in the fall that simulated an AI security incident targeting the financial services sector.

Between the lines: As with all JCDC efforts, companies and government agencies participate in this level of threat-intelligence sharing on a voluntary basis.

• Officials and executives who helped create the playbook told Axios that the project is the culmination of three and a half years of building trust so they feel safer sharing confidential information with one another.
• The tabletop exercises allowed participating companies "to look them in the eye and understand that they're going to use the information in a way that's consistent with their expectations," Eric Wenger, senior director for cyber and emerging tech policy at Cisco, which contributed to the playbook, told Axios.

Reality check: CISA and the JCDC's fate is unclear as the new Trump administration prepares to take office Monday.

• Republican Senate leaders have called for the agency's total elimination.
• Easterly and other top CISA officials are set to leave the agency Monday as Trump is sworn in.

Yes, but: Alex Levinson, head of security at Scale AI, told Axios that the company plans to keep sharing intel with its JCDC partners and to assist the new agency leadership on these issues — even if this specific program is dismantled.

• "Scale didn't join this because one political party or another put it forward," Levinson said. "If policy changes, if priorities change, I don't think this work stops."
• Easterly added that only a few senior-level officials are leaving CISA, but most of the agency's 3,400 federal employees will still be in their roles next week.

The bottom line: CISA and its private and public sector partners believe the new reporting playbook will help Americans be able to "embrace fully the amazing potential of AI," Lisa Einstein, chief AI officer at CISA, told Axios.

• "Americans aren't going to accept these new technologies, and these companies' critical infrastructure are not going to accept the new technologies, if they can't trust that they're built with security in mind," she said.

Orchid Security is emerging from stealth today with $36 million in seed funding led by Team8 and Intel Capital, the startup first shared with Axios.

Why it matters: The startup is shepherding a new way of tackling age-old user identity and password security problems, which continue to cause headaches for major companies.

The big picture: Companies typically manage hundreds of applications across their systems and networks, including internal messaging apps, email services, HR tools and more.

• Each of those applications requires different identity management configurations — such as multifactor authentication — to keep hackers from meddling with it to gain access to the company.
• "The organizational application was written by someone: It could be a vendor, it could be homegrown, it could be a lot of things," Orchid CEO and co-founder Roy Katmor told Axios. "There is no standard to writing an application."
• Retrofitting a standard security solution to each of those uniquely written applications just doesn't work, Katmor added.

Zoom in: Orchid asks large language models to automatically identify the security requirements for each of its customers' internal applications and what an organization needs to do to better secure each product.

• Orchid also measures this progress against the data-protection regulatory requirements that its customers may also need to follow.

The intrigue: Orchid is already working with Costco, Repsol and other Fortune 500 companies to secure their large enterprises.

What's next: Orchid is planning to use the new funding to both build out its product and hire 20 new people by the end of the year, Katmor told Axios.

• Many of those hires will be in sales as the company focuses on building out its North American and European customer base.

@ D.C.

🚨 The Biden administration is weighing new sanctions on a Chinese cybersecurity firm that it claims hacked U.S. telcos at the direction of Beijing. (Washington Post)

🏥 Hospitals and health care providers say the Biden administration's overhaul of a touchstone health privacy law is unworkable and too expensive to follow. (Axios)

📲 Here's what will likely happen to TikTok in the U.S. on Sunday, unless the Supreme Court pauses a forthcoming ban. (Axios)

@ Industry

💰 Chainalysis has acquired AI-agent security startup Alterya, reportedly for $150 million. (Business Insider)

👀 Tech industry players are hopeful that the incoming Trump administration will make changes to new export controls unveiled yesterday targeting advanced AI chips and models. (Axios Pro)

@ Hackers and hacks

📚 Parents, students and teachers whose data was exposed in the recent PowerSchool breach have little recourse to protect themselves from identity theft. (Axios)

🔍 Microsoft is investigating a multifactor authentication outage that's keeping customers from accessing their Microsoft 365 Office apps. (BleepingComputer)

👀 The December ransomware attack against Rhode Island's social services agency affected data tied to 657,000 individuals. (Cybersecurity Dive)

🐈‍⬛ Currently obsessed with this local news story about a New Hampshire cat who was missing for eight months and was then found 700 miles away in ... Michigan!