Election officials across the U.S. are heading into their first votes in years without the level of federal support they've come to rely on.

The big picture: Federal agencies monitored both cyber and physical threats to elections over the past decade and built trust with local election officials.

• But this year, much of that support has evaporated due to budget cuts and staffing reductions, officials tell Axios. Local election offices are left with fewer resources, less threat intelligence, and diminished federal guidance.
• "It's kind of heartbreaking to know that they worked [on] creating these relationships and partnerships over the last decade, and they're now just disintegrating," Brianna Lennon, the county clerk in Missouri's Boone County, tells Axios.
• Bloomberg reported yesterday that the Cybersecurity and Infrastructure Security Agency's election monitoring room, which has been stood up during every election cycle to field and share information about active threats to elections, isn't operating this year.

Driving the news: Since January, the federal government has reshaped its election security strategy, scaling back efforts to combat disinformation while limiting direct support to state and local election officials.

• Earlier this year, the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), which provides real-time threat alerts to election operators, lost its federal funding.
• CISA also laid off its election-focused staff, including field workers who conducted physical and digital assessments of election systems.
• "I'm not a cybersecurity expert — I know enough of it to be able to ask the right questions, hopefully — but that expert's view is what we're missing," Lennon says.

Between the lines: Election officials are starting to look elsewhere to fill the void, says Pamela Smith, president and CEO of Verified Voting.

• Ahead of today's votes, election officials have been running their own tabletop exercises to game out threat scenarios.
• And regional networks and national associations are becoming critical backchannels for sharing threat information.

Yes, but: Smith adds that elections can and will remain secure despite changes in federal involvement.

• "We ran elections before there was critical infrastructure support, and we'll have elections again, even without federal support," Smith says.

Threat level: Still, Smith warns that without federal funding, many smaller election offices will struggle to afford the resources needed to secure their systems.

• Some are likely to hire workers on an as-needed basis, or simply fly blind, she adds.

The intrigue: Even as the Trump administration scales back its support for securing elections, it has sent federal monitors to polling sites in six jurisdictions across California and New Jersey to "ensure transparency, ballot security, and compliance with federal law."

• Voting rights groups warn the move may be a political tactic to cast doubt on elections in Democratic-leaning areas. In response, California sent its own monitors to observe the federal players.

What's next: State and local officials are building new networks to fill the vacuum — but trust in federal partnerships may take years to repair.

• "There has been some ... damage done to the relationships between the federal, the state and local election officials," Lennon says. "That's something that can't be understated."

Reports to the Better Business Bureau of scams impersonating government agencies increased in October during the government shutdown, according to an Axios analysis.

The big picture: Government agencies, local banks and consumer advocates have been warning all month about scammers using confusion around the month-long shutdown to their advantage.

• Experts have been bracing for scammers to try to take advantage of vulnerable people during the shutdown — for example, to target SNAP recipients who lost those benefits.

By the numbers: The Better Business Bureau received 211 total complaints about scammers impersonating government agencies in October, according to the bureau's Scam Tracker database.

• That was up from the 151 total government imposter complaints the agency received in September and the 133 reported in August.
• In July, the organization received 233 reports of government scams.

Zoom in: Complaints to the organization varied from scammers impersonating passport renewal services to others claiming to be offering government-backed loans.

• One person in Washington state said a scammer "called to tell me my government-free grant for gas, rent and personal expense for 22,000 dollars was at risk if I didn't pay the 500 dollar refundable fee."
• Another person reported receiving a phone call about a "relief check" worth more than $5,000 that had been issued to them.

Reality check: Only a fraction of scam victims submit reports to the Better Business Bureau.

What to watch: Scammers are targeting SNAP recipients after last weekend's funding freeze.

Read the rest.

A working paper from an MIT-affiliated research group was quietly pulled offline last week after cybersecurity experts criticized its claim that artificial intelligence powers 80% of ransomware attacks.

Why it matters: The paper and the online chatter surrounding it have reignited debate over how to measure the role of AI tools in the cybercrime world.

Driving the news: In September, MIT's Sloan School of Management published a paper estimating that nearly all new ransomware attacks are powered by AI tools.

• But security researchers were quick to question the findings: Kevin Beaumont, a well-known researcher, called the paper "nonsense" and claimed it even relabeled historic ransomware operations as being AI-enabled.
• On Friday, the paper was quietly taken down and replaced with an update that says "the working paper you have requested is being updated based on some recent reviews."

What they're saying: "The main points of the paper are that the use of AI in ransomware attacks [is] increasing, we should find a way to measure it, and there are things companies can do now to prepare," Michael Siegel, principal research scientist and director of the cybersecurity program at MIT Sloan, told Axios in an email.

The intrigue: According to an archived version, Siegel and another MIT researcher wrote the paper alongside the CISO and a threat researcher at Safe Security, an AI-powered cyber risk management firm.

• Safe Security did not respond to a request for comment.

The big picture: For months, security researchers have been warning about the role generative AI is now playing in the cybercrime ecosystem.

• Researchers at NYU released a paper earlier this year detailing a proof of concept they created for AI-powered malware that could automate much of the attack chain.
• Ransomware gangs have also been seen experimenting with AI tools and automation in their operations, according to AI companies and cyber incident responders.

Yes, but: Many of these cases are still outliers, and incident responders say they're still seeing ransomware gangs predominantly using the same old tactics to break into companies.

OpenAI launched an AI agent to help developers find and verify bugs in their code.

Why it matters: Tools like this could shift the cybersecurity balance toward defenders in their quest to stop malicious hackers.

Zoom in: OpenAI said Thursday that the new agent, called Aardvark, is entering beta as an invite-only web app that connects to a user's GitHub environment.

• Aardvark uses GPT-5's reasoning to continuously scan codebases, skipping traditional methods like fuzzing, and seek out any weak points.
• The agent then flags possible bugs, tests them in a sandbox, and ranks their severity before proposing fixes.
• "In some way, it looks for bugs very much in the same way that a human security researcher might," Matt Knight, vice president at OpenAI, told Axios.

Yes, but: The agent doesn't patch anything itself. Humans must verify and deploy any fix Aardvark suggests.

• For each issue, Aardvark also annotates the code and explains its reasoning — helping users understand each finding before acting.

The intrigue: In early tests, Aardvark discovered 10 previously unknown security vulnerabilities in open-source projects that later received official CVE identifiers, the system used to catalog software vulnerabilities, Knight said.

Read the rest.

@ D.C.

💸 The Python Software Foundation declined a $1.5 million National Science Foundation grant after new federal terms barred recipients from running programs that "promote" diversity, equity and inclusion. (CyberScoop)

📸 Immigration authorities are now using facial recognition technologies while on the streets to verify someone's citizenship status. (404 Media)

👀 Sen. Ron Wyden (D-Ore.) and Rep. Raja Krishnamoorthi (D-Ill.) are calling for a federal investigation into the cybersecurity practices of Flock Safety, the largest surveillance camera operator in the U.S. (Wyden)

@ Industry

💰 Arctic Wolf CEO Nick Schneider says the company is actively looking for new acquisitions as it eyes a potential public market debut. (Axios Pro)

🛜 Several U.S. agencies are pushing for a ban on sales of TP-Link products, citing national security risks and the company's alleged ties to its China-based sister company. (Washington Post)

📈 LevelBlue CEO Bob McCullen says the managed service provider is preparing for an IPO next year and will continue to be aggressive on acquisitions. (Axios Pro)

@ Hackers and hacks

⚠️ Ribbon Communications, a U.S. telecommunications services company, says nation-state hackers broke into its systems and maintained access for nearly a year without being detected. (Reuters)

👨🏻‍⚖️ A Ukrainian national accused of working for the Conti ransomware gang is facing up to 25 years in a U.S. prison. (The Record)

🚔 A ransomware negotiator and an incident responder have both been indicted for allegedly launching their own cyberattacks against victims, including a medical company, a drone manufacturer and a doctor's office. (Chicago Sun-Times)

🕶️ This is a new one: Zenni is now making eyeglasses to evade detection by facial recognition systems.