A year into the second Trump administration, the Cybersecurity and Infrastructure Security Agency is smaller, leaner and at the center of a growing debate over what the nation's cyber mission should look like.

Why it matters: CISA is at the front lines of protecting U.S. government agencies and private companies from nation-state and cybercriminal digital threats, but it now has fewer people and resources to carry on that work.

The big picture: Buyouts, contract cuts and reduced threat-hunting capacity defined the nation's top cybersecurity agency last year.

• More than one-third of CISA's workforce was laid off or took voluntary buyouts or early retirements last year. Some personnel were reportedly reassigned at the end of the year to ICE, Customs and Border Protection, and other Department of Homeland Security offices focused on immigration.
• Political leadership has also been embroiled in controversy in recent months after acting director Madhu Gottumukkala reportedly failed a polygraph and attempted to oust the agency's chief information officer.
• CISA ended funding to outside election security programs and halted much of its work to support state and local election officials.

Between the lines: A former senior official, who requested anonymity to avoid retaliation, told Axios that the changes have dampened morale inside the agency and made it difficult for it to maintain strong private sector partnerships.

• "Most people I know and worked with have left, and for many, if not all of them, this was a very hard decision," the official said. "I don't know anyone who wanted to leave."
• A second former senior official, who requested anonymity for similar reasons, told Axios that "with hundreds of less people, we are undoubtedly doing less."

Driving the news: Gottumukkala testified repeatedly during a congressional hearing last week that the agency is going "back on mission."

• He told lawmakers the agency "supported more than 4,000 victims of cyber incidents" and "triaged over 30,000 incidents through our 24/7 operations center" last year.
• The agency has also retired 10 emergency directives and co-sealed 39 joint cybersecurity advisories with partner organizations in the last year.
• The White House renominated Sean Plankey this month to run the agency after the Senate didn't take up his bid.
• "CISA remains steadfast in its mission to safeguard the systems Americans rely on by strengthening federal network defenses, empowering businesses, and fortifying critical infrastructure nationwide," agency spokesperson Marci McCarthy said in a statement.
• McCarthy added that the agency will "deepen collaboration with trusted partners, prioritize highly skilled technical professionals, and direct resources for maximum impact" over the coming year.

The intrigue: Tensions are growing between the agency and lawmakers over what exactly it means to return the agency to its mission, which was the stated rationale for cutting certain staff and contracts.

• Part of the House-approved appropriations budget calls on the agency to restart its election security program and provide funding to the Elections Infrastructure Information Sharing and Analysis Center.
• The House's spending bill — which is likely to get held up this week as Senate Democrats push for policy changes at ICE — also provides "$20 million to fill critical vacancies," according to a bill summary.

What to watch: CISA won't be attending the RSAC Conference for the first time in years after the event named the agency's former leader, Jen Easterly, as its CEO.

• "CISA has reviewed and determined that we will not participate in the RSA Conference since we regularly review all stakeholder engagements, to ensure maximum impact and good stewardship of taxpayer dollars," McCarthy said in a statement.

The CEOs who gathered in Davos are most concerned about fraud, AI security bugs and hackers exploiting software vulnerabilities.

Why it matters: Expect those concerns to drive security budgets over the next year.

Driving the news: CEOs ranked cyber-enabled fraud and phishing as their top cybersecurity concern of 2026, according to the World Economic Forum cybersecurity outlook report released last week.

• Ransomware, which ranked highest last year, didn't crack the top three.
• The WEF surveyed 105 CEOs worldwide between August and October 2025 as part of its report.

Between the lines: CEOs of companies the WEF scored as "highly resilient" to cyber threats said AI vulnerabilities were their biggest concern.

• CEOs also reported concerns about data leaks tied to generative AI tools, including the exposure of personal data, as well as adversaries advancing their capabilities using AI tools.

Zoom in: Some of those fears are already playing out. Fraudsters are using free, off-the-shelf AI tools to generate synthetic identities at scale in minutes, Socure CEO Johnny Ayers told Axios' Dave Lawler in Davos.

• Socure estimates the number of deepfake attacks it detected jumped 8,000% over the past year.
• "It is staggering," Ayers said. "We are very deep in this."

What to watch: Just like you, adversarial hackers are experimenting with AI tools.

Americans are losing confidence in their ability to spot scams, even as they try harder than ever to educate themselves about the dangers, according to a McAfee survey released this morning.

Why it matters: Scammers are only getting faster and harder to detect as they adopt AI tools.

By the numbers: One-third of U.S. respondents said they feel less confident in their ability to spot scams than they did a year ago.

• At the same time, 75% of people said they made an effort to educate themselves about how to avoid and spot scams last year.
• McAfee conducted its survey online in November among 7,600 adults worldwide, including 2,020 Americans.

The big picture: It's no longer just a matter of looking for telltale signs of a scam text or email, like poor grammar or a suspicious link.

• About a quarter of the scams that people encountered last year didn't contain a link and just started as conversational messages, according to the survey.
• 44% of people said they'd replied to a suspicious message on social media that didn't include a link.
• McAfee estimates that Americans now spend "the equivalent of 114 hours per year" trying to figure out if what they see online is real — a 21% increase from 2024.

What's next: McAfee is adding new tools to its consumer-facing app, Scam Detector, this spring that can spot scams embedded into QR codes and social media messages.

• People are becoming more aware of not only how many scams are out there, but also how much help they need to decipher them, said Abhishek Karnik, head of threat research at McAfee.
• "They understand how real it's getting," Karnik said.

Operational tech security startups are drumming up investor interest again as cyberattacks pick up.

Why it matters: They appeal to both tech companies looking to move further into the industrial space and those trying to keep an eye on a growing array of devices, dealmakers say.

How it works: Companies in OT security protect older industrial control systems.

• These control systems, which include manufacturing facilities and energy infrastructure, were designed decades ago, long before cyberattacks were a reality.
• Many OT firms also offer digital asset management solutions.

Driving the news: Claroty, a New York-based OT security startup with Israeli roots, just raised a $150 million Series F round at a $3 billion valuation led by Golub Growth.

State of play: Claroty's round follows some bigger M&A deals in the space.

• ServiceNow said in December it would buy Armis for $7.75 billion in cash, shortly after the startup raised $435 million at a $6.1 billion post-money valuation led by Goldman Sachs Alternatives.
• Mitsubishi Electric agreed to buy Nozomi Networks, an industrial cybersecurity provider, in an approximately $1 billion deal announced in September.

What we're hearing: Companies that try to automate and digitize workflow — like ServiceNow — see a big opportunity for growth in the industrial and manufacturing sector, where digital transformation efforts have been stymied due to older systems and security issues, an investor in Armis told Axios Pro.

👀 What we're watching: Another large player in the space, Maryland-based Dragos, is often mentioned as an IPO candidate in the coming years.

• Armis was seriously looking at an IPO this year and could have pursued the public market this year, a banker who worked on the ServiceNow deal said.

If you need smart, quick intel on dealmaking in the enterprise software industry for your job, get Axios Pro Deals.

@ D.C.

👀 The Treasury Department is canceling its Booz Allen Hamilton contracts, with the Trump administration saying the company "failed to implement adequate safeguards to protect sensitive data." (Axios)

🗳️ The Justice Department said two DOGE employees may have been improperly sharing Social Security information with a political advocacy group as part of its effort to overturn election results. (Axios)

💰 DHS officials are pushing CISA to support the creation of a new secure intelligence-sharing facility at a South Dakota-based university. (Politico)

@ Industry

📲 WhatsApp is rolling out a new set of advanced security protections for users who could be targets of spyware. (Reuters)

📍 The new TikTok U.S. venture is now collecting precise user location data, according to updated terms of service. (BBC)

💸 Cloud cybersecurity startup Upwind has raised $250 million in Series B funding, bringing its valuation to about $1.5 billion. (Wall Street Journal)

@ Hackers and hacks

🎣 LastPass warned customers that attackers are actively circulating a phishing campaign targeting their master passwords. (LastPass)

⚡️ An unprecedented cyberattack targeting Polish power plants and other energy producers involved so-called wiper malware designed to erase computers and cause outages. (Zero Day)

⚠️ An inside look at a cyber scam compound bordering Myanmar and Thailand, based on leaks from an insider working at one. (Wired)

🏕️ Meet Wendy, the most wholesome, older solo camping queen on YouTube! I'm obsessed.

• 👩🏼‍🍳 Enjoy this video of her baking cinnamon rolls next to a lake and this one of her roasting a whole Cornish game hen during the winter solstice.