Security contractors are adapting to the Department of Government Efficiency's brutal cost-cutting regime — by pitching their tech as essential to its mission.

Why it matters: As federal workforce cuts deepen, DOGE is expected to lean more heavily on third-party security vendors to help dismantle longstanding information silos — despite the national security risks that could come from its quest.

Driving the news: In recent weeks, DOGE has quietly begun laying the groundwork for what privacy advocates long feared was its endgame: building a centralized database containing the personal information of millions of U.S. citizens and residents.

• Some reports also suggest DOGE is exploring ways to deploy AI agents to replace federal workers across agencies, fueling further alarm about the national security and privacy implications.

Between the lines: Several companies are now marketing their tools directly to agencies as a way to survive DOGE's cost-cutting demands.

• ServiceNow CEO Bill McDermott said in an earnings call last month that his company is benefiting from the shift. "In this moment, we're one of the rare companies that will grow 30% year over year in the public sector," he said.
• Wired reported this month that OpenAI has met with the Food and Drug Administration about a tool to evaluate new drugs. Two DOGE associates were also in attendance, according to the report.
• A source familiar with the matter confirmed the meetings to Axios, noting that OpenAI has shown clear interest in working specifically with the FDA in some capacity. However, no contracts have been signed yet.

The intrigue: Many of these vendors have ramped up their lobbying power in recent months — particularly with Trump-aligned lobbying firms.

• So far in 2025, at least nine security and consulting firms, including Zscaler, Accenture, and Booz Allen Hamilton, have registered with Ballard Partners, according to congressional lobbying disclosures.

Zoom in: Axonius, an Israeli cybersecurity startup with growing federal ambitions, told Axios it's started pitching itself to agencies as a tool that can help them dodge the most severe DOGE audits.

• The company's platform gives administrators full visibility into devices, software and users, aligning closely with DOGE's stated mission to streamline IT environments.
• Tom Kennedy, vice president of Axonius Federal Systems, told Axios that the company's tools can be "part of a great efficiency story" and that its technology usually gets through relevant DOGE audits.
• But Brian Meyer, field CTO at Axonius Federal Systems, added that the company's pitch doesn't endorse job cuts.
• "Even before the DOGE, there was a problem in the cybersecurity industry for full-time employees — they're already trying to do more with less," he said. "We've been telling that story for years: Based on what we have, you can do more with the resources that you have."

The big picture: The federal cybersecurity ecosystem has been on edge during the early months of the second Trump administration, amid staff cuts in the federal cyber workforce and a pending Department of Justice investigation into former CISA director Chris Krebs.

• Several administration officials met with companies on the sidelines of the RSA Conference last month in the hopes of mending some of these relationships.
• Still, some executives say federal work has remained consistent. "We have been really privileged to have a strong relationship with every White House administration," Cloudflare CEO Matthew Prince told Axios in an interview.
• "It feels like everything today is a partisan issue — but cybersecurity is on the less partisan side of that equation," he added.

Yes, but: That hasn't spared vendors from fallout.

• Security research government contractor Mitre is laying off 442 employees, or nearly 5% of its workforce, in June due in part to contract cancellations.
• Deloitte has also shared plans to lay off staff, and other consulting firms have warned of declining U.S. federal revenues this year.
• "It's disruptive, there's no other way to put it," Kennedy said of DOGE's cuts to the federal cybersecurity workforce. "We were hoping that cybersecurity would be sheltered, and it has not been from a human side."

What to watch: Courts have continued to stonewall some of DOGE's most ambitious efforts, including accessing personal information at the Social Security Administration.

• Lawmakers have raised serious concerns about the scope of the contractor and workforce cuts at CISA.

The House Homeland Security Committee is planning a field hearing on cybersecurity issues in Silicon Valley during the congressional recess next week, Axios has learned.

Why it matters: Tensions between Washington and the cybersecurity industry have been high amid DOGE-led cuts at the nation's top cyber agency and growing concerns about nation-state cyber threats against critical infrastructure, particularly during a global trade war.

Driving the news: Congress is also weighing the reauthorization of the Cybersecurity Information Sharing Act, which expires at the end of the year.

• Without it, the cybersecurity community argues that it will no longer have the legal safeguards it needs to trade vital cyber threat information with the government or between companies.

Zoom in: The House Homeland Security Committee will hold a hearing at Stanford University next Wednesday focused on the U.S. cybersecurity posture, a spokesperson shared exclusively with Axios.

• Chair Mark Green (R-Tenn.), ranking member Bennie Thompson (D-Miss.) and cyber subcommittee leaders Andrew Garbarino (R-N.Y.) and Eric Swalwell (D-Calif.) will travel for the hearing.
• Witnesses will include retired Lt. Gen. H.R. McMaster, former national security adviser in the first Trump White House and a fellow at Stanford's Hoover Institution; Wendi Whitmore, chief security intelligence officer for Palo Alto Networks' Unit 42 threat intelligence team; and Jeanette Manfra, global director for security and compliance in Google Cloud's Office of the CISO.
• The committee will also hold private breakout discussions with lawmakers, cybersecurity stakeholders and researchers that day, per the spokesperson.

Between the lines: Green said in a statement to Axios that the committee is heading to Silicon Valley to hear directly form "innovators, job creators and academics" about the best ways to shore up the country's cyber defenses.

• "We must work together to flip the economic models of cybersecurity, deter malicious actors, bolster and better equip our cyber defenders, and find ways to harmonize the federal government's burdensome cyber regulatory regime," Green said.
• Thompson said he was "looking forward to hearing from companies on their turf to talk about how the government can promote and benefit from tech innovation."
• Swalwell said the trip was an opportunity to discuss "innovative cybersecurity solutions" and described Silicon Valley as the "epicenter of cybersecurity research and innovation."

Hackers who have been wreaking havoc on British retailers in recent weeks are now targeting this side of the pond, Google and other security firms started warning last week.

Why it matters: The notorious cybercriminal gang behind the attacks, Scattered Spider, has a history of successfully stealing reams of data and prompting business disruptions at several major companies.

Driving the news: Google started warning on Wednesday that Scattered Spider was now starting to go after major American retailers.

• This warning followed a wave of cyberattacks targeting at least three major British retailers in the last month, including Marks & Spencer, Harrods and Co-op.
• "Shields up, U.S. retailers," John Hultquist, chief analyst at Google Threat Intelligence Group, wrote on X. "They're here."

Zoom in: Scattered Spider has already attacked multiple U.S. retail companies in the last two weeks, according to CNN.

• The FBI has stepped up cyber intelligence briefings for major retailers, CNN said. And Ahold Delhaize USA, the parent company of the Giant and Food Lion grocery chains, was among the targets.
• "Many companies have taken steps to harden themselves against these criminal groups' tactics over the past two years," Christian Beckner, vice president of retail technology and cybersecurity at the National Retail Federation, said in a statement.

Threat level: Scattered Spider has quite the rap sheet, despite being made up of hackers predominantly in their teens and early 20s.

• Officials say Scattered Spider was behind the 2023 attacks on MGM Resorts and Caesars Entertainment.
• It's not yet known how the hackers are targeting the retail sector, but the group has expanded it tactics in the last year to include targeting enterprise software.

The intrigue: Scattered Spider has been pretty quiet since the U.S. charged five of its members in November.

What's next: Google is hosting a webinar tomorrow diving into what's happening and how retailers can harden their networks to avert a cyberattack.

• Palo Alto Networks is hosting a similar webinar on Thursday.

@ D.C.

👀 Dave Luber, the head of the NSA's cyber division, is leaving at the end of the month amid broader leadership shakeups at the intelligence agency. (The Record)

❌ The Consumer Financial Protection Bureau has quietly killed plans for a new rule limiting the ability of U.S. data brokers to sell sensitive information about Americans. (Wired)

🔍 The National Labor Relations Board's inspector general is investigating a whistleblower disclosure warning of a possible data breach at DOGE. (FedScoop)

@ Industry

👨🏻‍⚖️ A judge ruled that Delta can pursue most of its lawsuit seeking to hold CrowdStrike liable for last summer's massive computer outage, which caused the airline carrier to cancel 7,000 flights. (Reuters)

🧬 Pharmaceutical company Regeneron is buying 23andMe out of bankruptcy for $256 million and plans to use the DNA testing company's database of roughly 15 million DNA samples to help discover new drugs. (Wall Street Journal)

💰 Cyera has raised a new $500 million funding round, valuing the company at around $6 billion. (Bloomberg)

@ Hackers and hacks

⚠️ Hackers are exploiting a zero-day vulnerability in software manufacturer SAP to target potentially thousands of victims, experts warn. (CyberScoop)

🪙 The Justice Department has opened an investigation into the recent breach at Coinbase, which the company has said involved hackers bribing employees and contractors to get client information. (Bloomberg)

🤖 The FBI warned that scammers are using AI to impersonate senior U.S. officials in their schemes. (Axios)

Vanity Fair profiled my colleague Barak Ravid — whose byline you may recognize from his many scoops on U.S. relations with Ukraine, the Middle East and beyond.

• 🧠 My favorite quote: "I'm a sick person, but it's just so much fun."