Election Officials Have Been Preparing for AI Cyberattacks

Since ChatGPT and other generative artificial intelligence systems first became widely available, the Brennan Center and other experts have warned that this technology may lead to more cyberattacks on elections and other critical infrastructure. Reports that Anthropic’s new AI model, Claude Mythos, can pinpoint software vulnerabilities that even the most experienced human experts would miss underline the urgency of those risks. Fortunately, election officials have been preparing for cyberattacks and have made significant progress in securing their systems over the past decade, incorporating improved cybersecurity practices at every step of the election process.

Anthropic claims that its new model can autonomously scan for vulnerabilities in software more effectively than even expert security researchers. If given access to this new model, amateurs would theoretically be capable of identifying and exploiting vulnerabilities in a way that previously only sophisticated actors, such as nation-states, could do. For this reason, Anthropic chose not to release the Mythos model publicly. Instead, under an initiative Anthropic is calling Project Glasswing, it has offered access to Mythos to a number of high-profile tech firms and critical infrastructure operators so that these companies can proactively identify and address vulnerabilities in their own systems. Although Anthropic is currently controlling access to its model to prevent misuse, experts believe it is only a matter of time before tools advertising similar capabilities are broadly available.

This danger will not necessarily be new to election officials. Year after year, elections have been targeted by highly sophisticated cyber interference efforts by foreign adversaries and criminal actors. Election officials have planned for and defused these threats as they arose. While AI-assisted vulnerability scanning may expand the scale of possible attacks, it still represents a difference only in degree — not in kind — from what election officials have prepared to face. Some security experts who have received access to Mythos have publicly agreed with that assessment, noting that even the previously undiscovered vulnerabilities were ones that could have been found by a human researcher; they were not entirely new weaknesses altogether. The layers of protection election officials built to defend against cyberattacks in the pre-AI age will continue to guard against new attacks and offer a launching point for further fortifying election systems.

Since attempts by Russian actors to scan and infiltrate state voter registration databases in the 2016 election, election officials nationwide have adopted security best practices and updated technology, with funding and support from state and federal government. A survey of state election officials shows that most states have adopted recommended voter registration database protections, such as requiring multifactor authentication for all users, using network monitoring systems, conducting system audits, and creating regular backups. Between 2018 and 2024, the federal government provided over $1 billion to update election technology and offered free access to cybersecurity assessments and vulnerability scanning, allowing election officials to better understand system threats and improve prevention protocols. While the federal government has withdrawn much of its support for election security over the past year, on the whole, states have more cybersecurity capacity to defend their systems than they did a decade ago, following a four-year, $1 billion state and local cybersecurity grant program that launched in 2021.

More importantly, election officials do not rely on cybersecurity protections alone to guarantee the accuracy of final vote tallies. They plan for things to go wrong, and they develop backups, redundancies, and recovery plans to ensure that eligible voters can cast ballots and that every vote is counted. Unlike in 2016, when a quarter of all votes were cast on paperless systems, nearly every vote now has a paper record that can be reviewed by hand in the event of concerns about a cyberattack on voting systems. In case technology fails at the polling place, states also require backup plans such as pre-printed ballots and paper pollbooks. And election officials implement a series of checks through the counting process to confirm that every vote is accurately included in the final count.

While Anthropic’s Mythos model represents a wake-up call, it’s not a call to panic. Instead, it’s a moment for election officials and those who support their efforts to redouble the work they are already doing. Above all, federal and state leaders need to provide sufficient and reliable funding for election security on the scale of what was provided in the years immediately following the foreign interference incidents in the 2016 election. The risks of AI-assisted cyberattacks make it clearer than ever that election security is a race without a finish line — the safeguards for election technology must keep pace with evolving threats.

Moving forward, states need to step up and help fill the gap left by the federal government, which has chosen to significantly reduce support for election cybersecurity (and all critical infrastructure security) under the Trump administration. The Brennan Center’s 2026 annual survey of local election officials shows that broad majorities support the government providing services that were previously offered by the federal government, including election security training, best practices on emerging security threats, security scenario-planning exercises, and incident-response support. Yet 75 percent of local election officials say their state or local government has not provided additional resources to make up for federal cuts.

The Election Security Exchange recommends several low-cost steps election officials can take, many of which they are already taking. These include keeping all software up to date and enabling automatic updates, using a dedicated password manager for all accounts, enabling multifactor authentication, and conducting regular phishing training.

Finally, Anthropic, which says it launched Project Glasswing “in an effort to secure the world’s most critical software,” should consider how it can best expand those protections to any software that underpins the election process.

The threat of AI-assisted cyberattacks is one to take seriously, as experts have long warned. But everyone in the election community must be equally vocal in emphasizing that this emerging danger will not force election officials back to square one. The groundwork they have laid over the last 10 years will continue to provide critical protections, helping to ensure every eligible voter can cast a ballot and have their ballot counted. The responses to previous election security threats also show a path toward future improvements.

Now is the time for legislators and other public officials to invest in what works and partner with election officials to guarantee our safeguards remain one step ahead of the threats seeking to undermine them.