BlogLine

Improving communication between government and industry leaders: The AI Cybersecurity Collaboration Playbook

7/21/25

By: Cory A. Chipman

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA), through its Joint Cyber Defense Collaborative (JCDC), published the Artificial Intelligence (AI) Cybersecurity Collaboration Playbook (The Playbook)¹ and a fact sheet² on Jan. 14, 2025. The Playbook provides businesses with a framework for voluntarily reporting cyber incidents, particularly those involving AI systems. The Playbook and factsheet help organizations strengthen their cyber defenses and responsibly share information with government partners. While participation can be anonymous, it also signals an organization’s proactive steps towards improving internal cybersecurity measures, which may help the organization when breaches occur.  

Understanding the JCDC AI Playbook

The JCDC, created under the 2021 National Defense Authorization Act, is a public-private collaboration led by CISA. The collaboration includes industry leaders like Google and IBM, international partners like Australia and the United Kingdom and U.S. federal agencies.³ The JCDC published the Playbook to foster operational collaboration in response to cybersecurity threats involving AI systems such as data poisoning, adversarial inputs and other unauthorized model manipulation.     

Voluntary Information Sharing Mechanisms 

Central to the playbook is a framework for voluntary information sharing. It encourages proactive communication between JCDC partners (AI providers, developers and adopters) and CISA regarding cyber threats, vulnerabilities and incidents. Businesses can submit information through CISA’s secure online forms or by contacting JCDC directly. A detailed checklist in the Playbook fact sheet explains the process, which includes describing the incident or vulnerability, specifying affected systems, identifying indicators of compromise (IOCs) and suggesting mitigation strategies.⁴ 

Legal Protections for Reporting 

The Cybersecurity Information Sharing Act of 2015 (CISA 2015) ⁵ legally protects organizations that share cyber threat indicators and defensive measures with the federal government. These protections include exemption from disclosure under the Freedom of Information Act (FOIA), non-waiver of legal privileges and immunity from regulatory enforcement based on shared information.⁶ However, the information must qualify as a “cyber threat indicator” or “defensive measure” under the statute.⁷ 

CISA’s Role in Coordinated Response 

Once CISA receives the shared information, it aggregates, validates and anonymizes the data before conducting further analysis.⁸ This may involve enriching the data with internal intelligence and sharing it with industry, state, local and international partners (subject to dissemination controls like the Traffic Light Protocol (TLP)).⁹ CISA may use the information to initiate defensive actions, such as domain blocking, issuing alerts or coordinating response efforts among impacted stakeholders.¹⁰ 

Businesses Must Stay Vigilant 

In today’s rapidly evolving threat landscape, industry standards and best practices for cybersecurity are always shifting, especially as AI becomes more integral to critical infrastructure. Businesses should take reasonable, proactive steps to protect their systems and customer data. Voluntarily sharing information with CISA is a practical way to strengthen individual defenses and contribute to the collective resilience of the broader cyber ecosystem. In the future, participation may even become an industry best practice akin to cooperating with law enforcement in legal actions brought against companies after a breach. 

Conclusion 

The JCDC Playbook and Fact Sheet offer a blueprint for responsible, voluntary engagement between businesses and government on cybersecurity issues. By adopting these practices, organizations can reduce legal risk, enhance trust with customers and contribute meaningfully to national cyber defense efforts. In an environment where malicious actors adapt quickly and AI vulnerabilities are increasingly exploited, timely information sharing and collaborative defense are not just good practices, they are essential legal and practical safeguards. 

For more information, please contact Cory A. Chipman at cory.chipman@fmglaw.com or your local FMG attorney. 

1. JCDC AI Cybersecurity Collaboration Playbook (“The Playbook”), accessed June 25, 2025, https://www.cisa.gov/sites/default/files/2025-01/JCDC%20AI%20Playbook_1.pdf. ↩︎
2. JCDC AI Cybersecurity Collaboration Playbook Fact Sheet (“The Fact Sheet”), accessed June 25, 2025, https://www.cisa.gov/sites/default/files/2025-01/JCDC%20AI%20Playbook_FACT%20SHEET.pdf. ↩︎
3. The Playbook at 3–4. ↩︎
4. The Fact Sheet at 6–11 ↩︎
5. Cybersecurity Information Sharing Act of 2015, accessed June 25, 2025,  https://www.cisa.gov/sites/default/files/publications/Cybersecurity%2520Information%2520Sharing%2520Act%2520of%25202015.pdf. ↩︎
6. The Playbook at 8. ↩︎
7. “Cyber threat indicator” is defined in Section 102(6) of the CISA; “defensive measure” is defined in Section 102(7). ↩︎
8. The Playbook at 17. ↩︎
9. The Playbook at 9. ↩︎
10. The Playbook at 17. ↩︎

Information conveyed herein should not be construed as legal advice or represent any specific or binding policy or procedure of any organization. Information provided is for educational purposes only. These materials are written in a general format and not intended to be advice applicable to any specific circumstance. Legal opinions may vary when based on subtle factual distinctions. All rights reserved. No part of this presentation may be reproduced, published or posted without the written permission of Freeman Mathis & Gary, LLP.