Ivan Shkvarun, CEO of Social Links and the author of the Darkside AI initiative, has analyzed national cybersecurity strategies across more than 130 countries and identified a consistent global shift in how governments approach cyber defense, artificial intelligence, and digital risk with one clear conclusion: AI is rapidly becoming the operational core of national cybersecurity, while a growing gap is emerging at the level of identity- and fraud-driven threats.
Over the past decade, national cybersecurity strategies have become nearly universal, growing from 76 countries in 2018 to around 127 in 2021 and reaching approximately 136 countries by 2025-2026 . At the same time, their structure and priorities have changed.
Earlier strategies were largely focused on resilience, incident response, and infrastructure protection. Recent versions increasingly include deterrence, disruption, and operational speed – moving from “build defenses and hope” to “deter, disrupt, innovate, and adapt at speed”.
Major Economies Put AI at the Center
This evolution is visible across major economies. The latest U.S. cyber strategy explicitly calls for “AI-powered cybersecurity solutions” and the use of “agentic AI” to scale defense and disruption, alongside a dedicated pillar focused on shaping adversary behavior . France’s 2026-2030 strategy identifies artificial intelligence systems among technologies that are actively increasing cyber risk, while EU policy frameworks emphasize “human-centric and trustworthy” AI with strong regulatory oversight.
In pre-2022 strategies, AI was rarely addressed in detail. In contrast, nearly all updated strategies from 2024 to 2026 include dedicated AI sections or references to its operational use and associated risks.
Dual Role of AI and Rising Threats
Governments are converging on a dual approach. AI is used to automate detection, accelerate response, and enable large-scale cyber operations. At the same time, AI systems themselves, including models, data infrastructure, and supply chains, are treated as critical assets that must be secured. This approach is reinforced by international frameworks such as the NCS Guide 2025, which explicitly calls for integrating AI into national cyber planning.
The scale of adoption is already measurable. According to World Economic Forum data, 77% of organizations globally use AI in cybersecurity, while 94% of cyber leaders identify AI as the primary driver of change in the field.
At the same time, attackers are adopting similar tools, pushing governments to plan for automated and AI-enabled threats operating at scale. However, Shkvarun highlights a gap that is less visible in official strategies. While most governments prioritize critical infrastructure and state-level threats, risks tied to AI-driven fraud, identity abuse, and impersonation remain underrepresented. This is happening despite the rapid growth of threats such as deepfake-enabled scams, synthetic identities, and automated social engineering and other areas that are already affecting businesses and individuals at scale.
Execution Gap Remains
A second gap appears in execution. While nearly all countries now reference AI in their cybersecurity strategies, only a small group (8 to 12 countries) has established dedicated funding, programs, and measurable implementation frameworks for AI in cyber. The majority continue to rely on general cybersecurity or IT budgets without specific allocation or performance metrics.
Taken together, these trends point out that national cybersecurity strategies are evolving into integrated doctrines that combine security policy, technological development, and economic positioning. Across jurisdictions, AI is treated both as a capability that enhances cyber operations and as a source of systemic risk that requires governance and control.
“Governments are moving faster and becoming more proactive, and AI is central to that shift,” said Shkvarun.