The rush to add artificial intelligence into software, systems, websites and applications is creating new data risks that merit updated policies and broader education and training at electric cooperatives, cybersecurity leaders told attendees at NRECA’s Co-op Cyber Tech Conference.

“AI will be more revolutionary than you think,” said Patrick Miller, CEO of Ampyx Cyber, at an AI-focused breakout session. “It will happen faster than you think. Adversaries are hitting the accelerator. If we tap the brakes, we will be behind. Put on a seatbelt, understand the risks, involve senior leadership.”

Carter Manucy, NRECA cybersecurity director, told the group that they may want to consider an AI policy and that NRECA is making a sample AI policy available to voting members and their attorneys to tailor it to their cybersecurity needs.

“This can give co-ops somewhere to start,” he said.

Miller said co-ops should assume that their staff, vendors and contractors are all using AI—knowingly or unknowingly—and that AI can be manipulated even if software or sites are marked “private.”

“AI is the golden retriever of the internet—it wants to come back with an answer,” Miller said.

Beneficial uses of AI, he said, include automated patch management that can streamline software repairs and security updates, prioritize fixes and terminate harmful processes that may create system vulnerabilities. AI also excels at identifying patterns and anomalies.

But AI can also be used to create malicious scripts and slam firewalls tens of thousands of times per day, Manucy said.

“Phishing emails are getting really, really good” because of AI data mining and development, he said.

Miller and Manucy noted several considerations for co-ops as they seek to mitigate risks associated with AI, including:

  • Setting up and enforcing robust data governance policies.
  • Conducting phishing training focused on new AI risks.
  • Updating AI models and systems to defend against new cyberthreats.
  • Developing strategies for monitoring and auditing AI systems to meet cybersecurity regulations and standards.

“Someone in your co-op should be learning about AI; then they need to translate clearly what is happening,” said Miller. “You need an AI champion.”

For more information on the NRECA sample AI policy, please contact Assistant General Counsel Katherine Sargent at