AI-Driven Threat Intelligence: Evaluating Machine Learning for Real-Time Cyber Threat Sharing Among U.S. National Security Agencies

Abstract

This study explores how artificial intelligence, specifically machine learning and federated learning, can support secure and real-time threat intelligence sharing among national security agencies in the United States. The core idea was to evaluate whether decentralized machine learning systems could help multiple agencies detect and respond to cyber threats more quickly, without forcing them to share sensitive raw data. The approach was built in three phases. First, we trained several supervised learning models independently on each agency’s data to understand their predictive capabilities. That gave us a baseline for how each agency’s threat signals behaved in isolation. In the second phase, we introduced a federated learning setup, allowing models to be trained collaboratively across agencies without data ever leaving its original environment. This was combined with privacy-preserving techniques like secure aggregation and differential privacy to meet the high-stakes security demands of national defense. The third phase focused on explainability, using SHAP values to interpret model predictions and help agencies understand not just what the model predicted, but why. What stood out was that while individual models showed promising results, their performance and generalization improved substantially in the federated setup. And when explainability was layered in, the models became more trustworthy, helping bridge the gap between AI automation and operational decision-making. This isn’t about just building smarter threat models. It’s about enabling a shift from siloed, reactive defense to a more coordinated, real-time security posture. The architecture we tested is not purely theoretical; it’s a practical framework that could be deployed in government settings today. As cyber threats grow in complexity and speed, so must our tools for responding to them. This study shows that AI can be part of that shift, not by replacing human analysts, but by giving them faster, clearer, and more secure ways to see what’s coming next.