In this issue, we explore AI-enabled cyberattacks, a new web tool, and making the most of security partners. ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
View in browser
ESX News Header

February 11, 2026

TLP:CLEAR

In This Issue:

  • Situation Room: Artificial Intelligence executed a large-scale cyberattack with minimal human involvement. This exponentially increases the threat to election offices lacking strong cybersecurity basics.
  • Resource Library: The Election Security Planner is a web tool to help identify gaps in your office's cybersecurity and guide you to products and services that can help you fill them. 
  • Planning Desk: Your security partners provide better support when they understand what you do, use, and need. Make those lists this week.
Header text: Situation Room

AI-Orchestrated Cyber Attacks

 

In late 2025, a state-sponsored actor manipulated a generative AI tool into executing a large-scale attack with minimal human involvement. The AI tool executed all phases of the attack from finding vulnerabilities to stealing data, with humans providing only new prompts in each phase. Anthropic, the makers of the AI tool, detected and disrupted the attack, and then reported on their findings here.


Why does it matter for elections? AI attacked at a speed and scale previously unthinkable. The vulnerabilities of any election office with an underdeveloped cybersecurity program are more likely to be found and exploited.

Details: Anthropic assessed that a Chinese-sponsored group manipulated Anthropic's Claude Code into functioning as an autonomous penetration tester. The AI independently executed 85% of the attack while humans only provided strategic direction at key points.

The operation successfully compromised high-value targets, including major technology companies and government agencies, querying databases to steal sensitive data.

 

What made this different: Previous cyberattacks used AI as an advisor. This attack used AI as the primary operator, coordinating publicly available tools - network scanners, password crackers, and database tools - to extract sensitive data. The AI operated at physically impossible request rates, rarely needing to pause for human direction. This scale and speed create a fundamentally different landscape.

 

How Protections Against AI Misuse Failed: The AI tool believed hacker claims that they represented a legitimate security firm conducting approved testing.

 

Defensive Actions You Can Take:

  • Lock down credentials. Use unique, long passwords; enable multi-factor authentication on all accounts and critical systems; and regularly change passwords for accounts with special access.

  • Share and report. Work with your state and federal partners, and contact your FBI Elections Crime Coordinator about suspicious automated activity.  

Actions Your IT Guru Can Take

NOTE: This portion is not in plain language as it is intended for your IT support personnel.

  • Audit and harden remote access. Review VPNs, remote desktop services, and web applications for strong authentication and correct settings.
  • Watch for anomalies. Look for rapid logins across your systems or unusual database queries.
  • Segment networks. Limit lateral movement between election systems.
  • Set baselines and practice. Know normal activity, update incident response plans for AI-driven attacks, and test with realistic exercises.

 

The Situation Room focuses on real security incidents and threats in the news relevant to election security. To review previous issues, see the newsletter archive.

Header text: Resource Library

Election Security Planner

 

The Election Security Planner (ESP) tool is a web application that helps you find gaps in your cybersecurity efforts with quick yes or no questions. You answer them and click through to a list of your cybersecurity gaps and suggestions for services that address them.

 

The ESP tool mirrors our Pay-For Cybersecurity Services brochure in focusing on six essential and eleven advanced cybersecurity services:

Basic Services Advanced Services
Staff Training and Awareness Encrypted/Offline Backups Intrusion Detection
Multifactor Authentication Software and Patch Mgmt. Penetration Testing
Vulnerability Scanning Log Management Ransomware Readiness
Protective DNS Security Info/Event Mgmt. Threat Intel
Phishing Assessment Network Monitoring Zero Trust Architecture
Endpoint Detection/Response Network Segmentation

The ESP tool's questions are technical. You likely will want to work with an IT staff member, partner, or vendor to complete the questionnaire and assess the suggestions the tool gives you.

 

Key Features of the ESP Tool

  • Questionnaire Preview: Download the questionnaire to review with your IT partner before using the tool.

  • Private and Secure: Your answers are not stored or transmitted; responses are only saved temporarily in your browser and deleted when the tab is closed.
    • The tool is hosted by the Partnership for Large Election Jurisdictions (PLEJ).
  • Yes/No Format: Answers lead directly to provider suggestions.
  • Prioritized Recommendations: Your security context dictates the prioritized list of suggested services.
  • Detailed Service Info:
    • Description of the service
    • Estimated cost range (from small to large jurisdictions)
    • Implementation effort level
    • Links to competing vendors
  • Downloadable Output: Save or print your results as a PDF.
  • Additional Resources: Links to guides on integrating new services and technologies, leading cybersecurity conversations, and navigating state procurement options.

The Resource Library section of the newsletter spotlights election security resources. All highlighted resources are available online in the Resource Library.

Header text: Planning Desk

Planning Desk Week E-38: Know your security needs!


Identifying your election assets and detailing how your office works will allow your security partners to understand the risks to your election equipment, people, processes, and systems, so that together you can build a robust plan for emergencies

    • Step 1: Dedicate 15-20 minutes to document the people and tools you rely on in the various operational areas of your office and backup resources you might need in an emergency. While you may not be able to address every area, we suggest starting today by addressing two. The Elections Group offers this way of sorting elections into operational areas:
      • Leadership, Personnel & Poll Workers
      • Central Facilities
      • Cybersecurity, IT & Communication Networks
      • Physical Security & Chain of Custody
      • Voter Registration & Office Data Needs
      • Voting Sites
      • Voting Equipment, Systems & Resources
      • Tabulation & Results Reporting 

    • Step 2: Draft a list for each operational area that gathers the information below.
      • Operations can be impacted by many types of disruptions. What work must continue during an incident?
      • List the assets - equipment, facilities, people, systems, and tools. What does it take to get the job done?
      • Backup resources keep operations going during an incident. What do you already have? What can security partners provide? What do you wish you had?

    Assets & Resources Examples
    People & Roles Internal: Clerks enters voter registration data

    External: Poll Worker Chairperson sets up polling place
    Tools Voter Registration System; Election Equipment; Delivery Vehicle
    Backups Communication Tools; Generators; Laptops; Off-site Internet Access

    • Step 3: Repeat this process for remaining operational needs.

    • Step 4: Share these lists at your first meeting. Walk through them with your security partners, elaborating so that everyone gets the full picture of your concerns and needs.

    Need more tips? Check out our It Starts with a Team: Building Your Election Security Working Group guide as well as the Emergency Readiness Guide from The Elections Group. 

     

    Want help facilitating your first meeting? Contact us at newsletter@securingelections.org.

     

    The Planning Desk is a running timeline of key election security tasks. As we publish future issues, you can find prior editions in the newsletter archive.
    LinkedIn
    YouTube
    Email
    Website

    Copyright © 2026 Election Security Exchange. All rights reserved. TLP:CLEAR

     

    You are receiving this email because you subscribed to the Election Security Exchange Newsletter.

     

    Find this useful? Pass it along and invite other election teams to subscribe.
    Subscribe

    Election Security Exchange

    712 H Street NE, Suite 2456

    Washington, DC, 20002, United States

    Unsubscribe Manage Preferences