What happened
The Trump administration is considering Shyam Sankar, chief technology officer at Palantir Technologies, to lead the Cybersecurity and Infrastructure Security Agency (CISA). Sankar has emerged as a lead contender for the long-vacant CISA director role, though a White House official disputed the potential selection after publication, saying that “at this time this is not accurate.” A Department of Homeland Security spokesperson also said there were no personnel announcements to make at this time.
Sankar, 44, has worked at Palantir for more than 20 years and served as the company’s chief operating officer for nearly 17 years before becoming CTO in 2023. CISA has not had a Senate-confirmed chief since Jen Easterly stepped down in January 2025. Sean Plankey, who had previously been nominated for the role, withdrew from consideration in April after key senators blocked a confirmation vote for several months.
The administration is close to nominating a director for the agency, which has been led by Acting Director Nick Andersen since February. Officials have said the next CISA leader should have the ability to recruit and focus on the agency’s existing authorities, with the goal of positioning CISA as a leader in cybersecurity.
The potential nomination comes shortly after the administration released an artificial intelligence executive order. CISA was named throughout the order as one of the key agencies responsible for implementing the president’s AI vision. The agency, which has faced workforce and budget cuts since Trump entered his second term, is also expected to release a binding operational directive outlining actions federal agencies need to take to move the order forward.
Sankar has previously been considered for a research and engineering role at the Pentagon. In a February opinion piece, he argued that AI should eliminate bureaucracy rather than add to it, and that AI should empower workers to move faster rather than slow them down.
Who is affected
Federal agencies, critical infrastructure operators, and private sector organizations that rely on CISA guidance could be affected by the agency’s leadership direction. While no operational change has been announced, the appointment of a permanent director could influence how CISA prioritizes cybersecurity authority, recruitment, AI implementation, and coordination across the federal civilian government.
Organizations that follow CISA directives and guidance should also pay attention to the agency’s role in implementing the administration’s AI executive order. The expected binding operational directive could shape near-term requirements for federal agencies and influence how cybersecurity leaders interpret federal expectations around AI-related cyber risk.
Why CISOs should care
CISA’s leadership matters because the agency plays a central role in federal cybersecurity guidance, critical infrastructure coordination, and government-wide implementation of cybersecurity directives. A permanent director could bring clearer direction to the agency after a long period without a Senate-confirmed chief.
The possible consideration of a senior Palantir executive also points to the administration’s interest in leaders with experience in data analytics, enterprise AI, defense AI, and large-scale technology systems. For CISOs, that matters because CISA’s next phase may be closely tied to AI implementation, federal cyber policy, and the security implications of emerging technologies.
The timing is important. CISA is expected to help implement the administration’s AI executive order and issue a binding operational directive connected to that work. CISOs should expect AI security, federal cyber coordination, and agency-level implementation guidance to remain closely linked in the coming months.
3 practical actions
- Track CISA leadership developments and prepare for possible policy shifts: CISA has been without a Senate-confirmed director since January 2025, and the administration is close to nominating someone for the role. CISOs should monitor the nomination process because new leadership could affect agency priorities, guidance, and the tone of federal cybersecurity coordination.
- Review how upcoming CISA directives may affect AI and cybersecurity programs: CISA is expected to release a binding operational directive tied to the administration’s AI executive order. Organizations that follow federal cybersecurity guidance should review whether their AI governance, cyber defense, and compliance programs are ready for new federal expectations.
- Strengthen internal visibility into AI-related cyber risk: Government officials are increasingly focused on both the cybersecurity threats and opportunities created by AI. CISOs should review where AI is being used across the organization, how AI-linked risks are being monitored, and whether security teams have clear ownership of AI-related cyber exposure.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.