Memphis, Tenn., now relies on an AI email assistant to help employees spot and report dangerous phishing emails, which one IT official said cuts the time it takes for the city to identify and contain potential threats.
The city has adopted something known as an AI copilot, which automates some of the previously manual work of flagging and processing problematic emails. This, of course, is a key part of the city’s cybersecurity planning, as email is often a gateway for bad actors. And of late, bad actors are increasingly using AI to create more threatening phishing campaigns.
“These attacks are getting sophisticated, and we now have AI,” Deputy CIO Augustine Boateng told Government Technology. “These attackers try to use AI to circumvent some of the controls we’ve put in place.”
They’ve teamed with a vendor to try to make their own email more secure. Themis AI Copilot is a platform developed by the Atlanta-based company IRONSCALES, and it is embedded with Microsoft Outlook. Memphis adopted it shortly after its release in 2023. Boateng said they wanted to augment staff time spent on handling suspicious emails.
He advised other jurisdictions to focus on email security as well, and when working with a vendor product, to “make sure it fits into your security plan and make sure it’s going to meet policies that you’ve put into place to protect your environment.”
The Themis AI Copilot also offers employees real-time security guidance. According to IRONSCALES, it uses phishing simulations and end-user reporting tools to help staff recognize and report suspicious activity.
This is a prime example of the public sector’s movement toward AI-driven cybersecurity tools, similar to Los Angeles County’s adoption of Abnormal AI’s email security automation. Boateng said that having secure email is a way to foster trust with end users, ranging from city staff to constituents.
“If you’re not protecting the way you communicate with your constituents or whomever,” Boateng said, “and they see that you don’t take that communication seriously, then the trust goes away.”
The focus on trust extends to Boateng’s broader leadership role over the city’s technology operations. His responsibilities include IT operations, enterprise applications, project management and information security. He sets strategy with the city CIO and leads teams that put those plans into action, including an information security manager who handles the engineering and implementation side of the cyber program.
The Information Technology Department, which has about 105 people serving 8,000 city employees, recently did a tabletop exercise to evaluate the incident response plan and identify areas for improvement.
“The plan is there, but if you don’t test it, then you never know where you fall short,” Boateng said.
He also stressed improvement, communication, training and identifying assets.
“One thing I tell people: ‘Know your assets.’ Know what’s in your environment, what is connected to your environment and really pay attention to that,” Boateng said. “Train your people. Train your staff. It shouldn’t just be a tech checkbox to meet some regulatory requirement, but it should be a culture that you inculcate into your team.”
