AI Grants for Cybersecurity Research: Where Defense Funding and Machine Learning Converge
February 24, 2026 · 5 min read
Jared Klein
Sixty million dollars a year from NSF alone. A $29.5 million DARPA competition that just crowned its winners. A $20 million NIST investment in AI centers built specifically to secure critical infrastructure. The federal government is spending at a pace that reflects a simple calculation: the same AI capabilities that make cyberattacks cheaper and faster are the only tools capable of defending against them at scale.
Searching for cybersecurity AI funding? See our AI Defense Grants page for current listings.
For researchers working at the intersection of machine learning and security, the funding landscape has shifted from scattered opportunities to a structured, multi-agency pipeline. The catch is that each agency funds a different piece of the problem, and proposals that land need to speak the right language for each one.
NSF SaTC 2.0: The Broadest Academic On-Ramp
The National Science Foundation's Security, Privacy, and Trust in Cyberspace (SaTC 2.0) program, solicitation NSF 25-515, remains the single largest open solicitation for university-led cybersecurity research in the federal portfolio. NSF expects to award approximately 75 grants per year from an annual budget of up to $60 million.
The 2.0 reboot added AI security as an explicit priority area. The solicitation now calls out generative AI security, open-source software security, quantum computing security, and supply chain security as topics of interest -- a direct response to threat categories that barely existed when the original SaTC launched.
Award sizes vary by track. CORE and Transition to Practice (TTP) proposals can request up to $600,000 for small projects (three years) or $600,001 to $1.2 million for medium projects (four years). Education-focused proposals cap at $500,000, with an extra $100,000 available for teams pairing cybersecurity experts with education researchers. Seedling (SEED) awards for early-stage ideas max out at $300,000 over two years.
The program runs on a rolling annual cycle. The next full proposal deadline is September 29, 2025, followed by January 26, 2026, and the last Monday of September and January each year thereafter. That recurring window makes SaTC one of the few cybersecurity programs where a missed deadline is not a year-long setback.
DARPA's AIxCC and the I2O Pipeline
DARPA settled its biggest bet on AI cyber defense in August 2025 when the AI Cyber Challenge (AIxCC) crowned Team Atlanta as the winner of its $8.5 million final competition at DEF CON 33. The two-year program awarded more than $29 million in cumulative prizes to teams building autonomous systems that identify and patch vulnerabilities in open-source code used by critical infrastructure.
The results were concrete: competing systems identified 54 synthetic vulnerabilities, patched 43 of them, and -- in an unscripted development -- discovered 18 real-world vulnerabilities that DARPA had not planted in the competition. DARPA and ARPA-H followed up with an additional $1.4 million to help winning teams integrate their tools into production software.
AIxCC is complete, but its parent office is still buying. DARPA's Information Innovation Office (I2O) released its FY2026 Office-Wide BAA (HR001126S0001), an open solicitation accepting white papers through November 30, 2026. The BAA explicitly solicits proposals in offensive and defensive cybersecurity, trustworthy AI, and complex software systems -- precisely the territory AIxCC explored through competition. Researchers who want to move from prize-based work to sustained DARPA funding should start here.
NIST and DOE: Securing the Infrastructure Layer
While NSF and DARPA fund research, NIST and the Department of Energy are funding the deployment side -- making sure AI-powered defenses actually reach the power grids, pipelines, and manufacturing systems that attackers target.
NIST committed $20 million to establish two AI Economic Security Centers in December 2025: one focused on U.S. manufacturing productivity, the other on securing critical infrastructure from cyber threats. Separately, NIST is investing up to $70 million over five years in an AI-focused Manufacturing USA institute. For small businesses, NIST's SBIR program allocated $3.19 million to eight companies in February 2026 for R&D across AI, quantum, and semiconductor security.
NIST also released a draft Cybersecurity Framework Profile for AI (NISTIR 8596) in December 2025 -- guidelines for applying the CSF 2.0 framework to AI systems. A public comment period is underway, and the initial public draft is expected in 2026. Researchers building tools that align with NISTIR 8596 will be well positioned for future procurement.
DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) funded nearly $23 million in projects through the Bipartisan Infrastructure Law to develop AI-based tools for detecting threats to clean energy systems. The $250 million Rural and Municipal Utility Advanced Cybersecurity Grant Program provides another entry point for teams working on operational technology defense.
IARPA and the Intelligence Community's AI Security Problem
The intelligence community's AI security needs differ from civilian agencies in a way that creates distinct funding opportunities. IARPA's TrojAI program, which spent six years developing defenses against adversarial attacks on AI models, is wrapping up in 2025. IARPA Director Rick Muller has signaled that the successor program will focus on large language models -- specifically, the risk of training data leaking classified information and the challenge of detecting bias and hallucinations in models deployed for intelligence analysis.
No formal BAA for the successor has been published, but IARPA's broad agency announcements page is where it will appear. Researchers with expertise in LLM security, training data integrity, or adversarial robustness should be tracking this closely. TrojAI demonstrated that IARPA funds multi-year, multi-million-dollar programs with genuine technical depth -- SRI International alone received $7.22 million for its TrojAI work.
DHS and the State-Level Cybersecurity Pipeline
The Department of Homeland Security's State and Local Cybersecurity Grant Program (SLCGP), administered by FEMA and CISA, distributed $1 billion over four years to state, local, tribal, and territorial governments. FY2025 made $91.7 million available through the SLCGP and an additional $12.1 million through the Tribal Cybersecurity Grant Program.
These grants do not fund basic research, but they create a downstream market for AI security tools. State governments receiving SLCGP funds are buying threat detection, vulnerability management, and incident response capabilities -- and increasingly, those capabilities are AI-powered. Cybersecurity startups and applied research teams building commercial tools should understand this pipeline even if they never apply to it directly.
Positioning a Proposal in a Crowded Field
The convergence of AI and cybersecurity funding is real, but so is the competition. Every agency has different expectations. NSF SaTC reviewers want rigorous methodology and reproducible results. DARPA wants systems that work in adversarial conditions, not just in controlled experiments. NIST wants standards-aligned tools with clear paths to deployment. DOE wants solutions that protect specific infrastructure categories.
The strongest proposals share one trait: they address a security problem that only AI can solve at the required speed or scale, rather than applying AI to problems that existing tools handle adequately. Autonomous vulnerability patching, real-time anomaly detection across millions of endpoints, and adversarial robustness for deployed models all clear that bar. An AI chatbot that summarizes threat intelligence reports does not.
For teams ready to move from tracking these programs to competing in them, Granted can match your lab's capabilities to the right solicitations and help turn a research concept into a submission-ready proposal before the next deadline window opens.
Sources: