A U.S. Senator has introduced the Combat Emerging Threats to Critical Infrastructure Act of 2026, which would require CISA to update sector-specific cybersecurity plans for all 16 critical infrastructure sectors to address AI-enhanced attacks, AI supply chain vulnerabilities, deepfake social engineering, and quantum-enabled cryptographic threats. No action is immediately required, but GRC teams should assign a policy owner to monitor bill status and initiate gap assessments against the four named threat categories now to avoid compressed compliance timelines if the bill passes.