‘We are now resolving more issues than we are finding,” Tech Secretary Snyder says
STATE HOUSE, BOSTON, March 11, 2026…..Cybersecurity vulnerabilities across the executive branch were “significantly reduced” last year, at a time when Massachusetts residents have become increasingly interactive online with state government, according to the state’s top technology official.
Massachusetts’ Security Operations Center (SOC) handled over 41,000 security events across the executive agency landscape in 2025, Technology Services and Security Secretary Jason Snyder told lawmakers while testifying at a Ways and Means budget hearing Monday in Barnstable.
“Over 400,000 vulnerabilities were mitigated — a figure that constitutes a 26% increase over calendar year 2024,” Snyder said. “In concert with these remediation efforts, the SOC took action to quarantine over 88,000 email messages before they could be opened. From a July 2025 baseline, we have averaged over 5,000 more mitigated vulnerabilities per month than have been discovered.”
The ability to lessen the risk of cybersecurity vulnerabilities within 30 days, from discovery to closeout, has risen year-over-year at a rate higher than the discovery of new vulnerabilities, “indicating we are now resolving more issues than we are finding,” Snyder said.
Gov. Maura Healey’s fiscal 2027 budget (H 2) funds the Office of Technology Services and Security at about $60.3 million. He called the funds “mission critical to state government operations” and said they “directly address the cost of delivering government services in a world where the front door to state government is digital.”
Healey’s proposal funds secretariat operations line item at just over $3.7 million, “technology shared services for the public” at more than $2.7 million, and “core technology services and security” at more than $53.8 million. The total allocation in fiscal 2026 sat at $60.6 million, while the fiscal 2026 projected spend is approximately $60.2 million, per the administration’s fiscal 2027 budget dashboard.
Two of the largest cost drivers within the office include annual software and hardware maintenance contracts and license renewal costs, which Snyder explained are increasing at a rate higher than inflation.
The Healey administration announced in February that under a contract with OpenAI it will phase in a ChatGPT-powered artificial intelligence assistant across the executive branch in an attempt to make government “faster, more efficient, and more effective.” The National Association of Government Employees was unhappy with the announcement, and said her administration is “rushing” the introduction of AI.
The state’s first constituent-facing generative AI tool, a “virtual assistant,” has helped 400,000 Registry of Motor Vehicles customers get answers to questions about licenses, registrations and Real ID since launching in April 2025, according to Snyder.
“This approach not only helped RMV surpass its Real ID compliance goal, but also created a platform that we have scaled to support other services and experiences, including [Department of Revenue] for personal income tax filing and child support services, applying for unemployment insurance, and accessing systems like EZDriveMA and MyMassGov,” Snyder said.
More than 3.3 million Bay Staters use the MyMassGov single sign-on, which averages 7.2 million sign-ons every month — a 65% increase in the number of residents using MyMassGov over last year, he added. The Department of Transitional Assistance’s SNAP, the Department of Family and Medical Leave’s paid family and medical leave, and the Office of Economic Development’s business experience are among future services and partnerships to be onboarded into the virtual assistant, according to Snyder. TSS also plans to consolidate MassDOT into its network soon, though it does manage and work with the agency on some services, Snyder clarified when questioned by lawmakers.
Cybersecurity risk is impacting Massachusetts municipalities particularly hard, Snyder acknowledged. While no municipalities have refused cybersecurity training, some just don’t apply for it, Snyder said when asked about the issue by Sen. Michael Brady.
“That was my first question when I came in is, like, ‘Why wouldn’t a municipality apply for free training?’ And we thought it was one of awareness,” Snyder said when Brady questioned him further about whether or not he’s then getting the word out to cities and towns that don’t apply. Along with trying to increase awareness and partnering with municipalities to provide them with services, the office holds Cyber351 forums to discuss the issue with municipal organizations and is encouraging regionalization among municipalities to enable “a greater degree of monitoring” and shared capabilities, Snyder explained.
