Although the fed has been taking actions to address AI risk assessment for critical systems and infrastructure, modern cybersecurity systems remain largely unprepared to combat AI risks.
Earlier this year, Anthropic’s frontier AI model known as Mythos, capable of finding and even exploiting software vulnerabilities, put new pressure on governments by demonstrating the power of advanced AI models.
The EO, “Promoting Advanced Artificial Intelligence Innovation and Security,” takes several key actions to protect critical infrastructure and information as AI advances in the U.S.
First, the order directs specific agencies to make the cyber defense of critical systems — national security systems, Department of Defense information systems, and civilian federal government information systems — a priority.
The secretary of Homeland Security, in coordination with other federal leaders, has 30 days to release Binding Operational Directives and guidance to expedite the cyber defense of these systems; to establish or expand federal cybersecurity programs and services that enhance AI-enabled defensive tools; and to facilitate access to cybersecurity tools for state and local authorities and operators of critical infrastructure. The tools for state and local authorities may include covered frontier models.
The order calls for establishing an AI cybersecurity clearinghouse to identify and remediate software vulnerabilities — within 30 days in “voluntary collaboration” with the AI industry.
The EO directs the Office of Management and Budget to identify funding opportunities for advanced AI cybersecurity capabilities; and it directs the Office of Personnel Management to expand hiring and placement pathways for federal cybersecurity roles. This contrasts with a previous action by the administration to shrink the federal workforce, hindering one of few cyber talent pipelines.
Notably, the order calls for the development of a classified benchmarking process against which industry can assess their models’ cyber capabilities. This process would establish the threshold at which an AI model would be designated a "covered frontier model.”
The EO calls for the federal government to establish a voluntary framework in collaboration with AI developers regarding covered frontier models. Developers would work with the federal government to determine whether models under development are considered covered frontier models; the federal government would have access to such models first for up to 30 days before their release.
The goal is to strengthen the security of critical infrastructure. However, the order underlines that this does not authorize the creation of any mandatory governmental licensing or permitting requirement for the development, release or distribution of AI models.
The order also calls for enforcement from the attorney general against people who use AI to illegally access or damage computer systems, steal data or conduct other criminal activity.
Early reactions to the EO as of Tuesday afternoon were mixed.
In a statement, Paul Lekas, executive vice president of global public policy and government affairs for the Software Information Industry Association, said SIIA “applauds” the voluntary framework to advance frontier model deployment.
But U.S. Sen. Mark Warner said in a statement that the EO represents the administration’s belated understanding of the need to rebuild something it previously dismantled.
“I salute the proposal for pre-deployment testing on a collaborative basis — just as I did when that idea was first advanced in the last administration’s EO, which was rescinded on Trump’s first day," Warner said, emphasizing that the damage done by dismantling "vital pillars" of the U.S.’s cybersecurity response cannot be undone.
The EO pushes for “desperately needed resources for state and local officials,” the Center for Democracy and Technology’s (CDT) Vice President of Policy Samir Jain said in an emailed statement. However, he also warned that the EO should not be used as a “mechanism for the Administration to punish companies for political or other arbitrary reasons,” noting that CDT will be monitoring implementation.
Americans for Responsible Innovation President Brad Carson dubbed the EO calling on federal agencies to establish policies on vulnerability detection and benchmarking “positive steps forward,” in a statement.
“The White House is officially Mythos-pilled,” Carson said.
The order did not come as a surprise; it had been in the works at least since May — though its ongoing refinement reportedly saw the window for pre-deployment testing shortened and a voluntary framework selected as others pushed for a mandatory one, according to reporting by Axios.
Trump has previously attempted to limit state-level AI regulatory authority. His AI framework, released in March, was criticized as a way “to protect Big Tech at the expense of everyday Americans.” However, an EO from January 2025 aimed to position the U.S. as an AI leader to “promote human flourishing, economic competitiveness, and national security.”
