President Donald Trump outlined a hands-off approach to addressing cybersecurity threats raised by artificial intelligence under an executive order that calls for giving the US government voluntary access to AI models.
The directive was signed June 2, two weeks after the president postponed the measure over concerns that it risked stifling tech innovation. It stops short of mandating safety tests on cutting-edge AI models and instead seeks to make them available to the government with developers’ permission for a 30-day review period. It also calls for creating a clearinghouse for AI companies and agencies, including the Treasury Department and Pentagon, to exchange information about potential vulnerabilities.
In the works for weeks, the order makes clear that the government would refrain from acting as a gatekeeper for the emerging technology and that it would not be creating any sort of permitting or licensing mechanism for new AI models. It does, however, lay the groundwork for AI companies to have a close relationship with government agencies. Trump assigned the National Security Agency and other departments to work with AI labs on developing standards to determine whether a new model is advanced enough to merit early government access.
The highly anticipated policy had been a focus of debate within the administration, as officials weighed how much of a role the US government should play in testing new AI models before they are released to the public. Trump was scheduled to sign the order in late May but scrapped plans for a signing ceremony at the last minute, telling reporters he “didn’t like certain aspects” of the directive and worried it would undercut US competition against China in the AI race.
While Trump didn’t say at the time what changes he specifically wanted, he was facing pressure from the tech industry over the scope of the measure ahead of its release. His former AI and crypto czar, David Sacks, had raised objections personally to the president, including over a 90-day timeline for companies to submit their models that was in an earlier draft.
The order signed by Trump shortens the government’s access period to models before their release to a maximum of 30 days. It emphasizes voluntary participation by AI developers despite earlier deliberations about mandating government approval of new AI systems. On Tuesday, Sacks praised Trump for protecting innovation and signaled his support for the directive.
“The change in the EO from a 90 day to 30 day period is a game changer because it allows our AI labs to comply with the voluntary framework without delaying new model releases,” Sacks wrote on X.
The AI security push comes after Anthropic PBC revealed that its new Mythos model was extraordinarily adept at finding network vulnerabilities and could pose a major cybersecurity risk. The company had limited Mythos access to a handful of large technology and Wall Street companies, amid broader global alarm about the new threats it could pose, but on Tuesday it announced that the model would be made available to 150 additional organizations.
Anthropic’s Mythos breakthrough prompted the administration to accelerate existing efforts to craft AI policy that would address a range of cybersecurity questions, an undertaking led by White House Chief of Staff Susie Wiles. Wiles and other administration officials met in April with Anthropic Chief Executive Officer Dario Amodei, where topics discussed included Mythos.
Administration officials had pressed to make Mythos more widely available to federal agencies to test their networks for security flaws, and the order issued Tuesday calls for making it easier for federal, state and local offices as well as operators of critical infrastructure to access cybersecurity tools embedded in so-called frontier AI models.
The effect of the order remains unclear, with agencies and industry partners moving to fulfill key elements including where to set the bar for frontier AI models and how to establish a system for exchanging information between companies and the government.
John Thickstun, assistant professor of computer science at Cornell University, likened the order’s provisions to current industry practices where security researchers share information on vulnerabilities with vendors before software is released to allow time for a fix. Yet the order raises more questions than it answers, he said.
“It’s hard to see what outcome this EO hopes to achieve,” Thickstun said. “The proposed EO disclosure to the government isn’t directly actionable like a traditional vulnerability disclosure. What’s the government proposing to do with a model when it gets access 30 days early?”
Tuesday’s order also calls for the Defense Department to take more action to protect its information systems by collaborating with the private sector, without giving further detail on which companies it would have to collaborate with.
Since the start of the year, the Pentagon has been embroiled in a bitter dispute with Anthropic over safety guardrails the company insisted be included in its government contracts. Defense Secretary Pete Hegseth moved in March to remove the company from military workflows, but other parts of the government, including the NSA, have continued working with Anthropic.
Under the directive, AI developers could submit so-called frontier models to the government on a voluntary basis, to promote cybersecurity. The measure provides no specifics on safety testing.
Currently, the US Commerce Department already runs a voluntary program to evaluate AI systems before their release. Though Commerce is listed as one of the agencies involved in benchmarking, the order says that the director of the NSA will make decisions about which models may be included in pre-release government evaluations, in consultation with others.
As part of the existing Commerce Department program, Alphabet Inc.’s Google, Microsoft Corp. and xAI have agreed to give the US government access to their models. OpenAI and Anthropic were already part of the initiative, led by the Center for AI Standards and Innovation.
In the two months since Anthropic announced Mythos and said it was too powerful for a public release, the model has found 6,202 high and critical-severity vulnerabilities in open source software, according to the company. Anthropic has long said that other labs would soon catch up. Tests by the UK government’s AI Security Institute show that ChatGPT is one of the strongest models across cybersecurity-focused tasks such as reverse engineering, web exploitation and cryptography.
Photo: US President Donald Trump during a cabinet meeting at the White House in Washington, DC on May 27. Photographer: Samuel Corum/Sipa/Bloomberg
Copyright 2026 Bloomberg.
Topics
InsurTech
Data Driven
Artificial Intelligence
Cyber
