Assessing Trump’s Executive Order on AI Oversight

U.S. President Donald Trump on June 2 signed a long-awaited executive order on AI. The order, titled “Promoting Advanced Artificial Intelligence Innovation and Security,” marks a shift by the administration toward federal oversight of AI.

According to the order, “It is the policy of the United States to promote AI innovation and security by working collaboratively with the private sector to modernize government and private sector information systems and harden them against external threats; to protect American ingenuity and intellectual property from exploitation and theft by adversaries; and to cultivate America’s advanced AI-enabled capabilities.”

Among other measures, the order requests that AI companies voluntarily provide the federal government access to “covered frontier models” for a cybersecurity review up to thirty days before their planned release to “other trusted partners.” Its passage comes as concerns have mounted over the ability of some powerful AI models, such as Anthropic’s Claude Mythos, to autonomously identify and exploit hidden vulnerabilities in real-world software.

CFR turned to two in-house experts to unpack Trump’s new executive order on AI.

New Order Is a Good Start, but More Robust Policy Is Needed

Matthew Ferren is an international affairs fellow in national security at the Council on Foreign Relations, sponsored by Janine and J. Tomilson Hill.

President Trump’s June 2 executive order on AI and cybersecurity follows an earlier version he nearly issued in May—then pulled over concerns that its ninety-day review window would blunt U.S. labs’ competitiveness with China. The signed order cuts that review period to thirty days but otherwise retains much of its predecessor’s structure. It reflects an administration trying to sustain its deregulatory, innovation-first posture while confronting the novel cyber risks posed by powerful new tools like Anthropic’s Claude Mythos Preview.

The order is best understood as an attempt to engineer a cybersecurity window of opportunity. It grants defenders preferential access to frontier cyber capabilities while attempting to delay adversary access through a prerelease evaluation period and a classified National Security Agency-run process for designating “covered frontier models.” A U.S. Treasury-led clearinghouse would facilitate government collaboration with AI firms, technology companies, and critical infrastructure operators to discover vulnerabilities in widely used software products and coordinate the broad dissemination of patches to fix them. The goal is for defenders to find and fix critical vulnerabilities faster than adversaries can exploit them, but that will likely prove difficult.

For defenders, finding vulnerabilities is often the easy part. Consistent patching remains an unsolved problem, particularly for open-source projects and under-resourced critical infrastructure operators such as school districts and water treatment facilities, many of whom remain more vulnerable to basic cyber hygiene shortfalls than to any AI-discovered vulnerability. The federal government, which has cut its cybersecurity workforce substantially over the past year and a half, will struggle to coordinate a nationwide software hardening campaign. The prominent operational role assigned to the Treasury Department, relative to more obvious parties like the Cybersecurity and Infrastructure Security Agency or the Office of the National Cyber Director, may reflect that it is one of the few places where institutional capacity remains.

The window for erecting proper cyber defenses to new AI models may also close quickly. Even when well implemented, pre-deployment testing has limits. It will likely prove difficult to develop models that are incapable of malicious hacking yet remain commercially compelling. U.S. frontier labs for AI will likely participate in the testing regime voluntarily—if only to forestall more invasive regulation later—but other models may soon replicate their cyber capabilities. Google’s threat intelligence team has documented state-aligned actors already using frontier models to automate cyberattacks, and researchers have shown that Mythos-style vulnerability reasoning can be reproduced with open-weight systems.

The order may yield short-term cybersecurity benefits, but its long-term effect on the marginal costs of compromise is less clear. Ransomware gangs may still find it cheaper to buy stolen credentials or off-the-shelf malware than to develop bespoke AI-driven exploit chains, and the most capable state actors, including China, already find it easy to penetrate poorly defended critical infrastructure networks.

The order also comes as the Pentagon pushes to integrate frontier AI into military operations. Officials have credited Palantir’s Maven system, which incorporates Anthropic’s Claude, with compressing the targeting cycle in Iran from days to minutes. Meanwhile, the Pentagon is seeking nearly $30 billion to build its own AI infrastructure, and is pursuing AI-augmented offensive cyber operations. Yet in February, it designated Anthropic a “supply-chain risk” after the company declined to waive its restrictions on mass surveillance and fully autonomous weapons—then kept using Claude as it struggled to find a replacement.

The conflict with Anthropic and the delayed release of this order reflect an unresolved disagreement within the Trump administration over how to compete with China on AI. Is the answer to race ahead, freeing U.S. companies from regulation and countering Chinese efforts to catch up? To assert government control over AI and harness it for military advantage? Or to act now to mitigate the worst risks—cybersecurity and otherwise—that frontier AI poses?

This order marks an important first step toward addressing those risks, but the administration will need to find a more comprehensive approach to integrating its cybersecurity goals with national military and economic policy.

The AI Security Executive Order Is Finally Here. The Hard Part Begins Now.

Vinh Nguyen is a senior fellow for AI at the Council on Foreign Relations.

President Trump’s order supplies the institutional framework for reviewing new frontier AI systems. Its most consequential provision is also the most difficult to execute: defining what counts as a “covered frontier model.”

Defining frontier AI capabilities is not trivial

Frontier AI systems are probabilistic, goal-directed, increasingly autonomous, and opaque. They do not have fixed capability ceilings. They exhibit emergent behaviors that shift with scale, fine-tuning, software support structures, and deployment context. A model that appears unremarkable in isolated testing could become a potent cyber tool when integrated into an autonomous pipeline with access to real-world digital infrastructure.

The covered frontier model designation needs to be understood as covering not just a model in isolation but an AI system—including its integrated models, data pipelines, and deployment architecture—performing at the state of the art in domains relevant to national security: autonomous operations, cyber operations, scientific reasoning. The trigger for review is a system that presents novel or unresolved assurance challenges across security, reliability, confidentiality, or defensibility. Too narrow, and genuinely dangerous capabilities ship without evaluation. Too broad, and the evaluation process exhausts the limited talent available to do this work.

Underneath the definitional problem sits an observability problem. The government cannot assess what it cannot see, and frontier capabilities are visible only to the labs that build them. The executive order’s voluntary framework—where developers grant the government secure access to covered models up to thirty days before their release to trusted partners—is the mechanism that converts that opacity into observability. Whether it works depends less on the legal text than on whether both sides treat that access as genuine collaboration.

Collaboration is also a generational opportunity

This is fundamentally different from evaluating a weapons system or network equipment, and the community has no established tradecraft for it. Classified cyber benchmarking, voluntary prerelease evaluation, and coordinated vulnerability scanning are among the first institutional exercises in skills the national security community will need for decades: how to continuously evaluate systems that are probabilistic rather than deterministic, autonomous rather than directed, and whose capabilities change with every update.

The framework corrects blind spots in both directions. The frontier labs tend to see existential risk in every corner without the national security experience to judge which risks are actionable. The national security community, still building fluency in frontier AI, tends to see risk everywhere without the technical depth to separate genuinely novel threats from familiar ones. A framework built for honest exchange rather than performative reassurance lets the United States concentrate on threats and risks that are both credible and consequential—and begins to rebuild trust between Silicon Valley and Washington at a moment when the relationship needs it.

What remains to be seen is whether the classified benchmarking process can evolve at the pace the technology demands. Frontier AI capabilities advance on a timeline measured in months, not years. The institutions charged with evaluation will need to match that tempo or they will assess yesterday’s models against yesterday’s threats.

The executive order asks the right question: How does the United States evaluate the most powerful AI systems for national security risk while preserving the innovation advantage that produced them? The answer will be written in the benchmarking methodology, the quality of the lab-government collaboration, and whether the national security community treats this moment as an opportunity to master frontier AI capabilities.

This work represents the views and opinions solely of the authors. The Council on Foreign Relations is an independent, nonpartisan membership organization, think tank, and publisher, and takes no institutional positions on matters of policy.