SITUATION REPORT. President Trump signed an executive order Tuesday that asks AI companies to hand their frontier models to the federal government for review before public release. According to The Verge AI, the order creates a “voluntary framework” meant to “promote secure innovation and strengthen the cybersecurity of critical infrastructure.” Translation: the most powerful models get a security look before they hit the wild, and Washington wants the first read.
This is a shift. For most of this administration, the AI posture was hands-off, light on guardrails, heavy on beating China. That posture just moved.
What the order actually does
- Directs several federal agencies to build a framework that assesses the “advanced cyber capabilities” of AI models before release.
- Keeps sharing voluntary. Companies decide whether to participate, and the window is up to 30 days before public launch.
- Offers a carrot: confidentiality protections for firms that choose to share.
- Orders the government to harden its own cyber defenses, with priority on critical infrastructure.
- Draws a hard line. The order explicitly says it is not mandatory licensing or preclearance.
That last point matters. This is oversight by invitation, not by mandate.
Why this matters
The core tension here is old: innovation speed versus security risk. The order itself says US AI succeeded partly because the country refused “to stifle this innovation with overly burdensome regulation.” Then it admits new capabilities bring new dangers. So the White House is trying to thread the needle, get visibility into frontier risk without slapping a permit regime on the industry.
What stands out is the timing. The Verge AI reports Trump postponed an earlier version of this order at the last minute, worried it could “get in the way” of competing with China. That earlier draft floated a 14 to 90 day sharing window. The signed version trimmed it to 30. Lighter touch, same direction.
The lineup
The pre-release review pipeline runs through the Commerce Department’s Center for AI Standards and Innovation, or CAISI. Here is who is already in:
- Google, Microsoft, and xAI agreed last month to allow CAISI pre-release review.
- OpenAI and Anthropic signed on back in 2024, under President Biden’s earlier AI safety push.
So the five biggest names are now inside the tent, two of them since the previous administration. The framework formalizes what was already taking shape.
The Mythos factor
One event seems to have moved the needle. Anthropic’s limited April rollout of its Mythos model flagged, in the company’s words, “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.” That is a live demonstration that frontier models can find real holes in real infrastructure. It is hard to call AI cyber risk theoretical after that.
Mythos also looks like a diplomatic opening. Anthropic had been in a legal fight with the Pentagon over AI use in autonomous lethal weapons and mass surveillance. This order reads as a thaw.
The reaction
Praise came from a corner you might not expect, groups that have fought against state-level AI restrictions.
- Americans for Responsible Innovation President Brad Carson: “The White House is officially Mythos-pilled,” adding the administration is taking AI vulnerabilities seriously.
- Alliance for Secure AI CEO Brendan Steinhauser said his group is “pleased to see that the Trump administration is taking the risks of these models seriously.”
Both men want more. Each urged Congress to codify mandatory protections rather than leave this voluntary.
What to expect next
Watch three things. First, the framework itself, which the agencies still have to write, so the real teeth are TBD. Second, whether “voluntary” holds or whether Congress moves to make sharing law. Third, how the China-competition argument gets used to widen or narrow the rules from here.
For practitioners and AI builders, the message is simple. Frontier capability now comes with a security expectation attached, and the federal government has a seat at the pre-release table. Plan your release timelines and your security disclosures with that in mind.
More detail is available in the original report from The Verge AI.