President Donald Trump on Tuesday signed an executive order aimed at giving the U.S. government and its critical infrastructure partners early access to powerful new AI models.
The EO comes as policymakers, infrastructure operators and cybersecurity experts fret over the vulnerability-finding capabilities of frontier models such as Anthropic’s still-private Claude Mythos — and the security chaos those AI tools could cause in the wrong hands. It also comes two weeks after Trump scrapped an earlier version of the order following industry pushback.
The core of Trump’s two-part directive is an AI model pre-release review process designed to help government agencies and infrastructure providers prepare for the consequences of emerging AI capabilities.
The document gives the departments of Homeland Security and Treasury, the White House Office of the National Cyber Director and the National Institute of Standards and Technology (NIST) 60 days to determine what constitutes a powerful enough AI model that the government should seek early access to it. AI companies will use the criteria to identify models that warrant government evaluation. The government will then request up to 30 days of pre-release access to those models, along with early access for select critical infrastructure operators.
The pre-release review timeframe is the only part of the executive order that significantly differs from the directive that Trump abruptly decided not to sign on May 21. That document called for a review period lasting up to 90 days, but tech executives and some Trump advisers said that would be too long.
New direction for Trump’s AI policy
The executive order represents a striking about-face for the Trump administration on AI security. On his first day in office in 2025, Trump rescinded a Biden administration requirement for AI companies to submit their safety tests to the government, calling it overly burdensome and inimical to AI innovation. But Mythos’s debut upended the White House’s calculus on AI, forcing the administration to consider a new role for the government in evaluating the rapidly evolving technology’s growing risks.
The new AI model review process will be voluntary for companies, but as Trump’s earlier rejection of his own executive order revealed, there are still disagreements inside the administration about how involved the government should be in AI security.
“We're leading China, we're leading everybody, and I don't want to do anything that's going to get in the way of that lead,” Trump told reporters after scrapping the earlier directive, which he said “could have been a blocker” to AI innovation.
Leveraging AI for cyber defense
In addition to designing a model-review process, Trump’s executive order also directs the government to take several steps to improve the nation’s response to the tidal wave of vulnerability reports that AI is generating.
The order instructs the Treasury Department to work with the AI industry and the critical infrastructure community on a “clearinghouse” that will coordinate the nation’s approach to vulnerability discovery, validation and patching. It also instructs the Cybersecurity and Infrastructure Security Agency to direct other agencies to use AI to secure their networks and encourage critical infrastructure operators to do the same.
Other provisions deal with grant funding for AI-powered vulnerability disclosure and cybersecurity hiring at the recently launched U.S. Tech Force.
Questions about NIST testing effort
Despite the fanfare accompanying the new AI review process, the government has already spent years working with AI companies to test their models through NIST’s Center for AI Standards and Innovation.
NIST announced on May 6 that CAISI had signed new agreements with Google, Microsoft and xAI to conduct “pre-deployment evaluations” of their new models. The agency later took down that announcement without explanation.
