President Donald Trump signed an executive order on Tuesday establishing a voluntary framework for AI developers to submit their most advanced models to the federal government for cybersecurity testing. The move follows months of deliberation and internal friction within the White House regarding the balance between national security and technological innovation.
Under the new order, companies such as OpenAI, Google, and Anthropic may grant government agencies access to their most capable models for up to 30 days prior to a product launch. This timeline marks a middle ground in a broader industry debate, following reports that the original draft proposed a 90-day window while tech firms advocated for a 14-day limit, according to France 24.
Security concerns drive policy shift
The policy was spurred by concerns surrounding Anthropic’s "Mythos" model. The startup has withheld the model from the public, citing its potential to identify critical security flaws in computer systems, including those utilized by hospitals, banks, and government infrastructure.
To manage these risks, the order mandates that the Treasury, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) establish an "AI cybersecurity clearinghouse." This body will work with private industry and infrastructure operators to scan for software vulnerabilities and prioritize necessary security patches.
Internal White House support for the measure fluctuated recently. Politico and other outlets reported that David Sacks, the president’s AI and crypto advisor, initially opposed the order, warning that it would impede American competitiveness in the race against China. Sacks later stated on X that "unnecessary regulation is the biggest threat to innovation in America," arguing that the industry must clear "bureaucratic hurdles" to remain dominant.
This executive order replaces the Biden-era oversight framework, which Trump rescinded on his first day in office. While the previous administration’s policy required companies to share safety test results, it relied heavily on voluntary commitments. Unlike the European Union’s AI Act, which enforces mandatory transparency and safety testing for high-risk systems, the new U.S. approach maintains a voluntary structure for developers.
