A new executive order signed by President Trump directs the federal government to develop a benchmarking process to assess the cyber capabilities of AI models, and asks frontier model developers to voluntarily collaborate in the name of national security.
The developers would be subject to the yet-to-be-developed benchmarking test to determine if their pre-release models are considered “covered” by the order’s directives. If they are, the government would ask for up to 30 days of advance access prior to any public release.
Executive order stresses AI Models not subject to “mandatory” testing
The executive order instructs the National Security Agency, Department of Defense and other agencies to create a benchmarking standard to determine the degree to which AI models are a cyber risk that may impact national security, but stresses that it is not a “mandatory governmental licensing, preclearance, or permitting requirement” for developers.
Instead, developers will be asked to submit their AI models for review ahead of their public release. If they are determined by the new benchmarking standard to be a “covered frontier model” in terms of national security risk, the government will then ask for as much as 30 days for private review. This review may include “trusted partners” selected by the government, though the order does not provide much additional detail in this area.
Though the Trump administration has generally been very friendly to the developers of AI models, there has been some back-and-forth as of late on the issue of regulations pertaining to national security. In mid-May, a previous executive order that the president had been preparing was scuttled at the last minute as tech industry leaders made calls to lobby against it. That order centered on a similar requirement for a national security review of frontier models, but one that had more compulsory elements and a window of up to 90 days instead.
The administration has also had significant issues with Anthropic in particular, which was blacklisted from use by the Department of Defense after the company refused to allow its models to be used in autonomous weapons. This prompted the Trump administration to label the company as a “supply chain risk” in March, which means that all defense contractors must also verify that they do not use any of the company’s models in work done for the government. Anthropic launched a lawsuit against the government in response, and the issue was soon further complicated with the rollout of Mythos Preview and subsequent shockwaves it has sent through the cybersecurity world.
Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity at Suzu Labs, sums up the competing interests at play: “The challenge for policymakers will be finding the right balance between security, innovation, and competitiveness. Effective oversight can improve trust and resilience, but if domestic AI becomes meaningfully harder to develop or deploy than foreign alternatives, the result may be to push adoption toward less transparent and less governable platforms rather than reducing risk overall.”
National security concerns begin to clash with Trump’s “anything goes” policy toward AI development
To this point, the Trump administration’s policy has generally been to give developers of AI models as free of a hand as possible in the name of retaining strategic advantage over rival developers in China. However, the Anthropic situation and other developments appear to have prompted a review of the level of federal involvement in the name of potential domestic national security developments.
Though the executive order is vague, it appears to instruct the agencies involved (which include the Commerce and Treasury departments) to actively seek out and secure agreements with developers about testing their AI models. Some developers have already made public statements of support. Anthropic responded to the announcement by saying that it looked forward to working with the administration as the order is implemented, and OpenAI CEO Sam Altman praised it by saying it “got the balance right.”
This is also not the first effort to prompt developers to voluntarily give the government access to AI models in the name of national security. There has been some amount of federal testing in place since not long after ChatGPT launched the AI era in late 2022, mostly handled thus far by the U.S. Department of Commerce’s Center for AI Standards and Innovation. Microsoft, Google and X’s AI department have all previously submitted models for some manner of security testing, but details about this are also rather thin.
Critics note that while the Trump administration has been pressed into directly addressing AI issues outside of economic and military competition on the global stage, it still seems to have dug its heels in on adopting mandatory regulation measures. However, Diana Kelley (Chief Information Security Officer at Noma Security) notes that there is precedent for voluntary standards eventually becoming at least “de facto” requirements through a number of channels.
“Voluntary security programs can work, but only when they create real accountability. We’ve seen this in cyber before. Coordinated vulnerability disclosure began largely as voluntary cooperation between researchers and vendors, but it became more effective when organizations added clear intake channels, response timelines, safe harbor language and public accountability. Post-incident review models such as the Cyber Safety Review Board are also useful: they don’t regulate directly, but they can still create pressure, shared lessons and concrete recommendations. Industry frameworks like the NIST Cybersecurity Framework and the Secure Software Development Framework are also voluntary in many contexts, but they gain teeth when procurement, audits, insurers, customers and regulators start expecting them,” said Kelly.
Collin Hogue-Spears, Senior Director of Solution Management at Black Duck, additionally notes that the full-court press to “beat China” by ignoring the needs that regulation serves could turn into a competitive disadvantage of its own: “The administration already sent Congress a March 2026 AI legislative framework that calls for federal preemption of burdensome state AI laws. That framework has not become binding law. The Center for AI Standards and Innovation (CAISI), a division of NIST, already had voluntary testing agreements with Google, Microsoft, and xAI before this order. Mythos accelerated the administration’s return to pre-release model scrutiny, but the executive order expands the national-security audience, not the legal authority. It does not turn voluntary testing into a binding regime, and it does not create a national AI standard, and it does not displace the state-by-state rules already forming in Colorado, California, New York, Texas, and Virginia.”
“The unresolved policy question is whether Congress links pre-release AI review to procurement eligibility, export approvals, or both,” Hogue-Spears added. “Until then, the United States has a voluntary review lane while China and the European Union are shaping global AI governance conversations and defining the standards companies must build around. The U.S. framework has testing capacity, but it is still governing through voluntary review, executive orders, and a stalled legislative framework. Until Congress acts, voluntary review will not become market access, and federal policy will not preempt the state AI patchwork, which will make governance increasingly harder for every U.S. AI company shipping across state lines.”
