President Trump signed a new executive order Tuesday directing the U.S. National Security Agency to develop a classified benchmarking process for assessing the cyber capabilities of commercial AI models—and inviting developers of the most powerful systems to submit those models for government review up to 30 days before wider release.
The order, titled "Promoting Advanced Artificial Intelligence Innovation and Security," lands on the same day that Anthropic disclosed a confidential SEC filing for an IPO, with OpenAI reportedly eyeing a similar offering later this year.
The timing is not incidental. As frontier AI labs approach public markets, the federal government is moving to formalize its relationship with the technology—and with the companies building it.
The order operates across four sections. Section 2 sets 30- to 60-day deadlines for hardening federal systems: CISA must issue Binding Operational Directives to accelerate civilian network defense and expand AI-enabled defensive tools; a new AI cybersecurity clearinghouse, coordinated by Treasury, NSA, and CISA, will centralize vulnerability scanning, discovery, and patch distribution across critical infrastructure. Rural hospitals, community banks, and local utilities are specifically named as intended beneficiaries—a signal that the order's authors are aware of the security gap between large federal agencies and the rest of the critical infrastructure ecosystem.
Section 3 is the most novel. The NSA gains authority to classify, benchmark, and designate advanced AI models as "covered frontier models." Developers who voluntarily participate can engage the government to determine whether their model meets that threshold, then provide pre-release access for up to 30 days before broader distribution. The government can also help select "trusted partners" who receive early access during that window. Section 4 directs the Attorney General to prioritize prosecution under existing computer fraud and wire fraud statutes when AI is used to commit an offense.
One terminological note: the order references the "Secretary of War"—the renamed title for the Secretary of Defense, formalized under the current administration—and tasks that office with cyber defense of the Department of War's information systems, in coordination with the Committee on National Security Systems.
The order is explicit that nothing in Section 3 authorizes a mandatory licensing, preclearance, or permitting regime. That constraint is not merely a policy choice; it reflects the boundaries of executive authority.
Collin Hogue-Spears, Senior Director of Solution Management at Black Duck, put it plainly: "Voluntary is not the policy floor. It is the legal ceiling on executive AI review without Congress. Existing national-security statutes offer no obvious basis for compelled model submission."
Hogue-Spears noted that China required filings for generative AI services through its Cyberspace Administration in 2023, and that the EU's AI Act imposed documentation and cooperation obligations on general-purpose AI models in August 2025. The U.S., by contrast, is building a voluntary review lane because the statutory authority for a mandatory one does not yet exist. The administration sent Congress an AI legislative framework in March 2026 calling for federal preemption of state AI laws, but it has not become law.
[RELATED: Major U.S. AI Labs Now Subject to Pre-Release Government Security Reviews]
Until it does, the practical stakes are limited. As Hogue-Spears noted, the unresolved question is whether Congress eventually ties pre-release AI review to procurement eligibility or export approvals. Without that linkage, voluntary review does not become market access—and federal policy cannot preempt the state-by-state AI regulatory patchwork forming in Colorado, California, New York, Texas, and Virginia.
Even a voluntary framework with the NSA at the center represents a meaningful shift.
Ram Varadarajan, CEO at Acalvio, framed it as a structural industry transition. "The formalization of government pre-release reviews is marking the end of AI's 'Wild West' era," Varadarajan said. "Geopolitical alignment and national security clearances are going to become as critical to a frontier lab's valuation as its raw compute. It's a transition that's going to transform frontier AI from a pure-play tech bet into a regulated strategic industry."
Merlin Group's Robert Costello took a more measured but still positive view. According to him, the pre-release window gives the government a meaningful opportunity to identify concerns before they become operational problems, rather than responding after the fact.
Whether the government can actually fulfill the benchmarking role envisioned in the order is a different question.
Rajeev Gupta, Co-Founder and CPO at Cowbell, was skeptical, saying "Even with a review window, it's unclear which agency would have the technical expertise and staffing needed to properly evaluate these systems at the pace AI is advancing." Gupta pointed to the nuclear industry's post-Three Mile Island creation of the Institute of Nuclear Power Operations as a possible model—a public-private consortium in which labs contribute funding, talent, and technical resources, while the government provides regulatory authority. "Supporting an independent body that helps ensure accountability should be viewed as a core cost of operating at frontier scale, and not just as a regulatory burden," Gupta said.
Several cybersecurity practitioners emphasized that pre-release model review, while useful, addresses only the earliest part of the security lifecycle.
Marcus Fowler, CEO of Darktrace Federal, pointed to what comes after. "The security conversation must extend beyond model development and testing to focus on the operational realities of AI deployment," Fowler said. "As AI becomes embedded across applications, cloud environments, autonomous agents, operational technology, and critical infrastructure workflows, organizations will need clearer visibility into how those systems behave, what data and resources they can access, and when activity moves outside expected parameters."
The analogy to coordinated vulnerability disclosure is instructive. That process began as voluntary industry cooperation and gained teeth only when procurement requirements, insurers, and auditors started expecting compliance.
Noma Security's Diana Kelley argued that a similar evolution would make a durable frontier AI review process: independent testing, clear risk thresholds, disclosure obligations, post-release monitoring, incident reporting, and meaningful consequences when unacceptable risks are found. "Without that structure, a voluntary process could look reassuring without materially reducing risk," Kelley said.
There's also the question of what a pre-release review can't catch. About two-thirds of current AI-related incidents still originate from traditional weaknesses, according to Randolph Barr, CISO at Cequence Security, but the remaining third are "AI-native": model poisoning, data poisoning, prompt injection, and autonomous agents that can chain API calls with minimal human oversight. Those risks evolve after deployment, not before release, and no pre-release review catches them.
Dave Gerry, CEO at Bugcrowd, acknowledged the order as a meaningful first step while identifying a more fundamental problem. "The biggest gap isn't in strategy, it's in the speed of operating," Gerry said. "Adversaries today are operating at machine speed and the government is operating at bureaucracy speed. Proactive security must become the default to help offset this velocity gap."
Gerry also flagged that the order's emphasis on federal agency defense leaves state and local governments—disproportionately targeted by cybercriminal groups precisely because of their limited capacity—largely dependent on voluntary federal programs extending outreach to smaller organizations. Bug bounty and vulnerability disclosure programs have demonstrated success across federal agencies, he noted, but are still not standard practice or required for every agency or critical infrastructure operator.
[RELATED: State CIOs, CISOs Issue Distress Signal on AI, Limited Resources]
A longer-horizon concern involves operational technology (OT). As frontier AI models get integrated into OT environments—smart cameras, building controllers, physical security systems—the integrity of the model itself becomes a critical security concern, argues John Gallagher of Viakoo. Ensuring that an AI agent managing a physical network has not been poisoned or manipulated into disabling security protocols represents the next layer of risk that no current framework, voluntary or otherwise, has fully addressed.
The order moves the federal government from a passive observer to an active participant in frontier AI development—but participation is still invited, not required. The NSA gets a classified benchmarking role; CISA gets new directives and a clearinghouse mandate; critical infrastructure operators get expanded access to AI-enabled security tools. What the order does not create is a binding national standard, mandatory pre-release review, or any mechanism to preempt the state AI regulatory landscape that is developing independently.
For CISOs at organizations operating across state lines, or at vendors in the frontier AI space, the more consequential governance developments remain in state legislatures and Congress, where the administration's AI legislative framework is still awaiting action.