President Donald Trump has signed an executive order that would change how the federal government interfaces with the most powerful AI systems—at least at the moment they’re about to leave the lab.
The order, signed Tuesday, establishes what it calls a “voluntary framework” for AI companies to share their frontier models with the federal government before those models are released to the public. The stated goal is not to slow innovation through heavy-handed regulation, but to promote “secure innovation” and strengthen the cybersecurity of critical infrastructure. In practice, that means the government is asking for early visibility into advanced AI capabilities—specifically their cyber-related risks—before those capabilities can be widely deployed.
This is a notable pivot in tone and mechanism. For years, the policy debate around AI has often split into two camps: one arguing that regulation will chill progress, and another warning that leaving deployment entirely to market incentives is too risky. The executive order tries to occupy the middle ground by framing the approach as voluntary and innovation-friendly, while still directing agencies to build a structured way to evaluate the cyber capabilities of AI models prior to release.
What makes this order stand out is its focus. Rather than centering the discussion on general safety concerns—like misinformation, bias, or privacy—the order emphasizes cybersecurity. That choice reflects a growing consensus among security professionals: the most immediate and measurable harms from frontier AI may not be abstract. They may show up as faster phishing, more convincing social engineering, automated vulnerability discovery, or new ways to probe systems at scale. Even if an AI model is not designed for malicious use, the same capabilities that make it useful for coding and research can also lower the barrier for attackers.
The executive order’s language also signals a particular philosophy of governance. It acknowledges that the U.S. AI industry has advanced in part because it has avoided “overly burdensome regulation.” Yet it simultaneously recognizes that new AI capabilities introduce security risks that cannot be ignored. The solution, according to the order, is not blanket restriction, but a pre-release assessment process that helps the government understand what it might be facing.
A voluntary framework, but with real leverage
The order creates a voluntary framework, which means companies are not immediately compelled by law to submit their models. However, “voluntary” does not necessarily mean “without consequences.” In many policy contexts, voluntary programs become de facto requirements when participation is tied to procurement, partnerships, reputational benefits, or access to government-facing opportunities.
Even without explicit penalties, companies may find that early engagement with federal agencies becomes strategically valuable. If the government is preparing to assess frontier models before release, firms that want smoother pathways for deployment—especially in sectors connected to government contracts or critical infrastructure—may choose to participate rather than risk being excluded from future coordination efforts.
There’s also a second kind of leverage: the information advantage. If agencies learn how frontier models behave under cyber-relevant tests, they can shape guidance, incident response planning, and defensive tooling. Over time, that knowledge could influence standards and expectations across the industry. A voluntary program can still steer the market by shaping what “good behavior” looks like.
The order directs multiple federal agencies to develop the framework, and it specifically calls for an approach to assess the advanced cyber capabilities of AI models before they are released. That phrasing matters. It suggests the government is not merely interested in whether a model can generate malware or hack tools in a simplistic sense. Instead, it points toward evaluating capability levels—how effectively a model can perform tasks that translate into cyber risk.
In other words, the government appears to be aiming for something closer to a capability assessment than a compliance checkbox.
Why “advanced cyber capabilities” is the key phrase
Cybersecurity risk from AI is not one thing. It spans a spectrum of abilities that can be used defensively or offensively. A model might help defenders by analyzing logs, summarizing threat intelligence, or generating detection rules. But the same model might also help attackers by producing exploit code, crafting targeted phishing messages, or automating reconnaissance.
The executive order’s emphasis on “advanced cyber capabilities” implies that agencies will try to measure the upper end of what models can do—capabilities that could meaningfully change the threat landscape. That could include tasks like:
Generating code that works with minimal iteration.
Adapting instructions to specific environments.
Producing step-by-step attack workflows.
Identifying vulnerabilities or weaknesses in a way that accelerates exploitation.
Assisting with social engineering content tailored to particular targets.
The challenge for any assessment framework is that AI systems are not static. A model’s behavior can vary depending on prompts, context windows, tool access, and guardrails. A model that seems safe under one testing regime might behave differently under another. That’s why the order’s focus on a framework—rather than a single test—signals an attempt to create repeatable evaluation methods.
But building such methods is hard. Cyber capability testing can be ethically and legally sensitive, and it can also be gamed. Companies may want to demonstrate that their models are safe without revealing too much about internal architecture or training data. Agencies may want to test realistic misuse scenarios without creating a blueprint for attackers.
The executive order’s “voluntary” structure may be partly intended to reduce friction around these issues. If companies cooperate, agencies can design tests that are informed by the vendor’s understanding of the model, while still maintaining enough independence to avoid rubber-stamping.
Critical infrastructure as the center of gravity
The order ties the assessment effort to strengthening the cybersecurity of critical infrastructure. That phrase is broad, but it typically includes sectors like energy, water, transportation, healthcare, communications, and other systems whose disruption would have outsized societal impact.
AI models can affect critical infrastructure security in multiple ways. Attackers can use AI to scale operations: writing more convincing phishing lures, generating scripts faster, and iterating on tactics without needing deep expertise. Meanwhile, defenders can use AI to improve detection and response. The problem is that the offensive side often benefits from automation sooner, because attackers are motivated by immediate payoff and can experiment quickly.
By focusing on critical infrastructure, the order implicitly prioritizes the most consequential environments where AI-enabled cyber risk could cause cascading failures. It also suggests that the government wants to align model assessment with downstream defensive planning. If agencies can anticipate how frontier models might be used against infrastructure, they can better prepare incident response playbooks, update risk assessments, and coordinate with sector-specific regulators.
This is where the order’s “secure innovation” framing becomes more than rhetoric. Innovation is not just about building models; it’s about deploying them safely in real-world systems. Critical infrastructure is where the cost of failure is highest, so it’s where pre-release visibility could matter most.
A unique take: shifting from “model safety” to “capability governance”
Many AI policy efforts focus on safety in a broad sense—harmful outputs, bias, privacy, or misuse. This executive order takes a narrower but arguably more actionable approach: capability governance. Instead of trying to regulate every potential harm, it targets a specific class of risk that is already measurable and operational: cyber capability.
That shift has advantages. Cyber risk is easier to translate into concrete defensive actions. If agencies can estimate how capable a model is at cyber tasks, they can adjust monitoring, patching priorities, and training for incident responders. They can also inform procurement requirements for organizations that rely on AI tools.
It also changes the conversation with industry. Companies may be more willing to participate in a framework that evaluates cyber capabilities than in one that attempts to police all forms of misuse. Cyber capability assessment can be framed as a security partnership rather than a moral judgment about what a model might produce.
Still, capability governance raises its own questions. How will agencies define thresholds? What counts as “advanced”? Will the framework consider the model’s ability to operate with external tools? Will it account for the difference between a model that can write plausible code and one that can reliably execute attacks in real environments?
These details will determine whether the framework becomes a meaningful safeguard or a superficial exercise.
The likely shape of the framework: testing, reporting, and coordination
While the executive order itself sets direction, the actual framework will be developed by federal agencies. That development process will likely involve several components.
First, there must be a testing methodology. Agencies will need to decide what kinds of cyber tasks to evaluate, how to structure prompts, and how to score results. They may also need to define boundaries—what is allowed to be tested, what is prohibited, and how to prevent test artifacts from becoming reusable attack instructions.
Second, there must be a reporting mechanism. If companies share models voluntarily, agencies will need a way to receive information securely and handle it responsibly. That includes protecting proprietary model details and ensuring that sensitive findings are not leaked.
Third, there must be coordination. The order directs multiple agencies, which suggests that the framework will not live in isolation. It likely connects to existing cybersecurity structures—such as threat intelligence, incident response coordination, and sector-specific guidance.
Fourth, there must be a feedback loop. If the government learns something from assessments, it should translate that learning into updated defensive posture. Otherwise, the framework risks becoming a one-time event rather than an ongoing improvement cycle.
The most important question is whether the framework will be iterative. Frontier models evolve quickly. A model assessed today may be replaced by a new version tomorrow. If the framework is designed only for one-off evaluations, it may lag behind the pace of innovation. If it is designed for continuous or periodic reassessment, it could become a durable part of the ecosystem.
The tension at the heart of the order: speed versus scrutiny
The executive order’s central tension is familiar: the U.S. wants to remain competitive in AI while also addressing security risks. The order tries to resolve that tension by making the process voluntary and by focusing on cybersecurity rather than imposing broad restrictions.
But scrutiny is still scrutiny. Even if companies are not legally required to participate, the existence of a pre-release assessment framework changes the environment. It signals that the government is preparing to look closely at frontier models before they reach the public.
That could influence how