The US Has a New AI Security Blueprint: Here's What It Actually Means

The Trump administration has spent much of its second term removing regulatory constraints on AI development. On June 2, it added one back voluntarily and carefully. Earlier this week, President Trump signed "Promoting Advanced Artificial Intelligence Innovation and Security" after months of internal debate, a last-minute pull of the signing in May, and a compressed final timeline. The result of this tumult is an order that strikes a deliberate balance: meaningful government oversight of the most powerful AI systems, without the mandatory regulatory requirements administration leadership and big tech feared would impede AI innovation.

Here's what the order does, what it doesn't, and why it matters.

Why Now?

For most of the past year, AI's security implications were treated as a future problem, deprioritized in favor of enabling leading-edge innovation. Recent model evaluations and capabilities have made them a present one. A new generation of frontier AI models has demonstrated the ability to autonomously identify and exploit software vulnerabilities at a pace that far outpaces human defenders. Researchers have documented an 89% year-over-year increase in attacks by AI-enabled adversaries, and in recent weeks, Google's Threat Intelligence Group identified, for the first time, a criminal threat actor using an AI-developed zero-day exploit in a mass exploitation campaign that was disrupted before it could be deployed. These are no longer theoretical risks.

That shift in the threat landscape was enough to move officials who had been resistant to any form of AI oversight. What emerged is a high-level roadmap built on partnership with industry rather than mandates imposed on it. This serves as a reflection of where the administration's redlines sit, and a considered response to sustained pressure from the technology sector.

What the Order Does

Hardening Federal Systems: Within 30 Days

The most immediate set of obligations falls on federal agencies. By July 2, the Committee on National Security Systems must prioritize the cyber defense of national security systems, and the Department of War must do the same for its own information infrastructure.

On the civilian side, CISA must issue Binding Operational Directives to expedite cyber defense of federal civilian systems, expand AI-enabled defensive tools, and broaden access to cybersecurity services, including (where appropriate) frontier AI models, for federal agencies, state and local governments, and critical infrastructure operators, including rural hospitals, community banks, and local utilities.

The Office of Management and Budget must also assess whether existing federal grant programs can direct funding toward advanced AI vulnerability detection.

A New AI Cybersecurity Clearinghouse: Within 30 Days

Also, by July 2, the Treasury Department, working with the NSA and CISA, must establish a voluntary AI Cybersecurity Clearinghouse. Operating in collaboration with industry and critical infrastructure operators, it will coordinate vulnerability scanning, validate discovered vulnerabilities, and prioritize remediation and patch distribution.

The concept is sound: using government-industry collaboration to push vulnerability intelligence, remediation guidance, and defensive tools to a far wider population of organizations than government alone can reach. The key implementation question, one that the technology industry is already raising, is how to make it an effective distribution mechanism at scale. The Clearinghouse will only be as useful as the organizations equipped to act on what it shares.

A Classified Benchmarking Process and Voluntary Pre-Release Review: Within 60 Days

The centerpiece of the order is a voluntary framework, to be designed by August 1 by Treasury, NSA, and CISA in coordination with the National Cyber Director, APST, and NIST. It has two components.

First, the NSA Director must develop a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine when a system qualifies as a "covered frontier model." That designation triggers the second component: an invitation (not a requirement) for developers to provide the federal government with up to 30 days of pre-release access to their model, subject to confidentiality, cybersecurity, insider risk, and intellectual property protections.

Developers participating in the framework can also collaborate with the government to select trusted partners, such as critical infrastructure operators, for coordinated early access. This effectively gives the federal government a role not only in reviewing powerful models but in shaping who else gets early access and on what terms. The order provides no criteria for selecting trusted partners, leaving that to be worked out during implementation.

The 30-day window was itself a significant concession. Earlier drafts proposed a 90-day review period, which was pulled in May after concerns that it would materially delay model launches and disadvantage US developers relative to Chinese competitors. At 30 days, developers can synchronize government review with other pre-release activities rather than treating it as a sequential delay.

The order contains explicit language prohibiting the framework from being used to establish mandatory licensing, preclearance, or permitting requirements for the development or release of AI models. Participation is voluntary, and the order is clear on that point.

Enforcement Against AI-Enabled Cybercrime

Section 4 directs the Attorney General to prioritize enforcement against criminal actors using AI to illegally access computer systems, commit identity fraud, and engage in wire fraud. This introduces no new criminal liability; it is a prosecutorial prioritization that channels resources toward AI-facilitated violations of existing statutes. But it signals that the administration sees AI-enabled cybercrime as a category requiring dedicated attention.

​Notably, this is the first time we've seen the malicious use of AI agents for criminal or unlawful purposes explicitly named as a target for federal enforcement, a recognition that agentic AI introduces a distinct category of risk that existing frameworks weren't designed to address. Determining the intent behind agentic deployment will be a critical and complex question as this provision is implemented. It's one Zenity is closely engaged with, working alongside government and enterprise security teams to build the visibility needed to distinguish legitimate agent behavior from misuse.

Federal Cyber Talent Expansion: Within 60 Days

By August 1, the Office of Personnel Management must expand hiring pathways for the US Tech Force Information Cybersecurity Specialist program. Alongside the technical infrastructure the order establishes, this is a recognition that closing the federal cyber capacity gap requires people as well as tools.

What the Order Doesn't Do

It's worth being clear about what is absent:

• No mandatory licensing or government pre-approval for AI models
• No hard compute thresholds defining which models are subject to oversight
• No mandatory safety testing regime
• No enforcement mechanism for non-participation in the voluntary framework

This places the order firmly in the voluntary partnership tradition the administration has consistently favored. The tech industry broadly welcomed the approach, with the Information Technology Industry Council describing it as taking important steps to strengthen security in coordination with industry. The voluntary design is seen by industry as appropriately leveraging private sector expertise rather than imposing requirements that could slow development or chill innovation.

The Tensions Worth Watching

The order has drawn more nuanced responses alongside the welcome. Several threads are worth tracking.

Transparency and accountability. The classified nature of the benchmarking process has drawn criticism from cybersecurity practitioners who argue that strong security is built on information sharing, not opacity. If the criteria for designating a covered frontier model are not publicly known, it becomes difficult for developers to understand their obligations, for researchers to assess whether the process is working, and for the broader cyber community to benefit from government assessments. How the NSA manages this tension will matter.

The voluntary problem. An oversight framework without an enforcement mechanism relies entirely on incentives such as goodwill, government contracts, or a seat at the table as rules evolve. That may be sufficient in normal competitive conditions. Whether it holds when a lab is racing a well-resourced competitor to ship a model is an open question. The White House appears to be betting on industry cooperation; observers are already asking Congress to legislate a mandatory backstop.

Trusted partner selection. The order gives the government a role in selecting which organizations get early access to covered frontier models, without specifying how those decisions will be made or reviewed. Legal analysis has flagged this provision as a potential vehicle for arbitrary or political interference if not implemented carefully.

Scope of the Clearinghouse. Most companies deploying or operating alongside AI systems will fall outside the Clearinghouse's core processes. Their ability to benefit depends on the Clearinghouse becoming an effective conduit for actionable intelligence, creating a distribution challenge as much as a technical one.

What Comes Next

The order's aggressive timelines create a busy summer for federal agencies:

By July 2: AI Cybersecurity Clearinghouse formation; CISA Binding Operational Directives; hardening of national security and Department of War systems; OMB assessment of federal grant funding for AI vulnerability detection.

By August 1: NSA classified benchmarking process; voluntary pre-release review framework; OPM cybersecurity hiring expansion.

For organizations building or deploying frontier AI, the immediate question is whether and how to engage with the voluntary framework. The definition of "covered frontier model" will be the focal point of the next phase of regulatory activity, and companies with existing voluntary arrangements with the Department of Commerce's Center for AI Standards and Innovation should assess how the new framework interacts with those agreements.

For critical infrastructure operators, the Clearinghouse may prove to be the most practically significant development, both as a source of threat intelligence and as a new channel for regulatory engagement.

Why This Matters for AI Agent Security

The EO is premised on a simple but consequential observation: AI models capable of autonomous action now pose systemic security risks. That same logic applies inside the enterprise. As organizations deploy AI agents across their environments, those agents inherit access to credentials, APIs, sensitive data, and production systems. Without visibility into what those agents are doing and governance over their behavior, they represent exactly the kind of unmonitored, high-capability vector the order is designed to contain at the frontier level.

The Clearinghouse, the order establishes, will push vulnerability intelligence and defensive guidance to critical infrastructure operators. But that intelligence is only actionable if organizations have the runtime visibility to act on it and to know which agents are active in their environment, what they have access to, and whether their behavior falls within sanctioned boundaries. The EO's enforcement provision goes further still, naming the use of malicious AI agents as a federal criminal priority for the first time. That makes agent governance not just a security best practice but an emerging compliance consideration.

For security leaders assessing their posture ahead of the August 1 framework deadline, the question isn't whether AI agents in their environment need to be governed; it's whether they have the tools to do so.

The Bigger Picture

The June 2 order is the third significant AI policy move of 2026, following the December 2025 EO on federal preemption of state AI laws and the March 2026 National Policy Framework for AI. The direction has been consistent: light-touch on innovation, more deliberate on security, and a clear preference for industry partnership over imposed mandates.

​Whether that approach is sufficient will be tested in implementation. A voluntary framework is only as effective as the participation it attracts and the trust it generates. If the NSA's classified benchmarks are seen as opaque or arbitrary, developers will be reluctant to engage. If the Clearinghouse cannot distribute intelligence at scale, its practical impact will be limited.

The administration has made its bet: that partnership works better than regulation, and that American AI companies will cooperate because cooperation serves their interests. The next 60 days will begin to show whether that bet pays off.