The White House is rolling out fresh federal cybersecurity protocols and launching a new artificial intelligence security “clearinghouse,” as outlined in a long-awaited executive order on AI.
Published on Tuesday, the executive order on AI innovation and security instructs government agencies to collaborate with the private sector to upgrade systems and “strengthen them against outside threats.”
A key element of the order is its direction to multiple agencies to create an optional system where the government can assess cutting-edge, frontier AI models for cybersecurity threats before they are made available to the public.
The order, which has been in development for several weeks, was prompted by recent breakthroughs in AI capabilities—notably the preview of Anthropic’s Claude Mythos model—which revealed AI’s ability to identify and exploit cyber vulnerabilities far more quickly than humans.
Although the executive order marks a departure from the administration’s previous laissez-faire stance on AI, the final version fell short of imposing a stricter regulatory framework on the rapidly advancing technology.
“Advanced AI capabilities make our nation stronger, but they also raise new national security challenges that demand coordinated efforts among executive departments and agencies,” the order states.
An Optional Security Framework
The order requires agencies to put together an “optional framework” for securing frontier AI models within 60 days.
Using this framework, AI developers will give the federal government access to advanced frontier models 30 days before releasing them to any other organization.
It will also enable AI developers to partner with government “trusted partners” who will receive early access to these models, promoting secure innovation and improving the cybersecurity of critical infrastructure.
The executive order explicitly states that it cannot be leveraged to force AI developers to seek government approval for their models before release.
Leaders from the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the National Institute of Standards and Technology are among those responsible for designing the optional framework. These agencies will also establish a confidential “benchmarking process” to decide when an AI model qualifies for this voluntary review.
In a post on X, venture capitalist and former White House advisor David Sacks stated that the framework will apply “only to models that represent a significant leap in cyber capabilities,” rather than minor updates to existing models.
Sacks also noted that the final order dropped an earlier proposal that required a 90-day waiting period, shortening it to just 30 days.
“Reducing the pre-release period from 90 days to 30 days is a major improvement. This allows our AI labs to meet the framework’s requirements without slowing down their release schedules,” Sacks wrote. “They can coordinate their work under the EO with other standard pre-release activities. Also, I’ve been informed by executive order drafters that 30 days refers to calendar days, not business days. In the race for AI dominance, timing is everything.”
New Cybersecurity Guidelines and the AI Clearinghouse
Federal agencies should anticipate updated cybersecurity guidelines in the near future. The order mandates that within 30 days, CISA and White House officials publish binding operational directives and related guidance to secure essential systems. This includes launching or expanding projects that “boost AI-powered defensive tools.”
The order further requires that these AI security tools and services be offered to state and local governments and critical infrastructure operators. It also assigns the Office of Management and Budget to locate funding opportunities for advanced AI cybersecurity tech. Meanwhile, the Office of Personnel Management is charged with expanding federal cyber hiring and placement through the Tech Force initiative.
Additionally, the order asks the Treasury Department—working alongside the NSA, CISA, and other agencies—to set up an “AI cybersecurity clearinghouse.” This entity will collaborate with AI companies and critical infrastructure operators to coordinate on newly found software vulnerabilities and prioritize patching them.
Tonya Ugoretz, a former FBI cybersecurity executive and now head of PwC’s Cyber & Risk Innovation Institute, said the executive order highlights that “U.S. leadership in AI innovation can boost both economic prosperity and national security.”
“Most businesses won’t be directly involved in the core activities outlined by the order, but they will gain if they can build the capacity to act on information shared by the clearinghouse,” Ugoretz told Federal News Network via email. “A key issue is whether the clearinghouse can efficiently distribute information on a large scale. The idea is solid: use government-industry partnerships to share vulnerability details, fix recommendations, and protective steps with a much wider audience. However, if organizations receive too much technical information without the context, staff, or money to use it, the clearinghouse may not be as effective as hoped. Its success will be judged by whether it genuinely improves cyber defenses for organizations lacking direct access to frontier AI capabilities.”
Industry Response
Tech industry leaders have generally praised the executive order and its voluntary approach.
“The executive order correctly adopts a voluntary, phased method for introducing and testing frontier AI security models, focusing on strengthening critical infrastructure and fixing vulnerabilities proactively,” said Victoria Espinel, CEO of the Business Software Alliance, in a statement. “It also takes a positive step by creating a structured, open process for collaboration among industry, government, and security specialists on future AI security breakthroughs.”
Samir Jain, vice president of policy at the Center for Democracy and Technology, added that the order tackles AI cybersecurity threats and “appropriately avoids the troubling prospect of a mandatory licensing system for new model releases.”
“Testing and benchmarking initiatives are essential for addressing cybersecurity and other risks,” Jain said. “However, the administration must ensure the EO is not used as a tool to penalize companies for political or arbitrary reasons. We’ll be watching closely as more details about its rollout emerge.”
On the other hand, cybersecurity specialists expressed concerns about the secrecy surrounding the voluntary framework.
“Better cybersecurity depends on more information sharing, not less,” said Doc McConnell, formerly of CISA and now head of policy and compliance at Finite State, in a statement. “Confidential benchmarking, confidentiality agreements, and early access trials will only delay getting these tools to the cyber defenders who need them now. I urge federal officials and frontier labs to reach out more broadly to the cybersecurity community. Stronger security requires increased transparency, ongoing information sharing, and stronger alliances.”
Gary Barlet, a former federal chief information security officer and current public sector chief technology officer at Illumio, said federal agencies and essential service operators must focus on “preventing a single security breach from escalating into a full-scale crisis.”
“This means restricting attackers’ movement, containing breaches swiftly, and safeguarding vital systems even after hackers gain initial access,” Barlet said. “AI can help speed up analysis and responses, but it doesn’t solve existing vulnerabilities. Without solid security controls and network segmentation, faster attacks will just amplify the impact of failures. Cyber resilience needs to be integrated into system design from the start, otherwise companies risk making every breach even more damaging.”
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
