New Light-Touch Trump AI Cyber Executive Order Reveals Accelerationists Still Rule the Roost

After a brief flirtation with the idea of a licensing regime for the most powerful AI models, the Trump administration released a new light-touch executive order (EO)—“Promoting Advanced Artificial Intelligence Innovation and Security”—on June 2, addressing AI cybersecurity risks after nearly two weeks of delay. The contents of the EO reveal that, while the Trump administration recognized it must show some executive action amid fast-moving developments in AI and cybersecurity, it still has little appetite to regulate the booming AI industry. With U.S. midterm elections on the horizon, this laissez-faire approach puts the Trump administration at odds with most of the country, who remain deeply skeptical about the benefits of AI technology.

The EO also seems to reflect ongoing politicking within the administration—particularly over what agencies will lead particular workstreams—threatening to undermine the EO’s implementation. Additionally, the Trump administration’s delay in releasing the EO and softening of its language from a previous draft further affirm the view of many that leading tech executives hold an astonishing sway on the executive branch today and can hold up—or conversely, green-light—White House policy directives.

New Cyber AI Models Spur Light-Touch Government Response

The June 2 EO contains two major provisions:

1. Shoring Up Federal and Critical Infrastructure Defenses: It directs the Department of Defense (renamed the Department of War), the Department of Homeland Security, and other parts of the government to bolster the cybersecurity of federal IT systems and critical infrastructure by releasing policy updates. It also asks the Department of the Treasury to stand up an “AI cybersecurity clearinghouse, in voluntary collaboration with the AI industry and operators of critical infrastructure, that coordinates and deconflicts scanning for software vulnerabilities, discovers and validates such vulnerabilities, and coordinates and prioritizes remediation and distribution of vulnerability patches.”
2. Voluntary Early Access for Government Review: It establishes a voluntary framework for AI developers to provide the federal government with access to powerful models for up to 30 days before the release to other trusted partners, alongside development of a “classified benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold at which an AI model” might be subject to the framework.

The cyber EO was originally slated for release on May 21, complete with a signing ceremony featuring chief executives from leading AI, tech, and cybersecurity companies. However, it was pulled at the last minute over concerns from the president and his senior advisers and opposition from tech executives. Compared to a leaked version of the prior draft, the new EO is largely similar, with the notable exception that the time period for the government to receive advanced access to covered models dropped from 90 days to 30 days. This change likely reflects a compromise between elements of the government concerned about national security and cyber risks and opportunities from new AI models and other parts of the administration more sympathetic to concerns from the technology industry that regulation is likely to harm AI innovation and threaten the U.S. edge over China.

The EO, of course, has its roots in Anthropic’s Mythos, an AI model that the company says is “capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so,” as well as engaging in sophisticated vulnerability chaining attacks. Since Anthropic’s April announcement, access to Mythos has been restricted to a set of trusted partners under an initiative known as Project Glasswing. Since then, U.S. federal agencies—along with private sector companies in numerous industries across the globe—have scrambled to obtain access to Mythos.

The breaking news surrounding AI-enabled cyber capabilities did not stop with Mythos. In its immediate wake, rival OpenAI released GPT-5.5 Cyber, which has similar capabilities to Mythos was similarly previewed to a select group of companies and relevant agencies through OpenAI’s Daybreak program. Both Glasswing and Daybreak made it starkly clear that U.S. frontier AI developers, not the federal government, are driving both the pace of technology development and shaping national cybersecurity and AI policy debates at the highest levels. Notably, when Mythos was first previewed in April, Treasury Secretary Scott Bessent and then-Federal Reserve Chair Jerome Powell convened an urgent meeting with leading U.S. financial executives to understand the tool’s potential impacts on the sector.

Following these developments, it seemed Mythos in particular was poised to spur a dramatic shift in the Trump administration’s approach to AI, which has focused largely on fostering AI innovation and removing perceived regulatory obstacles to AI deployment. Kevin Hassett, the director of the White House National Economic Council, floated the idea of a licensing approach for AI models similar to how the Food and Drug Administration approves the release of new medicines, and the Trump administration seemed to be contemplating requiring AI companies to share their models with the government prior to general release—though both ideas received pushback from the tech industry and other parts of the White House.

However, after a dramatic period of weeks in which it appeared the White House would provide no executive direction, the new EO appears to be an acknowledgment that the administration must take some action, no matter how timid. The prior version of the EO only proposed voluntary model sharing, and the released version—with its 30-day threshold—takes an even lighter touch, suggesting that concerns regarding Mythos have done very little to change the overall approach of the administration. Indeed, the new EO’s tone is set in its very first line, which attributes U.S. AI leadership, in part, to a refusal “to stifle this innovation with overly burdensome regulation.”

EO Unlikely to Change Industry Practice as Agencies Wrestle With Execution

It is not clear that the EO will result in any practical differences in how model developers currently engage with the U.S. government. The provisions around model sharing are purely voluntary. In addition, most of the major AI developers, including Google DeepMind, Microsoft, xAI, OpenAI, and Anthropic, have already entered into agreements with the Department of Commerce’s Center on AI Standards and Innovation to test their models for national security risks ahead of public release. In that sense, the EO is largely an expansion of existing industry practice to a broader range of federal agencies, rather than an attempt to proactively shape industry behavior.

Additionally, several unique governance decisions stand out that will impact government agencies’ ability to effectively execute the order. First, tasking the Department of the Treasury under Secretary Bessent to lead a new AI cyber clearinghouse reflects the importance placed on securing the financial sector from threats. It likely also acknowledges Secretary Bessent’s own proactive role in engaging industry and model developers on potential threats in recent months. However, agencies like the Office of the National Cyber Director and the Departments of Defense and Homeland Security—where much of the government’s cyber policy and technical expertise resides—are placed in consulting roles, raising questions about whether the appropriate offices will be driving policy implementation. The order also carves out a specific role for White House Chief of Staff Susie Wiles in the important provision on designating so-called covered frontier models to which the federal government may gain advanced access, suggesting a prioritization of political over technical expertise in key areas.

Demand for More Aggressive Approach Remains High

This light-touch approach continues to put the Trump administration at odds with general public sentiment around AI. Polling continues to show that Americans are skeptical about the benefits of AI, concerned about the impacts of data centers on their local communities, anxious about AI’s impact on the job market—and overwhelmingly prefer the federal government to step in to regulate the technology, even if that could lead to a slowdown in innovation. Recognizing the stakes for the AI industry, state lawmakers have proposed hundreds of bills to regulate AI, political groups are pouring millions of spending into the midterm elections, and opposition to data centers is emerging as a rare point of bipartisan agreement.

In doubling down on a light-touch approach to AI regulation that prioritizes competition with China and the concerns of a small number of highly influential technology executives, the Trump administration risks undermining its own long-term goals for U.S. AI dominance globally. The sky-high valuations of AI model developers and infrastructure companies are dependent on mass adoption and uptake, which public opposition and skepticism threaten. It seems increasingly impossible to narrow that trust gap without a national policy discussion around regulation, in addition to efforts taking place across the states in its absence. The new AI and cybersecurity EO is a tentative step in the right direction, driven primarily by policymakers’ fears introduced by new, advanced models. However, the Trump administration would be wise to listen to more domestic constituents’ perspectives on these issues and consider regulatory steps that better balance the public desire for government leadership with the need to facilitate U.S. technology innovation on the global stage.

Aalok Mehta is the director of the Wadhwani AI Center at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Lauryn Williams is the deputy director and senior fellow in the Strategic Technologies Program at CSIS.