The decision made by U.S. President Donald Trump to abruptly shelve an executive order centered on artificial intelligence has sparked significant concern among cybersecurity experts. This order was intended to establish a federal review process for advanced AI models, particularly those classified as frontier models. Industry analysts assert that, despite the cancellation, it remains crucial for the federal government to actively collaborate with AI developers to mitigate potential risks associated with these technologies.

Documents circulated regarding the shelved executive order indicate that it aimed to create a comprehensive framework and a clearinghouse for implementing national security assessments concerning advanced AI systems. This review would have been conducted through voluntary cooperation with leading firms in the AI sector, including major players like Anthropic, OpenAI, and Google. The president announced the cancellation just hours before the signing event, expressing apprehensions that the order might impede the United States’ competitive edge over China in AI research and development.

In light of the cancellation, several former federal cybersecurity officials and public sector security experts have suggested that the pause should be utilized to devise a more robust framework. This new framework would balance the need for innovation in AI while ensuring that adequate protections are in place regarding frontier models. Experts like Megan Rolander, who previously served as the acting assistant cybersecurity and technology chief for the FBI, underscored the importance of introducing independent testing. Such evaluations would address issues like model-assisted malware generation, vulnerability detection, and the evasion of defensive measures.

Rolander now holds a position as head of public sector initiatives at Black Kite, advocating for a “tiered, risk-based evaluation process.” This approach would allow for deeper scrutiny of frontier models, thereby enabling innovation to continue while ensuring that models which could potentially influence national security, critical infrastructure, or cybersecurity operations are thoroughly evaluated.

The draft executive order would have mandated various federal agencies—including those responsible for cybersecurity, defense, intelligence, and financial oversight—to develop classified benchmarks for determining when a model qualifies as a “covered frontier model.” Importantly, the order was designed as a voluntary process and specifically stated that it should not create an obligatory licensing, preclearance, or permitting system for new AI models.

Under the now-abandoned draft, companies would have been allowed to grant the government access to these covered frontier models for a period of up to 90 days prior to their public release. Robert Costello, former CIO for the Cybersecurity and Infrastructure Security Agency (CISA) and now the chief digital and information officer at Merlin Group, highlighted that this review timeframe would enable federal officials and private sector stakeholders to address any emerging concerns before they escalate into significant problems.

This proposal comes at a time of heightened anxiety in Washington and within the cybersecurity community regarding how federal defenses will handle frontier AI systems capable of speeding up vulnerability identification. Advanced AI capabilities, exemplified by systems such as Anthropic’s Mythos model, are advancing at a pace that seems to outstrip the evolution of policy and security measures.

Diana Kelley, a Chief Information Security Officer (CISO) at Noma Security, emphasized that the current administration should consider prior cybersecurity coordination initiatives, such as coordinated vulnerability disclosure programs and post-incident review frameworks. Kelley believes these instances serve as illustrations of how voluntary initiatives can develop into more effective security mechanisms, particularly when they include well-defined reporting channels, clear response timelines, and public accountability.

“The pressing question at hand is whether this approach will facilitate the establishment of a sustainable safety assessment process,” Kelley remarked. She stressed the necessity for independent testing, clear metrics for assessing risks, and meaningful repercussions whenever unacceptable risks are identified.