IAPS Reacts to the White House Executive Order on AI Innovation and Security

Written By Theo Bearman

This report was co-authored by Brianna Rosen and Joe O’Brien.

Download the Memo

Today, the White House released a new Executive Order (EO) “Promoting Advanced Artificial Intelligence Innovation and Security,” establishing a framework to strengthen frontier AI security. The EO directs national security agencies to prioritize the cyber defense of federal systems, expand access to AI-enabled defensive capabilities, strengthen collaboration with critical infrastructure operators, and establish a voluntary process for frontier AI developers to collaborate with the government on the security implications of increasingly capable models.

As frontier models become increasingly capable in domains such as cybersecurity, the federal government will require new mechanisms to evaluate emerging risks, coordinate with industry, and ensure that critical infrastructure operators can benefit from AI-enabled defensive capabilities. The EO advances several recommendations outlined in IAPS's recent memo, “After Mythos: A National Security Playbook for Frontier AI,” while leaving important implementation questions unresolved.

  • The administration is taking steps to proactively build the institutional infrastructure we need to detect, respond, and recover from AI national security crises. Frontier model performance is rapidly advancing, and capabilities in cyber and beyond will continue to challenge policy frameworks designed to manage them. While there is work to be done, this EO strengthens the partnership between the federal government and industry to address the AI capabilities we have today—and will see in the future—to advance continuing American leadership in AI.

  • The EO reflects a growing recognition that frontier AI systems are a national security challenge, particularly as advanced models are integrated into sensitive government systems and critical infrastructure. While the order is focused on cybersecurity, it begins establishing the institutional foundations that will be necessary as frontier AI capabilities continue to accelerate. The combination of classified capability benchmarks, a process for identifying covered frontier models, and deeper government-industry coordination mark important steps toward a more systematic approach to managing frontier AI security risks.

Experts at the Institute for AI Policy and Strategy (IAPS) react to key provisions of the EO, identify implementation challenges, and outline opportunities to build on the administration’s approach. 


What Does the Executive Order Do?

Key provisions of the EO include:

  • Access to cybersecurity tooling and services (within 30 days). The EO directs the Secretary of Homeland Security, through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), in consultation with the Office of Management and Budget (OMB), the Assistant to the President for National Security Affairs, and the National Cyber Director (NCD), to issue new Binding Operational Directives and guidance that would facilitate access to cybersecurity tools and services, including, where appropriate, “covered frontier models,” for federal, state, and local entities and CNI operators.

  • AI cybersecurity clearinghouse (within 30 days). Led by the Secretary of the Treasury, in consultation with the NCD, the National Security Agency (NSA), and CISA, the clearinghouse will serve as a coordination and deconfliction hub for vulnerability scanning, validation, and the prioritization and distribution of patches.

  • Federal funding for AI vulnerability detection (within 30 days). The EO directs OMB, working with the NCD and CISA, to identify federal programs with available and relevant funding that can be directed toward AI vulnerability detection solutions.

  • Cyber-talent pathways (within 60 days). The Office of Personnel Management (OPM) will expand the U.S. Tech Force Information Cybersecurity Specialist hiring and placement pathways within the federal government.

  • A classified benchmark and the “covered frontier model” threshold (within 60 days). A classified benchmarking process led by the Department of the Treasury, the NSA, and CISA will be developed and maintained to measure models’ advanced cyber capabilities and set the threshold at which a model should be designated a “covered frontier model,” with assessments shared with frontier AI developers and researchers as appropriate. The process and threshold will be determined in consultation with the NCD, the Assistant to the President for Science and Technology (APST), and Commerce through the National Institute of Standards and Technology, and in coordination with other agencies as appropriate. The Director of NSA will then determine which models become “covered frontier models” for the purposes of the EO, in consultation with the NCD, the APST, CISA, and other representatives of the Department of War as appropriate.

  • A voluntary framework for access to “covered frontier models” (within 60 days). This framework will let AI developers engage the U.S. government so the government can: (1) assess whether their models meet the “covered frontier model” threshold; (2) access such models for up to 30 days before their developers share them with other trusted partners; and (3) help AI developers select which trusted partners should subsequently be given early access to the covered frontier model.

Ensuring Effective Implementation

The EO’s ultimate impact will depend on its coordinated execution within government and through public-private partnerships. Our experts highlight several implementation challenges likely to shape effectiveness. 

Defining Covered Frontier Models

  • One consequential implementation question left unanswered by the EO is how the government will determine which systems qualify as “covered frontier models.” The order establishes a classified benchmarking process to determine the threshold for what counts as a covered model, but does not clarify which factors will inform this determination nor the extent to which they will be made public (the order states that assessments will be shared with AI developers and researchers “as appropriate”). Striking the right balance between transparency, congressional oversight, and national security considerations will be important to building confidence in this approach.

  • The focus on advanced cyber capabilities is understandable, but future frontier AI models may also exhibit advanced capabilities in other dual-use national security-relevant domains. Determinations of what models qualify as “covered frontier models” should take into account capabilities in relevant domains beyond cyber–including chemical, biological, radiological, or nuclear domains and autonomous R&D acceleration–to avoid a situation where the government lacks visibility into other sources of frontier AI risk before they materialize.

  • As part of the process of identifying covered frontier models, the NSA should explicitly consider internal models which are never intended for public release. Frontier AI companies first deploy their most capable models internally, often long before public release–and in some cases, models are not released publicly at all. Moving forward, companies may choose to keep highly-capable models for internal use only, because (1) public deployment may present outsized misuse risks, and (2) they may want to deploy these models internally to accelerate their own AI R&D. The administration should build on the EO by ensuring that powerful internal models fall within the benchmarking process regardless of eventual deployment plans.

Supporting Critical Infrastructure Adoption

  • Extending model access to critical infrastructure providers is an important first step, but access alone won’t make defenders more secure. Many of the organizations that need help most, like hospitals, are working with tight budgets and lean security teams. Handing them a powerful model won’t translate into better security alone. The last-mile problem needs to be solved: developing tools that fit into specific workflows, testing them in realistic environments, and bringing in technical talent to help with integration.

  • Deploying agentic systems to shore up federal networks and critical infrastructure will introduce novel risk vectors specific to AI systems, including on alignment, control, robustness, multi-agent interactions, and interpretability. Fundamental research is still required to solve these challenges. Policymakers should collaborate with the AI industry and academics to drive research into these and other high-priority areas, to ensure that defensive uses of AI systems–often some of the highest-risk use cases due to their proximity to critical systems–can be relied upon.

  • Critical infrastructure providers will need to trust AI systems before they adopt them widely, and that trust can only be built through real-world testing and deployment. The Department of Energy (DOE)’s national labs have the expertise, testbeds, and relationships to lead here. They can develop AI-enabled systems for operational technology environments, then work with owners and operators to test and refine these systems, and establish the operational practices and safeguards needed to deploy them. 

Expanding Government Capacity

  • There are gaps in specialized AI security talent within the U.S. government that would hinder its ability to respond to AI-related national security crises. We are therefore very glad to see the EO addressing this in the context of AI cybersecurity. Yet we caution that hiring and clearance mechanisms operate at the speed of bureaucracy, rather than at the speed of crises. To better prepare for both AI cyber threats as well as near-future AI risks such as biosecurity threats and loss of control, we recommend the U.S. government expand hiring to a wider set of AI security specialists, establish a reserve corps of pre-cleared experts to be brought in during emergencies, and improve hiring efficiency for AI experts. We discuss these measures in depth in this report.

  • The benchmarking process directed by Section 3(a) of the EO is entirely government-internal, with no apparent role for independent third-party evaluators. Government evaluators alone may not be able to keep pace with the volume and velocity of frontier model development. To address this, the administration should consider establishing model access standards that allow qualified third parties to conduct rigorous evaluations. Doing so would distribute the testing burden, improve assessment quality, and create an institutional infrastructure that outlasts any single EO.

Appropriate Evaluation Periods

  • Agencies evaluating frontier models’ capabilities, propensities, and safeguards must be able to make full use of the “up to 30-day” pre-release access window directed by Section 3(b)(ii) of the EO, alongside the government leveraging the model’s capabilities for defensive purposes during this period. We have already seen examples of third-party evaluators who work with frontier AI companies facing difficulties making conclusive assessments due to the limited time they have been given to do their work. Longer pre-release access windows can support a more rigorous and comprehensive understanding of the risks frontier models may pose, reporting of findings as appropriate, and the design and implementation of mitigations as needed. Whatever the agreed length of the access window, the government should ensure that evaluating bodies are appropriately resourced and that the final voluntary framework includes clear expectations for how frontier AI companies will act on evaluation findings before releasing the model onward.

Building on the Executive Order 

This EO is an important step toward ensuring American leadership on AI by strengthening frontier AI security, but continued progress will require follow-on executive action, institutional reforms, and targeted legislation as AI capabilities continue to advance. Our experts identify several opportunities to build on the administration’s approach while ensuring agencies have the authorities, technical capacity, and resources needed to address emerging AI security risks effectively.

Preparing for Agentic Cyber Risks

  • Beyond hardening critical infrastructure, the White House must prepare for a future where offensive cyber agents outpace defenses. In that future, detection and disruption will be essential. Identity requirements for AI agents interacting with critical systems are a practical first step, often achievable with minor regulatory tweaks. If agents bear identities, they can be monitored for malicious behavior, and threats can be flagged and shared across defenders quickly—a win for threat visibility and information sharing.

  • The EO focuses on vulnerability discovery, given AI's ability to automate and accelerate that process. But policymakers also need to prepare for autonomous systems that can automate the attacks. Autonomous cyber agents could scale offensive operations, compress attack timelines, and persistently probe defenses for weakness. They are likely to be highly effective at identifying and exploiting known gaps like unpatched software, misconfigured systems, and weak credentials, which are endemic in large enterprise networks and especially among under-resourced defenders like public utilities, hospitals, and schools. In response, federal policy should prioritize developing and deploying AI-enabled systems that can help defenders identify these gaps and drive remediation and defensive hardening.

  • The proposed cybersecurity clearinghouse is a good start for cyber coordination. To prepare for the coordination demands of the next challenge—offensive cyber agents—the administration should consider expanding this clearinghouse into an Agentic Cybersecurity Exchange (ACE). Modeled on the fraud-focused Global Signal Exchange, an ACE would bring together leading model and cloud providers to fuse and analyze network signals and coordinate the detection and disruption of malicious agents across global networks.

Accelerating Defensive Automation 

  • The EO takes the first steps toward driving AI-enabled defensive automation by expanding federal programs and cybersecurity services that enhance AI-enabled defensive tools, and by enabling access to models, tools, and services for federal agencies, state and local government, and critical infrastructure. The next step is addressing the deployment challenges. Widespread defensive automation needs systems that are cost-effective, secure, and reliable, which will require real-world testing and experimentation across different models, systems, and deployment practices. There is an opportunity for federal leadership to support or run operational pilots that refine these systems and develop the operational practices and safeguards to deploy them at scale.

Leveraging AI to Secure the Defense Industrial Base

  • The EO’s focus on securing Department of War information systems is commendable, but Pentagon cybersecurity is only as strong as its supply chain. Roughly 80% of the defense industrial base is made up of small contractors that hold sensitive military data and IP but often lack the resources to defend themselves against nation-state threats. Chinese groups in particular have used these firms as entry points into the broader defense ecosystem. Federal cybersecurity support for this segment, including access to AI-enabled defensive tools they couldn't otherwise afford, would close a key gap in U.S. national security.

Theo Bearman
Next

Detecting Offensive Cyber Agents: A Detection-in-Depth Approach