Trump’s New AI EO: Voluntary Frameworks, Cyber Crackdowns, and What It Means for Developers and Tech Companies 

On June 2, President Trump signed an executive order (EO) entitled “Promoting Advanced Artificial Intelligence Innovation and Security” that establishes new federal cybersecurity directives, creates a voluntary framework for collaboration with artificial intelligence (AI) developers on frontier models, and signals increased focus on criminal enforcement against AI-enabled cyberattacks. 

On

Policy Objectives

Consistent with the Administration’s previous EOs, while pared back from earlier messaging, the EO seeks to promote further innovation of AI. In particular, the EO reaffirms that the United States’ global leadership in AI stems from the talent and innovation of the industry and a regulatory framework that avoids overly burdensome restraints. The EO’s policy directives center on three goals: (1) collaborating with the private sector to improve and strengthen government and private sector IT infrastructure against foreign threats, (2) protecting domestic innovation and intellectual property from being exploited or stolen, and (3) cultivating advanced AI-enabled capabilities.

Upgrading American Systems for Advanced AI

The EO directs a series of actions within 30 days to enhance cybersecurity across federal systems and critical infrastructure.

  • The Committee on National Security Systems and the Secretary of War are each directed to prioritize cyber defense efforts.

  • The secretary of Homeland Security, acting through the Cybersecurity and Infrastructure Security Agency (CISA), must issue Binding Operational Directives aimed at accelerating the cyber defense of civilian federal systems, broadening the deployment of AI-powered defensive tools, and extending cybersecurity resources — including access to “covered frontier models” — to federal agencies, state and local authorities, and critical infrastructure operators.

  • The secretary of the Treasury is directed to establish an “AI cybersecurity clearinghouse,” developed in cooperation with AI companies and critical infrastructure operators, to serve as a coordination hub for vulnerability scanning, validation, and patch distribution.

  • The director of the Office of Management and Budget (OMB) must determine whether existing federal grant programs can fund advanced AI vulnerability detection efforts (but it does not direct the development of any such programs if OMB determines that none currently exist).

The EO does not provide detailed guidance, so how agencies will interpret and implement these directives remains to be seen.
 
Additionally, within 60 days, the director of the Office of Personnel Management is directed to expand hiring and placement pathways for US Tech Force Information Cybersecurity Specialist positions, which focus on protecting critical systems, strengthening federal cybersecurity capabilities, and safeguarding federal digital infrastructure. These two-year fellowships are available to early-career technologists as well as experienced engineering managers from private sector partners. In addition to nominating employees for stints of government service, private companies are partnering with the government to provide training and mentorship to the Tech Force and committing to consider hiring alumni after their fellowships.

Secure Frontier Model Deployment

The EO also includes provisions that are significant for AI developers. Within 60 days, designated agencies must create a classified benchmarking methodology for evaluating the advanced cyber capabilities of AI models and establishing the threshold that triggers designation of an AI model as a “covered frontier model.” The director of the National Security Agency, in consultation with other specified officials, is responsible for making the designation.
 
The same agencies must design a voluntary framework enabling developers to work with the government to determine whether their models meet the “covered frontier model” threshold. Participating developers would grant the federal government a pre-release evaluation window of up to 30 days — during which appropriate safeguards for confidentiality, cybersecurity, insider-risk, and intellectual property protection, use, and nondisclosure requirements would apply — before distributing the model to other approved recipients. Additionally, the framework would create a joint process for identifying and selecting trusted partners for early access.
 
Notably, the EO includes an express clarification that it does not create or authorize any mandatory government approval gate — including licensing, preclearance, or permitting requirements — for developing or releasing AI models. This anti-licensing provision signals the Administration’s intent to keep the framework voluntary, though the practical dynamics of participation warrant close attention.

Prioritized Criminal Enforcement

The EO further directs the attorney general to make it an enforcement priority to prosecute AI-facilitated cybercrimes under the full range of existing federal statutes, specifically citing 18 U.S.C. § 1028 (fraud and related activity in connection with identification documents and authentication features), §1030 (fraud and related activity in connection with computers), and § 1343 (wire fraud). The provision targets individuals who deploy AI to gain unauthorized access to or damage computer systems, as well as those who leverage AI when advancing other criminal objectives. This expressly includes scenarios in which autonomous AI agents are used to collect data that is later put to criminal use.

Key Takeaways

  • AI developers and frontier model companies should closely monitor the development of the classified benchmarking process and voluntary framework, as well as federal efforts to expand AI-enabled cybersecurity tools and facilitate access to cybersecurity services for government agencies and critical infrastructure operators.

  • Developers of AI-enabled defensive tools and cybersecurity products and services should watch for opportunities to participate in these initiatives. While participation is not mandatory, the pre-release government access period and trusted partner selection process may become a de facto industry expectation for leading AI labs.

  • Developers should carefully assess the intellectual property and confidentiality protections attached to the 30-day pre-release access requirement.

  • Developers should begin building internal processes for pre-release government engagement, including documentation of cybersecurity testing and vulnerability assessments.

  • Technology companies that currently partner or are interested in partnering with the US Tech Force program may benefit from the program’s expansion as directed by the EO.

  • Critical infrastructure operators should be aware of the AI cybersecurity clearinghouse and expanded CISA cybersecurity services and should evaluate whether to participate in the voluntary vulnerability coordination process.

  • All organizations deploying AI should note the heightened enforcement posture. The EO’s reference to “employing AI agents” to unlawfully access data suggests the US Department of Justice may pursue novel theories of liability involving autonomous AI systems.

  • Developers of AI vulnerability detection tools should monitor for Notices of Funding Opportunities that may emerge from OMB’s review of existing federal grant programs for advanced AI vulnerability detection efforts.

We will continue to monitor implementation of this EO and are available to discuss how these developments may affect your organization.

Contacts

Continue Reading