Trump revives parts of canceled AI order with cybersecurity-focused directive

US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI initiative that he abruptly shelved less than two weeks ago. The order, “ Promoting Advanced Artificial Intelligence Innovation and Security ,” directs federal agencies to accelerate deployment of AI-enabled cybersecurity capabilities, establish a government-industry vulnerability-sharing initiative, and create a process for evaluating the cyber capabilities of frontier AI models. The move follows an unusual reversal by the administration. On May 21, Trump canceled a planned signing ceremony for what had been described as a much broader AI executive order after expressing concerns that the proposal could hamper innovation and weaken America’s competitive position against China. The cancellation highlighted growing tensions within the administration between officials concerned about the cybersecurity implications of increasingly capable AI models and others who argued that even voluntary government review mechanisms could become barriers to innovation and weaken US competitiveness against China. Reports at the time indicated the abandoned proposal would have created a voluntary process allowing developers of advanced AI systems to provide the federal government with access to models before public release so that national security officials could evaluate their cybersecurity implications. The new executive order preserves many of those cybersecurity provisions while emphasizing that it does not create mandatory licensing, preclearance, or permitting requirements for AI developers. A compromise between innovation and security On his first day in office, Trump dismantled many of the AI governance initiatives established under former President Joe Biden, arguing that regulation could slow innovation and undermine American leadership in the global AI race. Yet as AI systems become increasingly capable, national security officials have raised concerns about the potential impact of advanced models on cyber operations, critical infrastructure, and intelligence activities. The executive order attempts to reconcile those competing priorities. It repeatedly emphasizes innovation and American technological leadership while acknowledging that advanced AI capabilities present national security risks that require government attention. “The United States continues to lead the world in Artificial Intelligence because of the enormous talent and innovation of our AI industry, and because we refuse to stifle this innovation with overly burdensome regulation,” the order states. At the same time, it notes that advanced AI capabilities introduce “new national security considerations that require coordinated action.” The result is a framework that focuses narrowly on cybersecurity and national security concerns while avoiding the broader governance, safety and oversight provisions that characterized Biden’s 2023 AI executive order. Hardening federal and critical infrastructure systems A significant portion of the order is devoted to strengthening the cybersecurity of federal networks and critical infrastructure systems. Within 30 days, the Committee on National Security Systems, an intergovernmental body that establishes cybersecurity policies, directives, and standards for National Security Systems (NSS), must prioritize the cyber defense of national security systems, while the Department of War, the administration’s renamed Department of Defense, is directed to prioritize the protection of its own information systems. The Cybersecurity and Infrastructure Security Agency (CISA) must also issue directives and guidance designed to strengthen civilian federal networks and accelerate the adoption of AI-enabled defensive technologies. The White House also wants advanced cybersecurity capabilities extended beyond federal agencies. The order directs CISA to facilitate access to cybersecurity tools and services for state and local governments as well as operators of critical infrastructure. The directive specifically identifies rural hospitals, community banks, and local utilities as organizations that should benefit from expanded access to cybersecurity capabilities, including advanced AI tools. The focus on smaller organizations reflects growing concern that many essential service providers lack the cybersecurity resources available to larger enterprises despite facing increasingly sophisticated cyber threats. Moreover, the order directs federal officials to identify grant funding that could support organizations developing advanced AI-based vulnerability detection technologies and expands federal hiring pathways for cybersecurity professionals. Creating an AI cybersecurity clearinghouse Another notable provision establishes an AI cybersecurity clearinghouse intended to improve coordination between government agencies, AI developers, and critical infrastructure operators. The Treasury Department will form the clearinghouse in consultation with the National Security Agency, CISA, and other federal officials. According to the order, the initiative will operate through voluntary collaboration with AI companies and critical infrastructure organizations. Its mission will include coordinating vulnerability scanning activities, validating discovered software vulnerabilities, prioritizing remediation efforts, and facilitating the distribution of security patches. The order also directs the clearinghouse to deconflict vulnerability-discovery efforts so participants are not duplicating work. The provision appears designed to create a more organized mechanism for vulnerability discovery and remediation at a time when AI systems are becoming increasingly capable of identifying software flaws and weaknesses across large environments. Establishing oversight of frontier model cyber capabilities One of the most consequential sections of the order concerns advanced AI systems, often referred to as frontier models. Within 60 days, the NSA, CISA, Treasury Department, National Institute of Standards and Technology, and other agencies must develop a classified benchmarking process for evaluating the advanced cyber capabilities of AI models. The process will be used to determine when a system should be designated a “covered frontier model.” The order does not define what capabilities would trigger the designation, instead directing federal agencies to develop classified assessment criteria and benchmarks for assessing advanced cyber capabilities. The NSA will ultimately be responsible for making determinations in consultation with other national security officials. While that approach gives the government flexibility as AI systems evolve, it also leaves unanswered questions about which future models could ultimately fall within the framework. The administration also plans to establish a voluntary framework through which AI developers can consult with the government regarding whether systems under development meet the threshold for designation as covered frontier models. Under that framework, participating companies may provide the government with access to covered frontier models for up to 30 days before those systems are released to other trusted partners. Earlier drafts reportedly called for reviews as much as 90 days before release, though some AI industry officials pushed for a shorter 14-day period, according to reports . The government and developers would also collaborate on selecting trusted organizations that could receive early access to the models to support cybersecurity research and critical infrastructure protection efforts. The provision effectively creates a structured mechanism through which federal agencies can gain insight into some of the most advanced AI systems before they become widely available. Although the process is voluntary, it closely resembles portions of the broader executive order that Trump declined to sign last month. Rejecting licensing and mandatory approvals While the administration retained some of the cybersecurity provisions reportedly contained in the earlier proposal, it also included language clearly intended to reassure AI developers and investors. The order explicitly states that nothing in the initiative authorizes the creation of “a mandatory governmental licensing, preclearance, or permitting requirement” for the development, publication, release or distribution of AI models, including frontier models. That language appears intended to address concerns raised by critics of the abandoned May proposal, who argued that even voluntary review processes could eventually evolve into de facto regulatory requirements. Targeting AI-enabled cybercrime The executive order also directs the Justice Department to increase its focus on cybercriminals who use artificial intelligence as part of their operations. Specifically, it instructs the Attorney General to prioritize enforcement of federal computer crime, identity theft, and fraud statutes against individuals who use AI to gain unauthorized access to computer systems or who use AI tools while committing cybercrime. The order references the use of AI agents to unlawfully access information that is later used for criminal purposes, reflecting growing concern among policymakers that increasingly autonomous AI systems could enable new forms of cybercrime. Collectively, the provisions in the new order preserve Trump’s opposition to broad AI regulation while creating new mechanisms for federal agencies to assess the cybersecurity implications of increasingly capable AI systems. The order signals that even an administration committed to minimizing AI oversight views frontier-model cyber capabilities as a growing national security concern.