WASHINGTON — After weeks of delay, the White House issued an intensely anticipated executive order today that creates a new “voluntary framework” for government oversight of cutting-edge AI, with the National Security Agency playing a central role.
The “voluntary framework” in the executive order essentially asks that companies developing “covered frontier models” — as defined by the NSA — give government agencies and select “trusted partners” in the private sector early access to their models for 30 days prior to publication. The EO does not detail how the NSA will define “covered frontier models,” although it does require the NSA to consult with a wide range of other agencies, from Commerce to Homeland Security to the Treasury.
While most of the system the executive order set up is indeed voluntary, there’s no opting-out of the NSA oversight. Instead, the document directs the NSA to “develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models” — that is, to assess whether or not any given AI could be a dangerously powerful tool for hackers. The AI developers themselves may or may not be informed of those assessments, “as appropriate.”
As Abundance Institute CEO Christopher Koopman warned in a post on X, “Being labeled a ‘covered frontier model’ isn’t voluntary at all.
“The NSA makes that call through a classified benchmark you can’t see or contest,” Koopman wrote. “Only the second step, when you hand over access, is the part you opt into. You can decline the program. You can’t decline the label.”
The executive order strives to strike a balance between two competing imperatives: It aims to shore up cybersecurity against AI-powered hacking, without imposing burdensome oversight that might slow down American AI developers.
RELATED: Top Pentagon tech officials optimistic Mythos-style AI tools will improve cyber defense
The cybersecurity threat is that the latest generative-AI models, most famously Claude Mythos, can discover thousands of previously unknown vulnerabilities in widely used software, revealing easy targets for attackers faster than defenders can fix them. After discovering Mythos’s unintended potential as a hacking tool, developer Anthropic voluntarily delayed publication of Claude Mythos to share a preview version with 150 key players in the cyber defense world, hoping a grand collaboration could patch the holes before they became known to foreign adversaries and cyber criminals.
The 30-day voluntary preview period announced today is much less than the 90 days envisioned by an earlier version of the executive order, which President Donald Trump publicly rejected just hours ahead of a planned signing ceremony last month. “[I] didn’t like certain aspects of it,” Trump told reporters at the time. “We’re leading China, we’re leading everybody, and I don’t want to do anything that’s gonna get in the way of that lead.”
White House AI advisor David Sacks, who reportedly led the charge against the original language, declared victory in a post on on X.com today: “The change in the EO from a 90 day to 30 day period is a game changer because it allows our AI labs to comply with the voluntary framework without delaying new model releases.”