On May 21, 2026, President Trump stood in the Oval Office ready to sign his first AI safety executive order. Then his phone rang. Elon Musk, Mark Zuckerberg, and venture capitalist David Sacks each called to oppose the order’s 90-day government review window for frontier AI models. Trump pulled the signing ceremony within the hour, telling reporters, “We’re leading China, we’re leading everybody, and I don’t want to do anything that’s going to get in the way of that lead.”
Twelve days later, on June 2, he signed a rewritten version. The review window shrank from 90 days to 30. The entire framework became voluntary. And the order now explicitly bars the government from creating any mandatory licensing or preclearance requirement for AI models.
The executive order, titled “Promoting Advanced Artificial Intelligence Innovation and Security,” is the first Trump-era policy directly addressing frontier AI safety. It asks companies to voluntarily submit their most powerful models for government testing before public release. It creates an AI cybersecurity clearinghouse. And it hands the National Security Agency, not a civilian agency, the authority to define what counts as a “frontier model.”
What the Order Actually Requires
The word “requires” overstates it. Nothing in the order is mandatory for AI companies.
Here is what it establishes. Within 60 days, the Treasury Department, the NSA, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST) must develop a classified benchmarking process to assess the cyber capabilities of AI models. That process will determine the threshold at which a model qualifies as a “covered frontier model.”
The criteria stay classified. The public will not know the specific benchmarks, parameters, or capability thresholds that trigger the designation.
Under the voluntary framework, AI developers can ask the government whether a model in development meets the frontier threshold, grant the government access to that model for up to 30 days before release, and collaborate on which outside partners receive early access. None of this is compulsory.
Within 30 days, a separate group of agencies must stand up the AI cybersecurity clearinghouse. This body will coordinate vulnerability scanning, validate discovered vulnerabilities, and prioritize remediation across critical infrastructure operators, including rural hospitals, community banks, and local utilities.
The Office of Management and Budget has 30 days to determine whether existing federal grant funding can be redirected toward AI vulnerability detection. The Office of Personnel Management has 60 days to expand cybersecurity hiring pathways.
Why the NSA Got the Central Role
The most consequential institutional decision in the order is assigning the NSA, through the Secretary of Defense, the authority to determine which models qualify as “covered frontier models.” In past administrations, civilian agencies like NIST or the FTC would have held that role. This order places the determination squarely in the national security apparatus.
The NSA’s benchmarking process will focus on functional capabilities rather than static parameters like model size or training compute. One specific capability the order names: Automated Exploit Generation (AEG), the ability of a model to write fully functional cyber weapons. Other capability thresholds will be determined during the 60-day development period.
This framing signals that the administration views frontier AI primarily through a national security lens, not a consumer safety lens. The threat model is adversarial: what can an AI model do in the hands of a hostile actor? The question of what an AI model does to ordinary users (bias, misinformation, job displacement) is not addressed.
The Mythos Catalyst
The executive order did not emerge from routine policy planning. Anthropic’s Claude Mythos announcement in April 2026 was the catalyst. The model demonstrated the ability to find and exploit zero-day vulnerabilities in every major operating system and web browser at machine speed. Anthropic voluntarily restricted Mythos Preview’s release, but the implications were immediate.
The Washington Post reported that the disclosure “set off alarm bells across Silicon Valley and Washington.” A model that can discover decades-old vulnerabilities, some going back 10 to 20 years, in hours rather than months changes the threat calculus for every organization running networked software. That is every organization.
CNBC described the response as “cybersecurity hysteria,” though security researchers argued the threat was already present in unreleased models. Anthropic’s Project Glasswing had already committed $100 million to defensive AI cybersecurity, positioning the company on both sides of the capability ledger.
The executive order’s emphasis on Automated Exploit Generation as a core benchmark reads as a direct response to Mythos. The government wants to know, before public release, whether the next frontier model can do what Mythos did.
Biden Required It. Trump Asks Nicely.
The comparison to Biden-era policy is stark. In October 2023, President Biden signed an executive order that mandated companies developing the most advanced AI systems share safety test results with the government before release. That order carried legal authority through the Defense Production Act.
On his first day in office in January 2025, Trump rescinded Biden’s mandate, calling it “overly burdensome and inimical to AI innovation.” Eighteen months later, the new order reintroduces a government review framework for frontier models, but strips it of enforcement power.
The practical difference: under Biden, a company that refused to submit safety test results faced potential legal consequences. Under Trump, a company that declines to participate faces nothing. The order states plainly that it “shall not be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement.”
OpenAI supported the original 90-day version and described the final policy as “an important step.” This places OpenAI on the opposite side of the lobbying effort from Musk’s xAI and Zuckerberg’s Meta. The Business Software Alliance called the document “appropriately constructs a voluntary and phased approach.”
Anthropic declined to comment.
What Voluntary Means for an Industry Raising Trillions
The voluntary framework creates a specific game theory problem. If one company submits its frontier model for government review and a competitor does not, the submitting company faces a 30-day delay while the competitor ships immediately. In a market where Anthropic and OpenAI are both racing toward trillion-dollar public offerings, 30 days is material.
The incentive structure makes participation rational only if most competitors also participate, or if the government offers something in return. The order hints at the latter: companies that cooperate gain input into which “trusted partners” receive early access, and federal agencies are directed to provide cybersecurity tools and frontier model access to critical infrastructure operators. A company inside the voluntary framework potentially gets a preferred seat at government procurement tables.
For the 40 secret government evaluations already underway through CAISI and other channels, the executive order adds a formal, if toothless, structure. The testing was already happening. The order gives it a name, a 30-day window, and an explicit promise that it will never become mandatory.
The question for enterprise AI buyers: does it matter? The answer depends on what the classified benchmarks reveal, who participates, and whether the cybersecurity clearinghouse actually accelerates patch distribution. The companies filing for trillion-dollar IPOs will volunteer or not based on one calculation: whether cooperation with the NSA helps or hurts their valuation story. The executive order’s impact will be measured not by what it mandates, but by who shows up.