Analysts Say White House Must Quickly Replace Shelved AI Framework
U.S. President Donald Trump’s decision to abruptly shelve an artificial intelligence executive order aimed at creating a federal review process for frontier models doesn’t annul the need for the federal government to work with frontier model makers to address risks, say cybersecurity experts.
See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?
According to a draft copy, the executive order would have created a framework and clearinghouse for the government to vet national security risks tied to advanced AI systems before public release, in voluntary collaboration with companies such as Anthropic, OpenAI and Google. Trump called off the signing ceremony hours before it was expected to take place, telling reporters he was concerned the order could hinder America’s lead over China in AI development.
Several former federal cyber officials and public sector security analysts told ISMG the administration should use the delay to craft a framework that preserves innovation while establishing clearer protections around frontier models.
“The next iteration of the executive order should require independent, supply-chain red-team testing for items such as model-assisted malware generation, vulnerability discovery and evasion of defensive tools,” said Megan Rolander, former acting assistant cybersecurity and technology chief for the FBI.
Rolander, who now serves as head of the public sector for Black Kite, advocates a “tiered, risk-based evaluation process” that reserves deep examination for frontier models. “This keeps innovation moving while ensuring that models with the potential to affect national security, critical infrastructure or cyber operations receive appropriate scrutiny.”
The unsigned draft order would have directed federal cyber, defense, intelligence and financial agencies to develop classified benchmarks for assessing when a model should be treated as a “covered frontier model.” The draft says the process would be voluntary, and explicitly states it should not create a mandatory licensing, preclearance or permitting regime for new AI models.
Under the now-shunned draft, companies could provide the government with access to covered frontier models for up to 90 days before public release. Robert Costello, former CIO for CISA and current chief digital and information officer at Merlin Group, said a review window would give federal officials and the private sector valuable time to address concerns “before they become problems.”
The proposed order comes amid concern across Washington and the cybersecurity industry over how federal defenses will fare against frontier AI systems capable of accelerating vulnerability discovery. Systems such as Anthropic’s Mythos model may be evidence that advanced AI capabilities are evolving faster than policy and security frameworks (see: Anthropic Calls Its New Model Too Dangerous to Release ).
Diana Kelley, CISO of AI security and governance platform Noma Security, advised the administration to look at earlier cybersecurity coordination efforts – including coordinated vulnerability disclosure programs and post-incident review frameworks – as examples of how voluntary initiatives can evolve into more effective security mechanisms through clear reporting channels, response expectations and public accountability.
“The big question is whether this helps establish a durable safety assessment process,” Kelley said, describing the need for independent testing, clear risk thresholds and “meaningful consequences when unacceptable risks are found.”