CRS finds Trump’s frontier AI order relies on voluntary industry participation, leaves definitions and funding unresolved
External Source means this preview stays on Qubicweb while the full article lives on the publisher site.
Brief points
Key points will appear here after this read is condensed for Qubicweb. Use the source link below if you need the full article immediately.
A new report from the Congressional Research Service identified that President Donald Trump’s Executive Order 14409 marks a shift toward voluntary collaboration with AI (artificial intelligence) developers as the federal government seeks to strengthen cybersecurity without imposing mandatory licensing or preapproval requirements on AI models. It also noted that the order directs agencies to accelerate cyber defenses, expand AI-enabled defensive capabilities, establish an AI cybersecurity clearinghouse with industry participation, and protect critical infrastructure and intellectual property from emerging AI-related threats.
Published last week, the CRS report identified that E.O. 14409 ‘Promoting Advanced Artificial Intelligence Innovation and Security’ establishes a voluntary framework for evaluating frontier AI models with advanced cyber capabilities before public release. Under the policy, developers may choose to provide the federal government with early access to designated models for security assessments, while the Justice Department is directed to prioritize enforcement against the criminal use of AI in computer intrusions, identity theft, wire fraud, and other cyber-enabled offenses.
“Congress might consider the extent to which certain implementation details of E.O. 14409 are not specified by the order itself. The order does not define covered frontier model,” the CRS report pointed out. “The order relies on existing appropriations, leaving it unclear as to how new requirements, such as the AI cybersecurity clearinghouse (for which Treasury did not specifically request FY2027 funding), and expanded cybersecurity tools and services for states and local authorities may be funded. Left unclear are the scope of resources and the appropriate roles for organizations to carry out certain technical activities, such as developing an AI benchmarking process.”
It added that Congress might consider whether to maintain the overarching approach of voluntary industry engagement in AI or whether safety and security concerns of AI models warrant establishing federal requirements for testing and evaluation of certain AI models before release.
“Congress may choose to consider the E.O.’s proposed assessment of AI models as a tool to address national security concerns, especially in contrast to stronger government direction or regulation,” according to the report. “It may also choose to consider the Administration’s other approaches, such as requiring Anthropic to suspend access to a frontier AI model showing advanced cyber capabilities, in the context of the E.O.’s broader policy and its effects on industry compliance and future policymaking.”
The executive order directs federal agencies to complete a series of cybersecurity initiatives on accelerated timelines. Within 30 days, the Committee on National Security Systems must prioritize the cybersecurity of national security systems, while the Department of Defense is tasked with strengthening the security of its information systems.
The CISA (Cybersecurity and Infrastructure Security Agency), working with the OMB (Office of Management and Budget), National Security Council, Assistant to the President for National Security Affairs, and National Cyber Director, must issue Binding Operational Directives for civilian federal systems, expand AI-enabled defensive tools, and extend cybersecurity services to SLTT (state, local, tribal and territorial) governments and critical infrastructure organizations.
During the same period, the Treasury Department, National Cyber Director, NSA (National Security Agency) and CISA are directed to establish an AI cybersecurity clearinghouse, while OMB, CISA and the National Cyber Director must identify federal grant funding to support AI vulnerability detection research and development.
Within 60 days, the NSA, National Cyber Director, Assistant to the President for Science and Technology, CISA, and the Department of Defense must develop a classified benchmarking process for frontier AI models and establish a voluntary framework for pre-release access to designated models. Treasury, NSA, CISA, the National Institute of Standards and Technology, the Assistant to the President for Science and Technology and DOD are also directed to create a voluntary framework for AI companies to disclose qualifying models.
Furthermore, the Office of Personnel Management must expand cybersecurity hiring pathways through the U.S. Tech Force initiative, while the Department of Justice is instructed to prioritize prosecutions involving AI-facilitated cybercrime under existing federal identity theft, computer fraud and wire fraud statutes on an ongoing basis.
The order’s cybersecurity provisions expand voluntary national security oversight of advanced AI models, stopping short of formal licensing or preclearance requirements. By creating a category of covered frontier models, it treats advanced AI as a dual-use technology warranting early government oversight, similar to the treatment of sensors, lasers and avionics under the Wassenaar Arrangement. Voluntary notification and review window is meant to give agencies time to probe models for offensive and defensive cyber applications before public release, which could help surface vulnerabilities and abuse pathways earlier.
That voluntary structure also carries risk. Coverage gaps could open up if major developers decline to participate, if the criteria for covered models are drawn too narrowly, or if review periods run too short to catch real risks. Planned AI cybersecurity clearinghouse and expanded information sharing could strengthen defenses for critical infrastructure operators, but only if the threat intelligence it delivers is timely and actionable. Concentrating sensitive model details and threat data in federal systems creates its own exposure, making that data a target in its own right.
For companies that opt in, the framework offers closer security collaboration with defense and civilian agencies. It also comes with a tradeoff, exposing participants to more probing scrutiny of model architecture, training data and red-teaming results.
The CRS report notes E.O. 14409 directs Treasury, working with the Defense and Homeland Security departments and in consultation with NIST, to secure frontier model deployment. That builds on earlier NIST agreements with Anthropic and OpenAI, under which the agency was set to receive access to major new models from each company before and after public release. Those agreements stopped short of public transparency on testing and evaluation, and did not cover every frontier AI developer.
Congress has its own pending proposals in this space. The Artificial Intelligence Civil Rights Act of 2025 (H.R. 6356) would mandate pre-deployment evaluation of certain AI models, while a discussion draft of the Great American Artificial Intelligence Act of 2026 would lay out transparency, assessment and security testing frameworks for frontier systems.