US President Donald Trump today has signed a new executive order to improve America’s cybersecurity capabilities in the age of artificial intelligence. The order comes at a time when AI models are becoming increasingly powerful and concerns are growing about how they could be used by hackers, foreign adversaries and criminal groups. Rather than imposing mandatory licensing or government approval requirements, the administration is seeking closer cooperation with AI companies to evaluate the risks posed by advanced AI systems before they are released.
What we can understand from the order is that it is designed to answer a key question, when does an AI model become powerful enough that the government should pay special attention to its cybersecurity implications?
The administration’s approach
The order begins by reaffirming Trump’s belief that the United States leads the world in artificial intelligence because it has avoided what he describes as excessive regulation. According to the order released by the White House,”The United States continues to lead the world in Artificial Intelligence (AI) because of the enormous talent and innovation of our AI industry, and because we refuse to stifle this innovation with overly burdensome regulation.”
The administration argues that previous regulatory approaches placed unnecessary constraints on AI developers and researchers. Instead, it says the government should encourage innovation while addressing national security risks as they emerge. The order repeatedly frames AI as both an ‘economic opportunity’ and a ‘strategic asset’. According to the White House, advanced AI can strengthen national security, improve cyber defence capabilities and help protect American infrastructure from foreign threats.
A major push to strengthen cyber defences
A large portion of the order focuses not on regulating AI companies but on improving cybersecurity across government systems and critical infrastructure. Several agencies have been instructed to take action within the next 30 days. The Committee on National Security Systems is required to prioritise the protection of national security networks, while the Department of War has been directed to strengthen the cyber defences of its own information systems.
The Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), has also been tasked with accelerating the protection of civilian federal government systems. The agency will issue guidance and directives designed to improve cyber resilience and expand the use of AI-powered defensive tools.
The order also seeks to make advanced cybersecurity tools available to a wider range of organisations. These include state and local governments as well as operators of critical infrastructure such as rural hospitals, community banks and local utility providers.
Creation of an AI cybersecurity clearinghouse
One of the most significant initiatives announced in the order is the creation of an AI cybersecurity clearinghouse. The Treasury Department, working with national security and cybersecurity agencies, has been directed to establish a system that brings together AI companies and critical infrastructure operators.
The goal is to identify software vulnerabilities more quickly, verify potential weaknesses, coordinate fixes and distribute security patches efficiently. In simple terms, the administration wants AI companies and infrastructure operators to work together in identifying cyber threats before they can be exploited by attackers. The order also asks federal agencies to explore whether existing grant programmes can support projects focused on AI-driven vulnerability detection and cybersecurity research.
Expanding the cybersecurity workforce
The administration also wants more cybersecurity professionals inside government. Within 60 days, the Office of Personnel Management has been instructed to expand hiring and placement programmes for cybersecurity specialists through the United States Tech Force initiative. The objective is to increase the government’s ability to defend its networks as AI-powered cyber threats become more sophisticated.
What is a “covered frontier model”?
The most closely watched part of the order is Section 3, which introduces the concept of a “covered frontier model.” The administration has directed national security agencies to develop a classified benchmarking system that evaluates the cyber capabilities of advanced AI models.
The purpose of this process is to determine when an AI model becomes powerful enough to warrant additional government attention because of its potential cybersecurity implications. The order does not define the exact threshold publicly. Instead, government agencies will create a classified assessment framework to determine which models qualify.
In practical terms, this means the government wants a way to identify AI systems that may possess advanced capabilities that could potentially be used to discover software vulnerabilities, automate cyberattacks or significantly alter the cybersecurity landscape.
A voluntary review process for AI companies
One of the most consequential aspect of the order is the voluntary framework that the government plans to create with AI developers. Under this framework, companies will be able to approach the government to determine whether a model they are developing would qualify as a covered frontier model.
If a model meets that threshold, companies can voluntarily provide the government with access to it before public release. The order states that developers could “provide the Federal Government with access to covered frontier models … for a period of up to 30 days before they plan to release such models to other trusted partners.”
This effectively creates a mechanism through which the government can examine highly capable AI systems before they become widely available. The administration argues that this early access would help officials understand emerging risks and improve national cyber defences.
The role of “trusted partners”
The government intends to work with AI developers to identify organisations that should receive early access to advanced models.
According to the order, developers and the federal government will “collaborate with the Federal Government to select trusted partners that will have early access to covered frontier models to promote secure innovation and strengthen the cybersecurity of critical infrastructure.”
The White House has not yet explained who these trusted partners will be. They could potentially include cybersecurity firms, infrastructure operators, research institutions or other organisations involved in protecting critical systems. The details are expected to be developed in the coming months.
No mandatory licensing or government approval
The order explicitly attempts to reassure AI companies that it is not creating a licensing system. One of the most important lines in the document states, “Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models.”
This language appears designed to address concerns from the technology industry that the government could eventually require approval before companies release new AI models. Instead, participation in the framework is described as voluntary.
However, critics may argue that voluntary programmes can still become influential if participation becomes an industry expectation or if companies perceive strategic advantages in cooperating with the government.
Stronger enforcement against AI-assisted cybercrime
The order also directs the Justice Department to prioritise criminal enforcement against people who use AI to commit cyber offences. This includes individuals who use AI systems to gain unauthorised access to computer networks, steal information, damage systems or assist other criminal activities.
What the order does not do
Although the order has generated significant attention, it leaves many critical questions unanswered. It does not explain exactly how frontier models will be evaluated. It does not reveal the cyber capability threshold that would trigger government review. It does not identify the trusted partners that may receive early access. Nor does it explain how confidentiality and intellectual property concerns will be managed in practice.
Most importantly, it does not impose any mandatory requirements on AI developers at this stage. Many of the operational details will be developed later by agencies such as the National Security Agency, CISA, the Treasury Department and the National Institute of Standards and Technology.
Larger picture of the order
The executive order is all about a balancing act inside the Trump administration. On one hand, the administration wants to preserve America’s competitive advantage in AI and avoid regulations that could slow innovation or help rivals such as China catch up. On the other hand, officials increasingly recognise that highly capable AI systems could introduce new cybersecurity and national security risks.
The result is a framework that seeks cooperation rather than regulation. Instead of requiring government approval before releasing advanced AI models, the administration is asking companies to voluntarily participate in a process that gives federal agencies visibility into the capabilities of the most powerful systems. Whether major AI developers choose to participate and how influential the programme becomes may ultimately determine how significant this executive order proves to be.