U.S. asks AI firms to submit models for cybersecurity tests

The White House published an executive order titled "Promoting Advanced Artificial Intelligence Innovation and Security" on June 2, 2026, that directs federal agencies to secure voluntary agreements with AI developers to test advanced models, per the text of the order. The order names the Departments of Treasury, Defense, Commerce and Homeland Security as principal coordinators and gives agencies up to 30 days to conduct cybersecurity evaluations of models before companies release them to organizations outside government, according to the executive order. The order also directs agencies to prioritize cyber defense across government systems and to develop an "AI cybersecurity clearinghouse" to collect and share vulnerabilities, per the White House text.

The order instructs agency components to develop benchmarks and testing protocols to assess model cyber capabilities and vulnerabilities, language that appears in the published executive order. Reuters and Cybersecurity Dive report the administration will ask developers to use criteria set by agencies to identify which models warrant review. NPR and The New York Times report the final order reduced an earlier proposed review window from 90 days to 30 days; The New York Times attributes that change to internal deliberations including input from David Sacks and other officials.

Reporting by Reuters and ITNews cites meetings between White House officials and AI company representatives; Reuters reported that Anthropic, OpenAI and Alphabet's Google met with the U.S. government during development of the order. Reuters quotes Google executive Kent Walker calling the order "an important step forward." Multiple outlets note Anthropic's recent restricted release decisions for Mythos as part of the context that motivated the policy push.

Editorial analysis: Companies and governments have increasingly balanced rapid model rollout against exploit risk; comparable voluntary review frameworks in cybersecurity and aviation show governments often prefer voluntary, time-limited windows to avoid disrupting commercial deployment. For practitioners, such voluntary pre-release evaluation windows typically raise operational questions about packaging, reproducibility of test inputs, and secure environments for testing.

The executive order represents a federal push to add an operational cybersecurity layer to model releases without imposing mandatory premarket approval. Observers in major outlets characterize the move as a notable shift from the administration's earlier hands-off posture; Reuters and The New York Times both report it narrows the government's review authority to voluntary, time-limited testing rather than compulsory approvals. For national-security and critical-infrastructure operators, a centralized vulnerability clearinghouse and coordinated scanning with banks could speed detection and mitigation of model-driven attack vectors, according to reporting that cites the Treasury's consultative role.

• •Whether major model developers enter voluntary agreements and how many models are submitted for testing, as reported by agencies or companies.
• •The technical scope and benchmarks agencies publish for "cyber capabilities" testing, which will determine what classes of vulnerabilities are prioritized.
• •How the proposed AI cybersecurity clearinghouse handles sensitive exploit data and sharing with private-sector partners; privacy and liability rules will affect participation and information flow.

Editorial analysis: The executive order formalizes a voluntary, cross-agency approach to pre-release cybersecurity testing and creates institutional channels for vulnerability sharing. Observers in reporting note the timeline and voluntary design reflect a policy trade-off: add safeguards while limiting regulatory friction on model deployment.