U.S. asks AI firms to submit models for cybersecurity tests

The White House published an executive order titled Promoting Advanced Artificial Intelligence Innovation and Security on June 2, 2026, directing federal agencies to secure voluntary agreements with AI developers to test their most capable models before external release. The order names the Departments of Treasury, Defense, Commerce, and Homeland Security as principal coordinators and gives agencies up to 30 days to conduct cybersecurity evaluations before companies release models outside government.

The order instructs agencies to develop benchmarks and testing protocols for models' cyber capabilities and to stand up an AI cybersecurity clearinghouse to collect and share vulnerabilities. Reuters and Cybersecurity Dive report that developers would use agency criteria to identify which models warrant review, and that the Treasury secretary is asked to work with banks and critical-infrastructure providers on vulnerability scanning. NPR and The New York Times report the final order cut an earlier proposed review window from 90 days to 30 days following internal administration deliberations.

Reuters reports that Anthropic, OpenAI, and Alphabet's Google met with the U.S. government while the order was being developed, and quotes Google executive Kent Walker calling the order an important step forward. Coverage describes the program as a voluntary collaboration with participating U.S.-based frontier labs rather than a mandatory approval regime.

The order adds an operational cybersecurity layer to model releases without imposing premarket approval, which Reuters and The New York Times characterize as a notable shift from the administration's earlier hands-off posture toward AI. For national-security and critical-infrastructure operators, a centralized vulnerability clearinghouse and coordinated scanning could speed detection and mitigation of model-related attack vectors.

• •Whether major developers enter voluntary agreements and how many models are submitted for testing.
• •The technical scope and benchmarks agencies publish for cyber-capability testing.
• •How the clearinghouse handles sensitive exploit data and sharing with private-sector partners, since privacy and liability rules will shape participation.

The order formalizes a voluntary, cross-agency approach to pre-release cybersecurity testing and creates institutional channels for vulnerability sharing, reflecting a policy trade-off between adding safeguards and limiting regulatory friction on deployment.