President Donald Trump on Tuesday signed an executive order aimed at giving the U.S. government and its critical infrastructure partners early access to powerful new AI models.

The EO comes as policymakers, infrastructure operators and cybersecurity experts fret over the vulnerability-finding capabilities of frontier models such as Anthropic’s still-private Claude Mythos — and the security chaos those AI tools could cause in the wrong hands. It also comes two weeks after Trump scrapped an earlier version of the order following industry pushback.

The core of Trump’s two-part directive is an AI model pre-release review process designed to help government agencies and infrastructure providers prepare for the consequences of emerging AI capabilities.

The document gives the departments of Homeland Security and Treasury, the White House Office of the National Cyber Director and the National Institute of Standards and Technology (NIST) 60 days to determine what constitutes a powerful enough AI model that the government should seek early access to it. AI companies will use the criteria to identify models that warrant government evaluation. The government will then request up to 30 days of pre-release access to those models, along with early access for select critical infrastructure operators.

The pre-release review timeframe is the only part of the executive order that significantly differs from the directive that Trump abruptly decided not to sign on May 21. That document called for a review period lasting up to 90 days, but tech executives and some Trump advisers said that would be too long.

New direction for Trump’s AI policy

The executive order represents a striking about-face for the Trump administration on AI security. On his first day in office in 2025, Trump rescinded a Biden administration requirement for AI companies to submit their safety tests to the government, calling it overly burdensome and inimical to AI innovation. But Mythos’s debut upended the White House’s calculus on AI, forcing the administration to consider a new role for the government in evaluating the rapidly evolving technology’s growing risks.

Democratic lawmakers quickly pointed out that Trump and his team had previously rejected some of the new EO’s core provisions.

“While this course correction ... can begin to grapple with widespread impacts that new frontier models will have on our critical infrastructure, it can’t undo the years wasted on dismantling some of the most vital pillars of our nation’s cybersecurity response,” said Sen. Mark Warner, D-Va., the ranking member on the Intelligence Committee.

The new AI model review process will be voluntary for companies, but as Trump’s earlier rejection of his own executive order revealed, there are still disagreements inside the administration about how involved the government should be in AI security.

“We're leading China, we're leading everybody, and I don't want to do anything that's going to get in the way of that lead,” Trump told reporters after scrapping the earlier directive, which he said “could have been a blocker” to AI innovation.

The tech industry expressed cautious optimism about the new EO.

Victoria Espinel, the chief executive of the Business Software Alliance, said the document “appropriately constructs a voluntary and phased approach” to model evaluation and praised it for “initiating a structured and transparent process by which industry, government, and security experts can collaborate on future breakthroughs in AI security.”

The EO “takes important steps” to “protect Americans by ensuring that powerful AI tools are deployed responsibly,” said Jason Oxman, the chief executive of the Information Technology Inudstry Council. “The U.S. leads when it promotes innovation and security through voluntary frameworks rather than regulation.”

Leveraging AI for cyber defense

In addition to designing a model-review process, Trump’s executive order also directs the government to take several steps to improve the nation’s response to the tidal wave of vulnerability reports that AI is generating.

The order instructs the Treasury Department to work with the AI industry and the critical infrastructure community on a “clearinghouse” that will coordinate the nation’s approach to vulnerability discovery, validation and patching. It also instructs the Cybersecurity and Infrastructure Security Agency to direct other agencies to use AI to secure their networks and encourage critical infrastructure operators to do the same.

Other provisions deal with grant funding for AI-powered vulnerability disclosure and cybersecurity hiring at the recently launched U.S. Tech Force.

Questions about NIST testing effort

Despite the fanfare accompanying the new AI review process, the government has already spent years working with AI companies to test their models through NIST’s Center for AI Standards and Innovation.

NIST announced on May 6 that CAISI had signed new agreements with Google, Microsoft and xAI to conduct “pre-deployment evaluations” of their new models. The agency later took down that announcement without explanation.