Trump's AI E-(I)-O could let feds pick winners and losers

After postponing a planned signing last month for an executive order addressing advanced cybersecurity AI models, President Trump has signed a largely similar version that's just as questionably effective. The EO, signed in a private ceremony on Tuesday, directs various government agencies to take steps to protect their systems and data, as well as those of agencies they support, from cyber threats, while also facilitating access to advanced AI models that could help agencies bolster their cybersecurity defenses. The order also directs the Treasury Department to establish an AI cybersecurity clearinghouse" that works with the AI industry and critical infrastructure operators to coordinate and deconflict the use of advanced AI tools for software vulnerability scanning, vulnerability discovery and validation, and remediation and patching efforts. Additional provisions are included to direct federal grant programs toward companies developing AI vulnerability detections, and to expand the US Tech Force's Information Cybersecurity Specialist hiring and placement pathways. Those elements are pretty cut-and-dried, but it's the rest of the order that has raised eyebrows among policy experts who've weighed in on the order so far. Section three of the EO, Secure Frontier Model Deployment, is where the government's AI model pre-release review scheme is outlined, and it is also where the most substantial change in the order compared to the earlier May draft appears. The version signed Tuesday directs various agencies to work with the National Institute of Standards and Technology to establish a voluntary framework" through which the federal government would get access to covered frontier models" for up to 30 days before their planned release to other trusted partners" in order for the agencies to review them for potential cybersecurity risks. The May draft included a 90-day review period; the reduction to 30 days appears to be the most significant change between the two versions. Along with the review period, section three of the order also asks federal agencies to develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models," which would also be used to determine which AI models qualify as covered frontier models for the purpose of the order. The EO also asks that the voluntary framework enable AI companies to "collaborate with the Federal Government to select trusted partners that will have early access to covered frontier models," meaning that the Trump administration would effectively have a role in picking which companies get to participate in programs like Anthropic's Project Glasswing for its Claude Mythos Preview. Want early access? You'd better be on our side The Register was contacted by various policy analysts about the EO, and while all agreed some sort of rule was better than nothing, a number of them shared their concerns. The White House executive order on frontier AI models, while imperfect, is a step in the right direction to prepare the nation for the release of advanced AI systems," Cato Institute policy analyst Juan Londono said of the order. The lack of clear specifications on which criteria should be used to determine what constitutes a 'covered frontier model,' and the government's involvement in decisions about which 'trusted partners' can access these advanced models, gives the executive a great deal of discretion," Londono added. This could open the door to potential weaponization against companies that have any sort of conflict with the administration." Former FTC chief technologist Neil Chilson likewise said that the order is better than the current informal approach," but hopes Congress will take action to establish some actual rules. Gaps in the order, Chilson said, could be used to pick winners and losers, or to give short-term national security concerns excessive weight at the expense of longer-term national security, economic growth, innovation, and other national interests." The Center for Democracy and Technology's VP of policy, Samir Jain, likewise said that the EO takes necessary steps to address risks to critical infrastructure, and like others, he praised the choice to make the framework non-mandatory. That trusted partners element, however, raised his hackles, too. The EO should not become a mechanism for the Administration to punish companies for political or other arbitrary reasons, and so we will be closely monitoring the details of its implementation as they emerge," Jain said. The White House didn't respond to questions for this story. (R)