On May 21, President Trump was prepared to sign a much-anticipated executive order on artificial intelligence and cybersecurity. The order would have created a voluntary pathway for trusted federal agencies and critical-infrastructure defenders to receive up to 90 days of early access to frontier AI models for defensive use.
Hours before the signing, however, the order was suddenly pulled, reportedly over last-minute objections that it could hinder American AI leadership. President Trump later said he did not want to do anything that would get in the way of America’s lead over China.
Now, as of June 2, the executive order is back. President Trump has privately signed a narrower version, shrinking the 90-day early-access window to 30 days.
It is a step forward, but the downsized order calls into question whether the federal government is doing enough to keep up with the impacts of frontier model advancements. Building the world’s best models will be necessary for American AI dominance. However, the existence of these models will not alone be sufficient to produce national resilience. We must ensure that the U.S. government has a practical path to procure the best American models, so that it can defend American systems before adversaries, criminals, and foreign governments learn to use those same capabilities against us.
What the Order Does
The signed order aims to fill several critical gaps.
First, it directs the Cybersecurity and Infrastructure Security Agency (CISA) to expand AI-enabled defensive tools and facilitate access to covered frontier models for use by federal agencies, state and local authorities, and critical-infrastructure operators. Second, it creates a shared clearinghouse for vulnerability discovery and patch distribution. Third, it establishes a classified benchmarking process to determine which models possess advanced cyber capabilities and should count as “covered frontier models.” Most importantly, it sets up a voluntary framework for AI developers to provide protected federal access to covered frontier models for up to 30 days before wider release.
This framework would not solve every problem, but it addresses what can no longer be ignored: frontier-model access for defenders is becoming a necessary component of cyber resilience, and the federal government must build a secure, mission-specific pathway for applying these models before adversaries do.
A Fast-Lane for Frontier Model Access
American companies define the frontier of AI development, but that lead does not automatically translate into national resilience. Right now, the federal government is playing from behind.
To convert American AI dominance into defense, federal agencies need a standing pathway through which selected federal defenders receive pre-release or near-release access to frontier models for defensive missions. This should be a repeatable process that moves at the speed of frontier model development.
The pre-release access window need not be identical in every case—nor for every participating agency. The signed order contemplates up to 30 days of access before release to other trusted partners. For some models and missions, that may be appropriate. For others, near-release access or continuous API access to models as they update may be enough.
The Building Blocks Already Exist
The government does not need to invent a cyber defender process from scratch. CISA and the Joint Cyber Defense Collaborative already provide a model for public-private coordination around cyber defense and vulnerability response. Within the Department of War, faster pathways for AI and defense technology access already exist through the Chief Digital and Artificial Intelligence Office, Tradewinds, and the broader use of Other Transaction Authorities. Software is updated continually, but each new version does not face authorization from scratch. Continuous Authorization to Operate (cATO) already lets agencies maintain authorization for fast-changing systems through continuous monitoring and recurring risk assessment rather than one-off approvals. The same logic should serve as a template for timely reauthorization of AI models as they improve.
The access architecture can vary by mission. Some uses may run through lab-hosted APIs, while more sensitive work may require secure enclaves, classified-network environments, or otherwise government-controlled compute. The point is that the U.S. government needs a reusable fast lane that keeps up with the cadence of frontier model releases.
Early Access Cannot Mean Casual Access
A timely AI pipeline can help secure American missions and harden American infrastructure, but the pipeline itself must be secure. It will involve two categories of sensitive assets: the frontier models provided by American AI labs and the sensitive findings of government users.
On the lab side, the frontier model itself is a strategic asset. It will be a target for theft, sabotage, unauthorized access, adversarial distillation, and model-weight exfiltration. These risks are not hypothetical: reports indicate that Mythos itself has already been accessed by unauthorized users through a third-party vendor environment. On the government side, the outputs (e.g., vulnerability reports, exploit chains, and mission context) are highly sensitive and could amount to a roadmap for adversaries if exposed. Differential access should therefore operate through secure environments that protect both the model provider’s assets and the government user’s sensitive findings.
The first tranche of differential access should not be the entire federal government. Whole-government access would needlessly expose still pre-release models—enviable intellectual property in their own right—to exfiltration and other attacks. More mundanely, it would simply slow the procurement process. It should be limited to vetted teams inside agencies with cyber, intelligence, defense, and critical-infrastructure missions, possibly including CISA, the National Security Agency, U.S. Cyber Command, Department of Energy national labs, select Intelligence Community elements, FBI cyber components, and financial-sector security nodes. In some cases, access may extend to trusted private-sector partners operating critical infrastructure whose failure would have national consequences.
American AI Should Defend America First
This week’s executive order is a starting point. Frontier models are becoming powerful instruments for cyber offense. This moment of American AI dominance should translate into American resilience, but that will not happen automatically. It will require an access pathway for trusted defenders whose mission is to find and patch the vulnerabilities of greatest consequence.
The United States should not overreact to cyber advances and scramble to build a strict licensing regime for AI. But neither should we mistake today’s voluntary 30-day framework for truly lasting operational readiness, only to leave federal agencies and critical-infrastructure defenders waiting while adversaries begin to use those same frontier capabilities for destructive ends.
