[AID | Policy] Regulation Deferred, an Asset Enlisted — Inside Trump's AI Executive Order
Inside the making of the June 2 AI executive order — and how Washington now sees artificial intelligence.
The significance of the executive order on "Promoting Advanced Artificial Intelligence Innovation and Security" lies less in its final provisions than in its turbulent drafting process: a stringent May draft, a signing ceremony abruptly canceled hours before it began, a three-way split within the White House, and a narrower version revived just twelve days later.
Reconstructing this trajectory points to a clear conclusion: what Washington did on June 2 was not, at its core, an act of regulation. It began enlisting AI as a national security asset — deliberately shelving the regulatory question so that nothing would impede that work.
Executive Order: "Promoting Advanced Artificial Intelligence Innovation and Security" · Signed June 2, 2026 · 91 FR 34565 · White House original · Federal Register
At a Glance — What the Order Actually Does
| Provision | Detail |
|---|---|
| Federal cyber hardening | Defense and national-security agencies directed to prioritize cyber defenses for their systems within 30 days. |
| Binding CISA directives | CISA to issue binding operational directives focused on AI-era cyber risk for federal systems and infrastructure operators. |
| AI Cybersecurity Clearinghouse | Treasury-led body coordinating voluntary, at-scale discovery and patching of software vulnerabilities with industry. |
| Classified frontier benchmark | NSA, CISA, and NIST given 60 days to build a classified test determining which systems count as "covered frontier models." |
| 30-day voluntary pre-release review | Developers may share covered models with the government for up to 30 days before broader release. |
| "Trusted partner" early access | Government participates in selecting partners that receive early model access to strengthen critical-infrastructure defense. |
| No licensing regime | Explicitly bars any mandatory licensing, preclearance, or permitting requirement for AI development or release. |
| AI-crime enforcement | The Attorney General directed to prioritize federal prosecution of AI-enabled computer intrusion. |
I. The Order That Died and Came Back
This executive order originally envisioned a far more aggressive approach. The draft circulating within the White House through mid-May centered on a voluntary framework requiring frontier labs — such as OpenAI, Anthropic, and Google — to submit new models for government cybersecurity reviews up to 90 days prior to public release (WIRED, IAPP). Though nominally voluntary, the combination of a 90-day window and a broad scope effectively functioned as a de facto pre-release screening regime.
This proposal split the administration into three distinct factions (Politico). Notably, the momentum for stricter oversight originated from the Department of Defense rather than conventional safety advocates or civil society groups, signaling that national security, not general safety, served as the primary driver for control from the outset.
Pro-innovation camp — David Sacks (Removing Bureaucratic Friction). Former White House AI czar and current PCAST co-chair. Viewing the 90-day review as excessive, Sacks convinced Trump to halt the signing, aligned with his stance that regulatory overreach poses the greatest threat to American innovation (Axios, IAPP).
National security camp — Pete Hegseth (Preventing Adversary Weaponization). Led by the Secretary of Defense, this faction pushed for stringent controls due to concerns that frontier models like the Mythos class could be exploited by foreign adversaries. The focus remained strictly on security rather than safety advocacy (Politico).
The June 2 compromise — Prioritizing Early Visibility Over Veto Power. The national security faction secured early visibility through a 30-day review, classified benchmarks, and a dedicated clearinghouse, while the pro-innovation camp successfully stripped the window of regulatory teeth by mandating voluntariness and banning compulsory licensing.
On May 21, Trump abruptly canceled the scheduled signing ceremony hours before it was set to begin. Speaking at a White House event later that day, he noted his disagreement with specific provisions, citing the role of domestic AI development in job creation (Roll Call), following an intervention by Sacks (Politico). Twelve days later, a recalibrated version emerged: the 90-day window was reduced to 30 days, the scope narrowed to "covered frontier models" evaluated by classified benchmarks, and a written ban on mandatory licensing or pre-approval requirements was explicitly added (CyberScoop, Tom's HW).
The finalized order represents an uneasy truce rather than a permanent settlement. It serves as a provisional arrangement where both factions preserved only their baseline demands without reconciling their core philosophical differences. This compromise held because the security apparatus prioritized early visibility over the outright authority to halt deployment. Consequently, this order marks an unstable equilibrium rather than the definitive endpoint of U.S. AI governance.
II. The Trigger: From Productivity Tool to National Security Variable
The administration's resolve to revive the order despite political friction stemmed from measurable leaps in model capabilities, moving past theoretical AI risks. The catalyst extended beyond any single corporate release; technical evaluations of Anthropic's Claude Mythos and OpenAI's GPT-5.5 revealed markedly improved proficiency in identifying and exploiting software vulnerabilities (Cato). Mythos discovered thousands of unpatched bugs across major operating systems and web browsers, including critical flaws that had gone unnoticed for decades, such as a 27-year-old OpenBSD vulnerability (Fortune, Tom's HW).
In April, Treasury Secretary Bessent and Fed Chair Powell urgently convened Wall Street's chief executives at Treasury headquarters. The meeting included the heads of Goldman Sachs, Citigroup, Morgan Stanley, Bank of America, and Wells Fargo — all institutions designated as systemically important to the global financial system.
This high-level briefing underscores that frontier models are now officially treated as a critical variable in financial-system stability. These specialized cyber capabilities present a dual-use dilemma: they drastically accelerate defensive patching, yet in hostile hands, they enable the weaponization of undiscovered vulnerabilities at scale. Protecting critical infrastructure now centers on a simple reality: who accesses the model first.
This shift in risk perception directly shaped the institutional design of the final order. Putting the Treasury Department, rather than the Department of Homeland Security, in charge of the AI Cybersecurity Clearinghouse reflects where the threat was first perceived (Inside Cyber, NPR). Because the financial system served as the initial bellwether for the threat, operational ownership naturally followed.
Timeline
- APR 2026 — Mythos Released: Accelerated Vulnerability Discovery. The model identifies thousands of latent software flaws. Alongside GPT-5.5 data, this confirms a systemic rise in frontier model capabilities (Cato, Fortune).
- APR 2026 — Bessent and Powell Brief Wall Street Leadership: Treasury headquarters. CEOs of systemically important banks are instructed to bolster defenses against risks associated with Mythos-class models (Bloomberg, FT).
- MAY 21, 2026 — Signing Ceremony Suspended: Trump rejects the 90-day framework following discussions with Sacks, exposing internal policy divisions (WIRED, Politico).
- JUN 2, 2026 — Streamlined Executive Order Signed: Features a 30-day voluntary review, a Treasury-led clearinghouse, and an explicit exclusion of mandatory licensing pathways (Lawfare, Roll Call).
III. The Final Text: What Survived, What Was Cut
Comparing the June 2 finalized text against the initial May draft reveals a systematic pivot away from traditional regulatory oversight across four distinct metrics.
| Metric | May Draft (Canceled) | June 2 Final (Signed) |
|---|---|---|
| Review Window | Up to 30 days — Designed for early visibility without giving the state leverage to hold up releases (IAPP, Fed News) | |
| Operational Scope | Broadly defined categories of frontier models | Restricted to "Covered Frontier Models" — Adjudicated through classified NSA, CISA, and NIST benchmarks (Tom's HW) |
| Intervention Mode | An implicit, de facto pre-market clearance regime | Explicit Voluntariness — Strict prohibition on mandatory licensing, permitting, or pre-approval mechanisms, closing future regulatory pathways (Infosecurity, Roll Call) |
| State Profile | Supervisor — Framed around administrative compliance and mandatory submission | Partner — Anchored in voluntary collaboration and data sharing, though not inherently less potent (see Section IV) |
The codification of the licensing ban stands out as the most politically deliberate sentence in the entire document. By explicitly constraining its own interpretation, the executive branch ensured that future administrations cannot repurpose this text to establish a federal licensing framework. It acts as an intentional barrier to bureaucratic expansion rather than an implementation of new rules, validating Axios's assessment that the order represents a calculated deferral of regulatory action (Axios).
IV. The Core Reading: Less a Rulebook Than a Defense Architecture
Analyzing the provisions that survived the regulatory pruning clarifies the order's true intent: the remaining text functions almost entirely as national defense infrastructure. National security systems must prioritize specialized cyber defenses within 30 days; CISA is tasked with issuing binding operational directives for AI-driven cyber threats; the Treasury clearinghouse broadens access to advanced security tools for rural hospitals, local utilities, and community banks; and the Department of Justice is instructed to prioritize prosecutions of AI-enabled network intrusions (Lawfare, Cato).
A subtle linguistic detail highlights this dynamic: throughout a text dominated by the language of voluntariness, the word "binding" applies exclusively to state agencies and critical infrastructure operators. The document extends invitations to private industry while issuing direct mandates to the government apparatus itself.
Together, these components map out a comprehensive defense network: the state secures early insights into model capabilities via classified benchmarks and 30-day previews, channels these defensive assets directly into national infrastructure, and prosecutes adversarial exploits. This is a framework for resource distribution and situational awareness, not market regulation.
From this perspective, the voluntary pre-release review serves a different purpose than its name implies. The primary objective of the 30-day window is not to delay deployment, but to ensure the U.S. defense apparatus identifies offensive capabilities before foreign intelligence agencies or cybercriminals can exploit them. The review operates as an early-warning system rather than a bureaucratic gate, transforming the "trusted partner" network into a supply pipeline that distributes cutting-edge defensive models to vital national infrastructure nodes. The order ultimately manages the chronological sequence of technological access rather than the technology itself.
V. Stakeholders: What Each Actor Wants
The initial responses following the announcement become clearer when viewed through the strategic priorities each stakeholder managed to secure, rather than simple metrics of endorsement or dissent.
The Department of Defense (Pete Hegseth) — Priority Access, Not Market Oversight. The defense establishment focused on ensuring that U.S. intelligence and military agencies secure cutting-edge capabilities before foreign adversaries can exploit them (Politico). The 30-day preview and classified benchmarks guarantee priority access rather than standard oversight. To the Pentagon, frontier models represent strategic capabilities akin to defense assets rather than commercial software to be policed.
David Sacks — Preventing Regulatory Precedents. By striking down the 90-day review and codifying the ban on mandatory licensing, Sacks ensured the text cannot serve as a stepping stone for future regulatory overreach (Axios, Fed News). His focus now likely shifts toward shaping potential legislative efforts.
IBM (Arvind Krishna) — Securing a Supplier Seat. Endorsing the order as a balanced "Goldilocks" approach reflects strategic commercial positioning. Free from the burdens of pre-release reviews due to its lack of a frontier model, IBM is promoting Red Hat's Project Lightwell as a core government security solution, positioning itself as a primary vendor within the new clearinghouse network (Axios). This support aligns closely with corporate business development goals.
OpenAI (Sam Altman) — Maintaining Insider Proximity. Altman met with key administration and congressional figures immediately after the signing, following weeks of direct consultations on the text (Politico). OpenAI seeks to maintain an insider role in policy development while securing a "trusted partner" designation, recognizing that institutional proximity to Washington serves as a valuable competitive asset in a non-public evaluation ecosystem.
Anthropic — Establishing a Baseline for Industry Norms. The company occupies a unique position: its model served as a primary catalyst for the order, yet it had already established Project Glasswing to limit Mythos access to verified corporate and financial entities. Anthropic briefed the state on its model's capabilities before deployment, expanded its trusted-partner network by 150 organizations on launch day, and publicly supported the order (AP/PBS, Fortune). For Anthropic, the voluntary review framework formalizes its existing operational standards rather than imposing a new administrative burden. Concurrently, the company is managing institutional friction, having sued to overturn a Defense Department designation — issued shortly before the Mythos preview — that flagged it as a supply-chain risk and bars defense contractors from using its technology (AP, Tom's HW, ABC). This approach demonstrates a frontrunner working to shape safety standards and anchor itself within the federal security architecture.
Mark Warner / Cato Institute / BSA — Legislative Oversight, Policy Bounds, and Risk-Free Alignment. Warner described the order as an initial step toward addressing frontier risks to critical infrastructure, while criticizing the administration for dismantling previous frameworks — positioning the issue within congressional legislative jurisdiction (CyberScoop, AP). Cato's Juan Londoño warned that the discretion granted to the NSA director creates a concerning precedent that could be weaponized against private entities, pointing to Anthropic's defense supply-chain dispute as a real-world example (ABC, Cato, Fox 5). Meanwhile, the BSA welcomed a setup that allows its members to gain the credibility of federal alignment without mandatory compliance obligations (Inside Cyber).
The broader policy landscape indicates that no primary stakeholder views this text as a definitive endpoint. The Pentagon seeks to expand its priority visibility; Sacks aims to counter future regulatory efforts; Warner is focusing on formal legislation; and frontier labs are working toward official partner status. The June 2 order serves as the baseline for the next phase of negotiations.
VI. Conclusion: What Does Washington Now Think AI Is?
The long-term policy significance of this executive order rests less on its regulatory restrictiveness than on a fundamental reclassification of the technology itself.
While the Biden administration's 2023 framework classified AI as an emerging technology requiring public safety standards and reporting obligations, the June 2026 order shifts it into a different category. With the Treasury Department coordinating governance, the NSA assessing technical capabilities, the Pentagon leading national security enforcement, and critical infrastructure receiving priority access, Washington now explicitly treats AI as a national strategic asset.
However, the state has rejected centralized command-and-control models like the licensing regimes used for nuclear materials or export-controlled cryptography. By explicitly prohibiting mandatory permitting, the United States has chosen to leave development and deployment to private markets while actively managing the sequence of access — ensuring that federal defense systems leverage advanced capabilities before foreign adversaries do. The focus centers on rapid domestic absorption and operational priority rather than containment.
The remaining challenge lies in whether this framework can establish deep institutional roots. The exact parameters of classified benchmarks, the daily execution of the clearinghouse, and the selection criteria for trusted partners remain subject to executive branch discretion, which critics note can introduce political vulnerabilities. Whether a voluntary model can maintain long-term efficacy without statutory oversight remains an open question. The next major policy test will unfold in Congress.
The strategic path, however, is clear: where the Biden administration approached AI as a technology to be regulated, the Trump administration is approaching it as a national strategic asset.