U.S. President Donald J. Trump signed an executive order aimed at strengthening the cybersecurity posture of government and private-sector systems as advanced AI (artificial intelligence) capabilities become increasingly integrated into critical operations. The order frames AI as both a strategic advantage and a national security challenge, directing federal agencies to work with industry to modernize information systems, harden networks against external threats, and protect American intellectual property from cyber exploitation and theft by foreign adversaries.
The administration said the initiative intends to ensure that advanced AI technologies are deployed securely while preserving U.S. leadership in the global AI race. The directive also places a heightened emphasis on cyber defense across national security systems, requiring the Committee on National Security Systems to prioritize protective measures within 30 days.
The White House said the effort is part of a broader ‘America First’ cybersecurity strategy that seeks to leverage AI to strengthen resilience against emerging threats while safeguarding critical government infrastructure. By tying AI deployment directly to cybersecurity modernization and national defense objectives, the order signals a greater federal focus on securing advanced AI technologies and the systems that depend on them.
“We will continue to lead an America First cybersecurity effort that enhances both our national security and our global AI dominance,” President Trump wrote in the order.
The executive order directs federal cybersecurity agencies and departments to take immediate action to strengthen defenses across government systems. Within 30 days, the Committee on National Security Systems must prioritize protection of National Security Systems and expedite measures consistent with the order’s objectives. The Secretary of War is also required to prioritize cyber defense of the Department’s information systems within the same timeframe.
The order further instructs the Secretary of Homeland Security, acting through the CISA (Cybersecurity and Infrastructure Security Agency) director and in coordination with the OMB (Office of Management and Budget), the Assistant to the President for National Security Affairs, and the National Cyber Director, to issue Binding Operational Directives and other guidance within 30 days. These measures are intended to accelerate the protection of civilian federal information systems that support critical national functions, expand federal cybersecurity programs that leverage AI-enabled defensive capabilities, and improve access to cybersecurity tools and services.
The initiative specifically seeks to make advanced security technologies, including frontier AI models where appropriate, more accessible to federal agencies, state and local governments, and critical infrastructure operators.
The White House initiative also calls for the creation of an AI cybersecurity clearinghouse within 30 days. Led by the Treasury Department in coordination with the National Cyber Director, the NSA, and CISA, the clearinghouse will work voluntarily with AI companies and critical infrastructure operators to coordinate vulnerability scanning, identify and validate software flaws, reduce duplication of effort, and accelerate the remediation and distribution of security patches.
The order further directs the OMB, in coordination with the National Cyber Director and CISA, to assess whether existing federal grant programs can support organizations developing advanced AI vulnerability detection capabilities.
In addition, the Office of Personnel Management must, within 60 days, expand federal hiring and placement pathways for cybersecurity specialists through the U.S. Tech Force program, reflecting the administration’s focus on strengthening the cybersecurity workforce needed to secure increasingly AI-driven systems.
The executive order also establishes a framework for secure deployment of advanced AI models. Within 60 days, federal agencies led by the Treasury Department, NSA, and CISA must develop and maintain a classified benchmarking process to evaluate the cyber capabilities of AI systems and determine when a model qualifies as a ‘covered frontier model.’ The assessments will be shared with AI developers and researchers as appropriate, with designation decisions made by the NSA Director in consultation with the National Cyber Director, CISA, and other national security officials.
The order also directs federal government to create a voluntary framework that allows AI developers to engage with federal authorities to determine whether their systems meet the covered frontier model threshold. Under the framework, developers may voluntarily provide the government with access to covered frontier models for up to 30 days before broader release, subject to strict confidentiality, cybersecurity, insider-risk, intellectual property, and nondisclosure protections. The framework also envisions collaboration between developers and the government to identify trusted partners that can receive early access to advanced models to support secure innovation and strengthen critical infrastructure cybersecurity.
At the same time, the order explicitly states that these measures do not create any mandatory government licensing, preclearance, or permitting requirements for the development, publication, release, or distribution of AI models, including frontier AI systems.
Commenting on Trump’s Executive Order, Duncan Greatwood, CEO at Xage Security, wrote in an emailed statement that there’s a dangerous tendency to view AI innovation and AI security as competing priorities. “In practice, organizations need both. This Executive Order reflects an attempt to balance those pressures, but the challenge of writing policy for moving targets is on full display.”
He recognized that trying to keep AI out of the hands of bad actors will be like trying to hold back the ocean tide. “As advanced AI proliferates across commercial and open-source ecosystems, organizations must assume that powerful AI capabilities will increasingly be available to everyone, including cyber attackers. As powerful AI capabilities become broadly accessible, the focus of risk management will shift from controlling who has access to frontier models and anticipating how those models might be used by bad actors to protecting valuable resources from AI-powered attacks.”
Greatwood noted that organizations must control what AI systems can access, what actions they can take, and how they interact with critical infrastructure, applications, and sensitive data. “The organizations best positioned for the AI era won’t be those trying to contain AI’s advancement. They’ll be the ones that establish the trust, visibility, and control needed to deploy it safely at scale. The innovation imperative for AI is so strong that the AI security that will be embraced will be the kind that can underpin innovation, not slow it down.”
Shachar Hirshberg, CEO and co-founder at Artemis, wrote in an emailed statement that this order gets the direction right, which is getting modern AI defense to the institutions that need it most. “The part worth saying out loud is that access alone does not close the gap. AI has collapsed the cost of a sophisticated attack, so every organization now faces what used to be reserved for nation-state targets, and the attackers are operating in seconds while most defenders still operate in hours. Giving a community bank a better tool only matters if it brings their detection and response down to that same speed. Closing the tempo gap, with people still in command of the decisions, is the work that decides whether any of this holds.”
“This EO acknowledges the central role that frontier models will play in critical infrastructure cybersecurity, but it reinforces the approach that we’ve seen so far from AI labs: limiting access to the most capable tools to a small group of companies and government agencies, while excluding most cybersecurity practitioners,” Doc McConnell, head of policy and compliance at Finite State, wrote in an emailed statement. “Meanwhile, malicious actors are finding new ways to leverage available AI tooling to accelerate and enhance their attacks.”
He added that, “The cybersecurity community is strongest when it works together — transparently identifying, managing, and discussing the risks that affect all technology users. The path to stronger cybersecurity is more information sharing, not less. Classified benchmarking, nondisclosure requirements, and early access pilots will delay getting these models into the hands of the cyber defenders who can put them to use today.
McConnell encouraged the federal government and the frontier labs to expand their outreach to the broader community. “Better cybersecurity requires more transparency, more information-sharing, and more robust partnerships.”
