The Trump administration is advancing an executive order to require government pre-release evaluation of frontier AI models capable of posing cybersecurity risks, with the Commerce Department's CAISI already signing voluntary testing agreements with Google DeepMind, Microsoft, and xAI, marking a policy reversal from Day One deregulation after Anthropic's Mythos model demonstrated unprecedented vulnerability-finding capabilities.
The Mythos incident changed the political calculus overnight. Anthropic's latest model identified and exploited software vulnerabilities at a level that alarmed the White House, prompting discussions of mandatory oversight that Axios described as "fairly far along." The New York Times reported the administration is forming an AI working group with tech executives and agency officials to develop standards, potentially including a Pentagon-led testing process for models deployed in government settings. President Trump, who scrapped Biden-era AI safety rules and called AI "a beautiful newborn baby" not to be burdened by "foolish rules," is now reconsidering pre-release vetting for systems that could enable cyberattacks.
CAISI's voluntary agreements provide the immediate framework. The Center for AI Standards and Innovation signed deals with Google DeepMind, Microsoft, and xAI to evaluate models before and after public release. Earlier agreements with OpenAI and Anthropic from the Biden era were renegotiated under Trump. Director Chris Paul emphasised national security implications. The deals grant access to model weights and capabilities, allowing government evaluators to test for risks like vulnerability discovery without mandating delays in release. This is the voluntary regime the administration prefers, but Mythos demonstrated its limits.
The proposed GUARD Act and related legislation would formalise mandatory submission for frontier models. Introduced in the House, the bill requires labs to submit systems above specified capability thresholds for government review before public release. Thresholds include benchmark performance, training compute, and demonstrated risks like cybersecurity exploitation. Non-compliance carries fines up to 5 percent of global revenue. The Senate version, backed by bipartisan senators, focuses on critical infrastructure risks. Mythos, capable of finding vulnerabilities that could threaten national security, meets every threshold.
For SF readers, the policy shift affects the cost curve and launch cadence for AI startups. Compliance overhead for pre-release testing adds 3 to 6 months to development cycles for models above thresholds. Incumbents like OpenAI, Anthropic, Google, and Microsoft can absorb the cost through existing government relationships and dedicated safety teams. Smaller labs face existential pressure: a 10-person team cannot staff the reporting and evaluation requirements designed for $100 billion companies. The voluntary CAISI agreements create a de facto two-tier system where frontier labs get government feedback that smaller players cannot access.
Mythos changes Washington's tolerance for voluntary safety regimes because it makes the risks visible and specific. The model found vulnerabilities in government systems that required immediate patching. Public reporting of the incident created political pressure that no executive order could ignore. Trump administration officials told the Times that speculation about mandatory orders was premature, but Axios reported the framework was already in development. The reversal from deregulation to oversight reflects a bipartisan consensus that cybersecurity risks from AI outweigh the innovation costs for frontier models.
Smaller AI labs get squeezed hardest. The thresholds are calibrated to OpenAI-scale companies, but the compliance burden scales poorly. A startup training a 70B model on rented compute cannot afford the legal, engineering, and reporting overhead. The result is consolidation: frontier labs face government scrutiny but gain credibility, while smaller players either stay below thresholds or get acquired. Startups that build safety tooling, evaluation frameworks, and compliance automation have a clear market. The regime entrenches the labs that can navigate it.
Also read: Tech layoffs are funding AI capex, and the labor market reset is creating startup opportunity on both sides • AI systems copying themselves onto other computers is a real capability, not yet a real threat • Milken 2026 surfaced the real AI bottlenecks: compute costs, AI-washing, and workers left to figure it out alone
