Trump’s postponed AI order is not just another scheduling change. It shows how quickly Washington’s AI debate has moved from abstract safety talk to a direct fight over cybersecurity, China, and who gets to test the most powerful models before they reach the market.
President Donald Trump called off a planned White House signing ceremony on May 21, just hours before tech and AI executives were expected to attend. The reason was blunt. Trump told reporters he did not like parts of the executive order and worried it could slow America’s lead over China. According to the Associated Press, he said the US was ahead of China and that he did not want to do anything that would get in the way of that lead.
That single decision has left AI labs, cybersecurity companies, and large enterprise buyers with a familiar problem: the technology is moving faster than the rules. The draft order was expected to create a voluntary framework for reviewing the most advanced AI models before public release, with agencies such as CISA and NIST helping set the terms. It was not the EU AI Act. It was not a hard licensing regime. But it would have been a signal that Washington wanted earlier visibility into frontier models with serious cyber capabilities.
The divide inside the White House
The delay exposes a real split in the administration. Treasury Secretary Scott Bessent has been one of the senior officials pushing for more attention to the risks posed by powerful AI systems. In April, Bessent and Federal Reserve Chair Jerome Powell convened bank executives to discuss the cybersecurity risks around Anthropic’s Claude Mythos model, which has been released only to a limited group because of concerns about its ability to find and exploit software vulnerabilities.
That concern is not theoretical. Mythos has already become a test case for what happens when AI moves from writing code to probing it. Mozilla said the model helped find hundreds of Firefox security flaws, while Cloudflare’s testing found that Mythos could connect smaller weaknesses into more serious exploit chains and generate proof-of-concept code. That is useful for defenders. It is also exactly the kind of capability that makes regulators nervous.
On the other side are officials and advisers who see any formal review process as a drag on the US AI industry. Former White House AI and crypto czar David Sacks and other tech-friendly voices have argued for a lighter touch, especially while China is trying to close the gap. Trump’s own comments suggest that camp has the stronger hand for now. In his view, even a voluntary review process can become a blocker if companies begin treating it as a prerequisite for launching new models.
Why startups should pay attention
For AI startups, the postponed order removes an immediate compliance question but leaves a bigger strategic one. If there is no federal protocol for pre-release model testing, companies still have to guess what customers, insurers, procurement teams, and security reviewers will expect. That is not freedom in any simple sense. It is uncertainty, and uncertainty tends to favor the largest companies with the legal teams and government relationships to navigate it.
The same is true for cybersecurity startups. A formal testing channel could have created a clearer market for tools that evaluate AI-generated vulnerabilities, harden codebases, or help enterprises triage AI-assisted bug reports. Without it, demand will still grow, but it will be less organized. Buyers will know they need help, especially in sectors such as finance, cloud infrastructure, and critical infrastructure, but they may not know which standards to use when comparing vendors.
There is also a practical limit to the mythology around models like Mythos. The model appears meaningfully stronger at vulnerability research than earlier systems, but it is not magic. Cloudflare’s experience showed that human judgment still matters, especially when models generate false positives or suggest fixes that could break production systems. That creates room for startups that sit between frontier AI and enterprise security teams, turning raw model output into reliable workflow, prioritization, and remediation.
The voluntary path is still alive
The order may be stalled, but the idea behind it is not dead. NIST’s Center for AI Standards and Innovation, known as CAISI, already has voluntary testing relationships with leading AI companies. Lawfare recently noted that existing CISA and CAISI authorities could support a voluntary pre-deployment testing period, even if the government lacks clear power to mandate broad model vetting on its own.
That distinction matters. A voluntary system can become powerful if market access depends on it. Government procurement, bank vendor reviews, cloud partnerships, and insurance requirements can all turn soft expectations into hard commercial pressure. Founders should not assume that the absence of an executive order means the absence of scrutiny.
The next few weeks will show whether the White House revises the order or shelves it. Either way, the direction of travel is clear. Frontier AI models are now part of the cybersecurity debate, not a side issue within it. Companies building or deploying these systems should prepare for more questions about testing, access controls, disclosure, and incident response. The regulation may arrive slowly, but the market expectation is already forming.
