The most powerful AI models are now treated, at least in Washington, as potential national-security events. Before companies release them to the public, the government wants a chance to see what they can do: whether they can discover software vulnerabilities, assist cyberattacks, or otherwise introduce risks that federal officials may not fully understand until the models are already in use.
President Trump’s new executive order, signed Tuesday, is meant to give the government that chance. But the final version leaves AI companies with considerable control over the process. It asks them to voluntarily submit advanced models for government review 30 days before public release, and it does not make release conditional on what agencies find.
That is a softer framework than the White House had been considering just last month. A previous draft had mandated a 90-day window, which tech industry executives opposed.
The president nearly signed the first version of the order, but after a phone call with former AI and crypto czar David Sacks, the EO was put on hold. During another White House meeting on Monday, Sacks again stressed that longer wait times would stifle domestic development of AI models.
The approach drew predictable praise from free-market groups. “The administration deserves credit for recognizing that innovation, not precautionary regulation, is what made America the global leader in AI,” says Competitive Enterprise Institute fellow Wayne Crews.
The EO is careful to note that the government assessment program is voluntary for AI companies, and that public release of new models is not conditional on the outcome of the assessments. Given the potential destructive power of new AI models such as Anthropic’s Mythos, the order puts the government in a limited role: close enough to review the systems, but not necessarily empowered to slow them down, some tech policy analysts observed.
Critics said the voluntary structure leaves too much power in the hands of the companies being reviewed. The consumer rights advocacy group Public Citizen called the arrangement a form of industry self-regulation, while the pro-regulation nonprofit Future of Life Institute argued that highly capable models such as Mythos require more than a “trust the companies” approach.
“My impression is that it does not really establish the strong leadership that the federal government has traditionally had in terms of facilitating public-private partnerships and safeguarding responsibilities that have traditionally been left to the government like critical infrastructure,” Jessica Ji, senior research analyst at Georgetown’s Center for Security and Emerging Technology, tells Fast Company.
The order does not prescribe a detailed testing regime. Instead, it sets up a framework and directs agencies to build the process. It calls on the National Security Agency and other security-focused agencies to co-design the model assessment framework and determine cyber-risk thresholds, especially around advanced cyber capabilities and what qualifies as a frontier model for the review regime. The Treasury Department will establish an AI cybersecurity clearinghouse to track the discovery and patching of software vulnerabilities exposed by new AI systems.
Government agencies will use the 30 days for “cyber capability evaluations, adversarial testing, and national-security review” of large AI models, the EO states. The Commerce Department’s National Institute of Standards and Technology will play a key role, as will the Center for AI Standards and Innovation, formerly the AI Safety Institute, which already evaluates frontier models.
Ji believes the influence of AI companies won’t end with the EO. “I’m personally very interested to see what this dynamic might look like in the future when it comes to who will lead on cybersecurity,” Ji says. “Do the AI companies get to set the terms as they release models, especially with this kind of weakened 30-day voluntary commitment to give the government access ahead of time?”
In practice, many AI companies have already begun creating their own versions of early access and pre-release testing. Anthropic gave access to its Mythos model to a modest group of software and cybersecurity partners, and on Tuesday extended access to 150 new partners in more than 15 countries. OpenAI gave early access to its latest GPT-5.5 model to almost 200 trusted partners under its own early testing program, and a cybersecurity-focused version of the model remains available only to trusted partners.
Those company-led programs may give some outside experts a look at the most capable new systems before they are widely released. But they also underscore one of the central tensions raised by the EO: whether the government can build an independent assessment process when the companies control much of the access, infrastructure, and technical information needed to evaluate the models.
It’s also unclear whether 30 days is enough time for the government to properly assess the risks of an advanced AI model. “It depends on capacity to do evaluations, and I think the organizations best positioned to do those evaluations are the companies themselves,” Ji says. “So obviously we have a bit of a transparency problem: There’s this huge information asymmetry between the companies and everybody else, including the government.”
The government might also face challenges in finding the right AI research talent and compute resources, as well as in managing access to the models and working out the details of the partnership with AI companies, Ji says. “I think a month probably does not mean that testers will have 30 days hands-on with the model,” she says. “It might look more like two weeks after they work through all the paperwork. It’s hard to say whether 30 days is adequate.”
