While President Donald Trump’s June 2 executive order indicates that cybersecurity and AI models are increasingly intertwined, it should not stop enterprises from performing due diligence. Additionally, the order appears to have left some enterprises out of access to AI tools, while others have been granted early access.
Entitled “Promoting advanced artificial intelligence innovation and security”, the EO establishes a voluntary cybersecurity review framework, including AI developers The federal government and some trusted partners can provide access to their models for 30 days before deployment for security assessment. The order also tasks the Treasury Department to establish an AI “cybersecurity clearinghouse” to collaborate with tech firms and infrastructure operators to identify, validate and patch software flaws discovered by AI models.
“The order is better understood as a cybersecurity preparedness measure than an AI industrial strategy,” said Kashyap Kompela, CEO and founder of RPA2AI Research. He said the government’s approach is to “preserve the private sector’s momentum while giving the government advance warning when frontier models could pose serious cyber risks.”
A step towards securing AI models
The EO comes amid growing concerns that AI models are becoming so powerful that cybersecurity teams will not be able to deal with threats posed by bad actors using AI to exploit security holes. Concerns have increased after the introduction of Anthropic cloud mythosAn advanced LLM that is classified as a model with agentic and autonomous cybersecurity capabilities that can process entire cyberattack chains and write code to exploit bugs. Following Anthropic Mythos, OpenAI also introduced GPT-5.5-Cyber with a new initiative called Daybreak, similar to Anthropic’s Project Glasswing; Both plans are designed to limit cybersecurity damage.
“The order can improve trust and reduce the risk of major AI-enabled cyber incidents,” Kompela said.
He said the EO model also gives developers strong incentives to maintain ties to Washington, DC.
“Public sector AI is a huge opportunity, and collaboration on cybersecurity and national security could become a useful market signal,” Kompela said. However, some vendors may choose to bypass this process, leaving the government with fewer tools to stop the release risky models. This means that the government must still rely on other tools to scrutinize these models, such as procurement rules, cybersecurity benchmarks, export controls, regional regulation, post-release enforcement, and reputation pressure.
Therefore, the EO is “better understood as an emerging oversight framework rather than a comprehensive AI regulatory regime,” Kompela said.
There is a heavy reliance on companies to comply with these rules because the voluntary nature of the process “depends on technology corporations to be civically aware,” said James Cooper, a professor at California Western School of Law.
“This is a very tall order in a global AI race with such life-changing (good and bad) possibilities,” Cooper said. “Every legal system needs not only norms and rules to be effective, but also institutions to enforce those rules.”
Furthermore, the 30-day review period is not sufficient, even though the government can identify a surge in cybersecurity risks and threat potential during that window, Kompela said.
“Large AI procurement decisions don’t happen that quickly,” he said, adding that procurement, compliance, security review and integration planning typically take longer. “The 30-day review should therefore be viewed as an initial risk assessment rather than a full certification.”
Providing access to a select few
Another challenge is that EO provides access only to those who are capable AI models like Mythos For some companies and government agencies, while still excluding most cybersecurity leaders, that’s the wrong approach, said Doc McConnell, head of policy and compliance at Finite State, a cybersecurity and software supply chain risk vendor.
“The effort to hold back this information to circumvent our most powerful cyber defense tools is creating barriers for those who are following the rules,” McConnell said. While cyber leaders are unable to access these defensive tools, bad actors will find ways to circumvent controls and access models that help them reach their ultimate goals.
“Whenever we have this kind of asymmetry in the cybersecurity system … it benefits the bad actors at the expense of the cyber defenders,” McConnell said. He said AI tools and models should be made widely available.
“(Cyberdefenders) are already under attack,” McConnell added. “They are already experiencing a huge increase in the volume and sophistication of attacks, and we need to equip them with the right tools to protect themselves and the data and systems for which they are responsible.”
a possible consensus
Therefore, he said it is important for federal organizations and departments, such as the federal government Cybersecurity and Infrastructure Security Agency ), remember that it is best when “they see their role as sharing information.” He said agencies work best when they gather information from a variety of sources and use expert analysis to determine which information to pass on to other organizations as quickly as possible.
For other enterprises, it is best to start incorporating models already available in the market into their workflow, cyber security monitoring Now capabilities and operations, McConnell said.
“They should be building AI to make sure they’re responding as quickly and efficiently as possible,” he said.
Enterprises should also conduct their own risk assessments, Kompela said. He said enterprises still need their own security mechanisms and should ensure that AI tools and agents are deployed with clear access controls, logging, and human approval for sensitive tasks.
“Federal review should not be considered a substitute for enterprise-specific risk assessments,” he said. “Enterprises are responsible for how AI is acquired, configured, monitored, and controlled in their own environments.”
