Trump Issues Executive Order Seeking to Promote Collaboration with AI Developers to Combat Emerging Cyber Threats

President Trump signed an Executive Order on “Promoting Advanced Artificial Intelligence Innovation and Security” on June 2, 2026. The Executive Order is aimed at “encouraging AI innovation and accelerating responsible AI adoption across government and industry.” One of the more noteworthy aspects of the Executive Order is its directive to design a framework for AI developers to voluntarily grant the federal government access to certain “covered frontier models” for 30 days before deployment. The Executive Order follows President Trump’s decision to pull an earlier version amid concerns that it could hinder U.S. competitiveness in AI. It emphasizes voluntary collaboration between the government and industry rather than prescriptive regulation.

The Executive Order directs federal agencies to develop a process for identifying “covered frontier models” and invites AI developers to engage the federal government before releasing such advanced models. Importantly, the Order makes clear that it does not authorize any mandatory preclearance or licensing regime. While participation by AI developers is voluntary, early engagement may offer certain practical advantages, including the potential to shape trusted partner networks as well as build credibility with, and create opportunities for, engagement and education within government, including with national security agencies.

The Order also directs various federal departments, agencies, and offices[1] to establish new cybersecurity and AI governance structures, with most actions due within 30 – 60 days. Notably, it calls for the creation of a new AI cybersecurity clearinghouse to be led by the Treasury Department in collaboration with industry and critical infrastructure operators to coordinate and deconflict scanning for software vulnerabilities, discover and validate such vulnerabilities, and prioritize remediation and distribution of vulnerability patches. The Order additionally reinforces the government’s commitment to criminal prosecution of AI‑assisted cybercrimes.

The Executive Order’s emphasis on collaboration with industry around advanced AI models seemingly reflects growing concern that recent advances in frontier AI could materially alter the cyber threat landscape, including by lowering barriers to sophisticated cyber operations and rapidly accelerating exploitation capabilities. Going forward, federal agencies may place greater emphasis on assessing how advances in AI affect both offensive and defensive cybersecurity capabilities and broader national security objectives. The Executive Order highlights the critical role that the private sector plays in identifying, assessing, and managing cyber risks that may be exacerbated by the rapid advancement of AI.

The specific details of the Executive Order and key considerations for AI developers are highlighted below:  

Voluntary Framework for Secure Frontier Model Deployment

Benchmarking Process

• Within 60 days (by August 1, 2026), federal agencies must develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold for designation as a “covered frontier model.” The Director of the National Security Agency (NSA), in consultation with other national security officials, will be responsible for making such determinations. The process would permit the assessments to be shared with AI developers and researchers as appropriate.

Voluntary Developer Framework

• The Executive Order directs specified agency officials to design a voluntary framework within 60 days (by August 1, 2026) under which AI developers may:
• Consult with the federal government regarding whether a model under development qualifies as a “covered frontier model”;
• Provide the government with access to covered frontier models for up to 30 days before release to “other trusted partners,” subject to confidentiality, cybersecurity, insider-risk, intellectual property, use, and nondisclosure protections; and
• Collaborate with the government to identify trusted partners for early access to frontier models.

As mentioned above, the Executive Order expressly states that nothing in the framework may be construed as authorizing a mandatory governmental licensing, permitting, or preclearance requirement for the development, publication, release, or distribution of AI models, including frontier models. This provision reflects the Administration’s emphasis on maintaining U.S. competitiveness and innovation in AI development while pursuing security-related objectives through voluntary cooperation rather than regulatory mandates.

Federal Cybersecurity Initiatives

The Executive Order sets a 30-day deadline (by July 2, 2026) for multiple federal authorities to take action on AI-enabled cyber defense:

• Prioritization of Cyber Defense: The Committee on National Security Systems and the Secretary of War must take action to prioritize cyber defense of National Security Systems[2] and the Department of War information systems, respectively.
• Federal Civilian Agency IT Systems: The Secretary of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA) and in consultation with other agencies, must release Binding Operational Directives and guidance to expedite cyber defense of federal civilian agency IT systems, expand Federal programs and cyber services to enhance AI-enabled defensive tools, and facilitate access to cybersecurity services, including covered frontier models, for agencies, state and local governments, and critical infrastructure operators such as rural hospitals, community banks, and local utilities.
• AI Cybersecurity Clearinghouse: In coordination with NSA and CISA, and in voluntary collaboration with the AI industry and critical infrastructure operators, the Secretary of the Treasury must establish a clearinghouse that (i) coordinates and deconflicts software vulnerability scanning; (ii) discovers and validates such vulnerabilities; and (iii) coordinates and prioritizes remediation and distribution of patches.
• Federal Grant Programs and Talent Recruitment: The Director of OMB must assess whether existing federal grant programs can be directed toward applicants developing advanced AI vulnerability detection tools. Within 60 days (by August 1, 2026), the Director of the Office of Personnel Management must expand hiring pathways for cybersecurity specialists through the United States Tech Force Information Cybersecurity Specialist program.

Criminal Enforcement Against AI-Facilitated Cybercrime

The Executive Order directs the Attorney General to prioritize enforcement of existing federal criminal statutes—including 18 U.S.C. §§ 1028 (identity fraud), 1030 (computer fraud and abuse), and 1343 (wire fraud)—against anyone who uses AI to illegally access or damage a computer without authorization, or who leverages AI while engaged in such unauthorized access to further any other crime. The Order specifically calls out as examples breaching any public or private information technology system, or employing AI agents to unlawfully access data or information that is subsequently used for a criminal or unlawful purpose. While this section does not create a new criminal liability structure, it may signal heightened focus prosecutions of AI-enabled cybercrime.

Considerations for AI Developers and Deployers

The Executive Order signals a continued policy approach that seeks to balance AI security concerns with a strong emphasis on innovation and competitiveness. Although the Executive Order does not impose immediate regulatory obligations on private-sector AI developers, it establishes the foundation for significantly closer collaboration between government agencies and frontier AI companies on cybersecurity and national security matters.

AI developers should consider:

• Monitoring forthcoming agency guidance on the designation of “covered frontier models” and the voluntary collaboration framework.
• Assessing whether current or planned models could fall within the scope of the forthcoming frontier model benchmarking process.
• Reviewing cybersecurity and vulnerability-management practices, particularly for products with advanced cyber capabilities.
• Considering whether contractual obligations and protections with current partners and other third parties need to be updated, including to address restrictions or authorizations for participation in the new framework.
• Assessing current threat intelligence and information-sharing procedures and determining if updates are warranted in light of the forthcoming framework.
• Evaluating potential participation in voluntary government programs related to cybersecurity testing, information sharing, and critical infrastructure protection.

AI deployers should consider:

• Reviewing contractual arrangements with upstream AI providers to assess whether existing agreements address government access arrangements and how pre‑release access periods may affect their own deployment timelines.
• Monitoring how the government and AI developers define and select “trusted partners,” as that designation could affect when and how deployers receive access to new model versions.
• Reviewing incident response and vulnerability management protocols in light of the new AI cybersecurity clearinghouse and determining whether voluntary participation in clearinghouse information-sharing activities is appropriate.
• Tracking forthcoming CISA Binding Operational Directives, which may affect access to cybersecurity tools and services for deployers operating in or serving critical infrastructure sectors such as healthcare, finance, and utilities.

As AI capabilities continue to evolve and reshape the cyber threat landscape, the Executive Order underscores the central role that the private sector will play in managing the associated risks. We will continue to monitor developments as agency guidance is released.

Maya Vishwanath, an AI Analyst at Morrison Foerster, contributed to this alert.

[1] Department of War; Department of Homeland Security; Cybersecurity and Infrastructure Security Agency; Office of Management and Budget; Department of the Treasury; National Security Agency; Office of Personnel Management

[2] Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency — (i) the function, operation, or use of which — (I) involves intelligence activities; (II) involves cryptologic activities related to national security; (III) involves command and control of military forces; (IV) involves equipment that is an integral part of a weapon or weapons system; or (V) is critical to the direct fulfillment of military or intelligence missions; or (VI) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (44 U.S.C. 3552(b)(6)(A))