Trump's New AI Executive Order Is Not What It Looks Like
The benchmarks are classified, the NSA decides which models count, and a private lab's decision started it all. A reading in context.
Everyone is calling the June 2 executive order a shift in U.S. AI policy. To me, It is not a shift. It is the fourth in a sequence that started on January 2025, and once you see the sequence, the order looks very different from the way it has been covered.
Hello everyone. This week, a reading in context rather than a summary. If you read my earlier piece, America's AI Action Plan, think of this as the next chapter.
What triggered the order: a model too dangerous to release
The proximate cause has a name: Claude Mythos Preview.
On April 7, 2026, Anthropic announced a general-purpose frontier model whose coding and reasoning capabilities proved so effective at finding and exploiting software vulnerabilities that the company chose not to release it publicly. According to Anthropic, the model identified thousands of previously unknown vulnerabilities across major operating systems and browsers.
The UK AI Security Institute independently evaluated it and found it could execute multi-stage attacks and discover and exploit vulnerabilities autonomously, tasks that would take human professionals days of work.
Sit with that for a moment. The most consequential AI safety decision of 2026 so far was made by a private company, voluntarily, about its own product. The June 2 order is Washington’s institutional response to that fact.
Three phone calls in one night
The order that was signed is not the order the administration drafted.
The original version was scheduled for a White House signing ceremony on May 21. It contained a voluntary 90-day pre-release review window, the timeline national security officials inside the administration had pushed for. Hours before the ceremony, Trump called off the signing, saying he did not want to do anything that could threaten America’s lead in the AI race with China.
According to reporting by the Washington Post and Politico, the cancellation followed calls from Elon Musk, Mark Zuckerberg, and David Sacks between Wednesday evening and Thursday morning, warning that the review system could slow AI development. Politico reported that Sacks called the president on Thursday morning without telling his own staff, arguing that the voluntary review process could one day be made mandatory.
The accounts are disputed. Musk denied the reporting publicly, saying he still did not know what was in the order and spoke to the president only after the signing was declined. Meta also disputed it, saying Zuckerberg spoke to Trump only after the order was rescinded. Who placed which call may never be settled. What is not disputed is the outcome: the draft had 90 days, the signing was cancelled, and the version signed twelve days later has 30 days, no ceremony, and an explicit prohibition on anything mandatory.
Hold that sequence next to the trigger. A model deemed too dangerous to release prompted a review mechanism. The mechanism was then negotiated down, in private, by the industry it would have applied to. The security concern that produced the order survived the editing process. The oversight did not.
The sequence: four moves since January 2025
Move one came on January 20, 2025, Trump’s first day back in office, when he revoked Biden’s Executive Order 14110. The revoked requirements included the obligation for developers of the most powerful AI systems to share safety testing and red-teaming results with the federal government, plus directives for over 100 specific agency actions across eight policy areas. Imperfect, but the only federal AI accountability structure the U.S. had. The deck was cleared before anything existed to replace it.
Move two came in July 2025, when the White House published America’s AI Action Plan, outlining more than 90 policy recommendations to promote American AI dominance. I covered it in detail at the time. Real content on compute, export controls, and education pipelines. But it set direction without setting rules: no enforcement, no mandates, no accountability framework.
Move three came in December 2025, when Trump signed an order turning the federal government against state AI laws. More on that below, because it is the key to reading the June order correctly.
Move four is the June 2 order. Revoke, plan, preempt, build. Each step covered as a separate story. They are one story.
What is actually in the order
The order has five operative components, on 30-day and 60-day deadlines running to early August:
A voluntary pre-release window. Developers can voluntarily give the federal government early access to frontier models for up to 30 days before releasing them to other trusted partners. No lab is required to participate. No consequence is named for staying out.
A classified capability threshold. Within 60 days, Treasury, the NSA, and CISA, in consultation with NIST and the National Cyber Director, must develop a classified benchmarking process to determine when a model becomes a “covered frontier model,” sharing assessments with developers and researchers only “as appropriate.” The NSA Director makes the designation determination.
An AI cybersecurity clearinghouse. Within 30 days, Treasury must form a voluntary body with the AI industry and critical infrastructure operators to coordinate vulnerability scanning, validate discovered flaws, and prioritize patch distribution. The direct institutional answer to the Mythos problem: AI now discovers vulnerabilities faster than anyone can fix them.
Federal hardening directives. By July 2, CISA must issue Binding Operational Directives to expedite cyber defense of civilian federal systems and facilitate access to AI-enabled defensive tools for federal agencies, state and local authorities, and critical infrastructure operators including rural hospitals, community banks, and local utilities.
Criminal enforcement. The Attorney General is directed to prioritize prosecution of AI-enabled computer crime under existing statutes covering identity fraud, computer fraud, and wire fraud, explicitly including the use of AI agents. No new offenses. A prosecutorial signal, pointed at existing tools.
That is the whole structure: defensive hardening, voluntary intelligence-sharing, classified evaluation, prosecution. Nothing in it binds a private AI developer to do anything.
How this differs from Trump’s own December order
The sharper comparison is internal: the June order against the administration’s previous one, signed less than six months earlier.
The December order is a demolition instrument. It directs the DOJ to challenge state AI laws as unconstitutional regulation of interstate commerce and leverages federal funding against states that keep them. Its named targets include state statutes on transparency and automated decision-making, the only binding AI-specific rules that exist anywhere in the American system. Its carve-outs are narrow: child safety, compute and data center infrastructure, and state government procurement.
The June order is the administration’s first construction project. A clearinghouse, a benchmarking process, a review window, prosecutorial priorities. After nearly a year and a half of removing oversight, this is the first time the administration has built any.
Read together, the two orders reveal the actual policy. The December order dismantles oversight that is public, legislated, and enforceable in open court. The June order constructs oversight that is classified, voluntary, and run by an intelligence agency. The administration does not oppose AI oversight as such. It opposes oversight it does not control and the public can see. Visible rules are treated as obstruction. Invisible review is treated as security.
One Biden-era contrast still matters for anyone who tracked the earlier framework: the direction of obligation has reversed. Under the revoked 2023 order, developers of the most powerful systems were required to share safety testing results with the government. Under the June 2026 order, developers decide what to share, and when. Everything else about the old comparison is now historical.
Why classified benchmarks are a governance problem
There is a defensible version of the secrecy argument: publishing exact capability thresholds could help developers train models that pass the tests without becoming safer.
But notice what the order does not contain: a definition of “covered frontier model.” The threshold is whatever the classified benchmarking process says it is. The scope of the regime is itself classified. Developers will not know where the line sits until the NSA tells them, on terms the NSA controls.
If the benchmarks are classified, independent researchers cannot verify them, civil society cannot scrutinize them, and international partners cannot align with them. A safety framework built on classified standards is not a transparent governance framework. It is a national security program. Both are legitimate things to have. They are different things, with different accountability logic.
The expert commentary has caught pieces of this. CSIS analysts question why Treasury leads while the agencies holding most of the government’s cyber expertise sit in consulting roles. Others note the government may simply lack the technical capacity to evaluate frontier systems at the pace AI is advancing. Both critiques are sound. Both stop short of the incentive question: the order assigns oversight to the actor with the strongest institutional incentive to keep it opaque, and makes participation voluntary for the actors with the strongest commercial incentive to skip it.
What this means beyond the U.S.
If your organization operates globally, you now manage two regulatory environments built on incompatible theories of responsibility.
On the EU side, the timeline just moved. On May 7, 2026, EU negotiators reached provisional agreement on the Digital Omnibus on AI, postponing high-risk obligations for Annex III systems from August 2, 2026 to December 2, 2027, and for product-embedded Annex I systems to August 2, 2028. Formal adoption is expected before August 2, and the new dates bind only once published in the Official Journal. Until then, August 2, 2026 remains a live compliance date.
The deadlines moved. The architecture did not. Risk classification, conformity assessments, human oversight, and penalties reaching 7% of global turnover all remain. The EU’s answer to the responsibility question is still developers and deployers, under public oversight. The U.S. answer is the market, watched by the national security apparatus from behind a classification wall.
There is a third audience here: everyone else. As Oxford’s Matthias Holweg put it, framing safety and competitiveness as a dichotomy will fuel calls for digital sovereignty, because using U.S. models becomes a riskier proposition. For governments and enterprises outside the U.S. and EU, a U.S. framework whose thresholds are classified offers nothing to assess, audit, or align with. That strengthens the case, already gathering force from Brussels to Ankara to New Delhi, for sovereign and open-source alternatives.
What to watch
Three things between now and August. Which labs opt into the pre-release window, and which quietly do not. Whether classified designations start leaking into procurement, insurance, and liability decisions that are never publicly explained. And whether the Mythos pattern, a lab unilaterally deciding what is too dangerous to release, becomes the de facto governance model this order quietly ratifies.
That last one is the real story. The U.S. has not built a system for governing frontier AI. It has built a system for watching the companies that govern themselves.
Until next week,
Nesibe
💬 Let’s Connect:
🔗 LinkedIn: [linkedin.com/in/nesibe-kiris]
🐦 Twitter/X: [@nesibekiris]
📸 Instagram: [@nesibekiris]
🔔 New here? Subscribe for weekly updates on AI governance, ethics, and policy! no hype, just what matters.