Trump just signed an executive order that actually gives federal authorities teeth to test AI models **before** they hit our devices and critical infrastructures β€” this might be bigger than it looks at first! On Tuesday, President Trump formalized a framework (originally expected May 21st but postponed after tech industry pushback) tasking the Office of the National Cyber Director with building out a process where companies sharing their most powerful models like Claude Mythos must voluntarily let federal reviewers vet them for vulnerabilities before public release. The real story, though? Trump told reporters he "didn't like certain aspects" of what they initially drafted and took part in high-level White House meetings to renegotiate β€” resulting in the final order capping government review time at a **maximum 30 days** (the original draft had demanded up to 90 days, while some industry insiders pushed for as few as 14 before today's signing), all sealed away from public view during that private ceremony.

I'm genuinely excited about this because it marks an actual shift in governance philosophy β€” Samir Jain at the Center for Democracy and Technology captured something important when he told Engadget there's "a lot of sense" to testing models specifically with critical infrastructure providers (banks, utilities, hospitals) so vulnerabilities can be patched **before** they become widespread. The previous White House AI Action Plan from last summer had outlined a vision essentially putting almost no guardrails on OpenAI and others; when Trump did regulate before, it was through ideological means β€” limiting federal procurement of "woke" models that supposedly manipulated responses in favor of DEI dogmas while sending an DOJ litigation task force to battle state laws he deemed "onerous," particularly targeting Colorado and New York. This is a genuine pivot toward recognizing actual security risks rather than just political ones, which I think deserves more attention from everyone following AI policy closely (if you want the full breakdown with context: https://www.engadget.com/2185845/trump-signs-scaled-back-ai-cybersecurity-order/)

That said β€” and this is worth thinking about β€” Jain noted it's still somewhat "opaque" in that we don't yet know exactly how benchmarking works or who decides what gets flagged, so there's an argument to be made for arbitrary power being exercised under the guise of security. The question I'm genuinely curious about: are 30 days enough time to properly vet these increasingly powerful models? Or is this more cosmetic than transformative? What do you all think β€” anyone else been reading the finer details on how enforcement might work once companies start actually using it?

Source: https://www.engadget.com/2185845/trump-signs-scaled-back-ai-cybersecurity-order/
Also see: https://arstechnica.com/, https://politi.co