Policymakers are racing to manage the AI boom without stifling it. On June 2, 2026, President Trump signed an Executive Order titled Promoting Advanced Artificial Intelligence Innovation and Security (the “Order”), directing reviews of cybersecurity across federal agencies to harden government and private sector information systems against AI-enabled threats while simultaneously accelerating AI adoption. The Order arrives as next-generation AI models increasingly threaten existing cybersecurity measures and frameworks. The result is an attempt to foster public-private cooperation on security while avoiding formal regulation that could hamper innovation.

Government Upgrades with a Public-Private Clearinghouse

The Order begins with broad directives to enhance cyber defenses throughout the federal government. Within 30 days, in separate directives, the Committee on National Security Systems and the Pentagon must “prioritize the cyber defense of National Security Systems…and Department of War information systems by taking appropriate and expeditious action consistent with the purpose of [the Order].” Over the same timeline, DHS, through CISA, with input from OMB, and other Executive personnel will release “Binding Operational Directives and other guidance” to strengthen cybersecurity surrounding federal information systems and promote integration of AI-enabled cyber defense tools. The Order also aims to enhance access to cyber defense tools for specified beneficiaries at particular risk, including “State and local authorities, and operators of critical infrastructure such as rural hospitals, community banks, and local utilities.”

Some of these mandates dovetail well with ongoing statutory requirements coming out of last year’s National Defense Authorization Act Section 1512 and 1513 that required the Defense-wide review of cybersecurity requirements for AI applications and ultimately will lead to updates to the Defense Federal Acquisition Regulation Supplement (DFARS).

To support this government-wide overhaul, the Order directs the creation of “an AI cybersecurity clearinghouse, in voluntary collaboration with the AI industry and operators of critical infrastructure, that coordinates and deconflicts scanning for software vulnerabilities, discovers and validates such vulnerabilities, and coordinates and prioritizes remediation and distribution of vulnerability patches.”

Securing Early Access to Advanced Models

The Order also attempts to put government customers at the front of the line for new AI models that deliver significant capabilities. Section 3 of the Order directs the NSA, CISA, and Treasury (in consultation with the White House and NIST) to develop a system for identifying and fielding “covered frontier models.”

In a two-step procedure, specified agencies will first develop a classified benchmarking system for designating “covered frontier models” based on advanced cyber capabilities, with the option of sharing these assessments with AI developers and researchers. Once the benchmarking process takes form, the agencies are to design a “voluntary framework” by which AI developers can (1) engage the government to determine whether their model qualifies as a covered frontier model; (2) give the federal government access to covered models for up to 30 days before release to other trusted partners, subject to confidentiality, cybersecurity, insider-risk, and IP protections; and (3) collaborate with the government to select trusted partners who will receive early access to covered models in order to promote secure innovation and strengthen critical infrastructure cybersecurity.

While priority access to advanced models is essential, the Order explicitly disclaims any federal regulatory requirements that might inhibit AI development, to include “mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.”

Criminal Enforcement Prioritization

Section 4 of the Order directs the Attorney General to prioritize prosecution of individuals who use AI to unlawfully access or damage computer systems, including the use of AI agents to access data subsequently used for criminal purposes. This provision reinforces existing federal statutes, including the Computer Fraud and Abuse Act and wire fraud laws, but signals heightened prosecutorial attention to AI-assisted cybercrime.

Takeaways for Contractors:

  • Potential Acceleration for Compliance Requirements: The Order’s directives to defense and intelligence agencies, including the call for Binding Operational Directives, will likely produce updates to cybersecurity compliance requirements for contractors. Mandates for federal agencies frequently migrate into government contract clauses, sector-specific regulations, and cybersecurity frameworks that ultimately bind private industry. This could mean major system upgrades for companies operating under frameworks such as CMMC (Cybersecurity Maturity Model Certification) and DFARS cybersecurity clauses. As we previously discussed in Law360, the government has options for raising cyber defense walls or shifting paradigms in ways that could require significant investment from industry participants.
  • An Opportunity for Engagement and Input. The AI cybersecurity clearinghouse and “covered frontier model” frameworks offer opportunities for voluntary engagement to shape requirements and build trust. For companies providing services through proprietary AI models, the Order suggests new expectations around contractor participation in government-coordinated security efforts. Contractors using or developing AI tools should begin evaluating whether any of their systems could qualify as covered frontier models. Early engagement with voluntary processes could inform better product alignment with government security expectations.
  • Review Internal Controls Governing AI and Cyber Crime. The Order’s focus on prosecution of AI-assisted crime should prompt all companies to review their AI acceptable use policies and insider risk programs. Whether or not you are an “AI company,” AI tools are increasingly mainstream. Threat mitigation and detection will be key to limiting harm from bad actors and enforcement actions.

The Order reflects a strong desire to avoid interfering with AI innovation while moving slowly toward some regulation for frontier models. OpenAI came out with its own push for a somewhat more expansive regulatory scheme for frontier models just one day after the Executive Order. Regardless of how the regulatory landscape ends up looking for frontier AI companies, advancing models will undoubtedly mean increased security requirements and higher compliance costs for contractors. For help implementing updates consistent with the evolving landscape of AI, contact Fluet’s Government Contracts team.