AI models are developing rapidly, and Washington may be struggling to keep pace with the cybersecurity vulnerabilities they may expose. President Trump’s June executive order attempts to narrow that gap by creating a voluntary framework for certain frontier models and directing federal agencies to strengthen cyber defenses, identify vulnerabilities, and coordinate patching. But the order also raises challenging questions about implementation, agency capacity, innovation, and whether a voluntary framework could become coercive in practice. In this crossover episode with Scaling Laws, Shane and Kevin Frazier examine what the order does, what it leaves unresolved, and how policymakers can respond to AI-enabled cyber risks while preserving American AI leadership and clear limits on government power.
Kevin Frazier is the director of the AI Innovation and Law Program at the University of Texas at Austin School of Law and a senior fellow at the Abundance Institute. He has testified before Congress on artificial intelligence and emerging technology issues and is a senior editor at Lawfare.
Below is a lightly edited and abridged transcript of our discussion. You can listen to this and other episodes of Explain to Shane on AEI.org and subscribe via your preferred listening platform. If you enjoyed this episode, leave us a review, and tell your friends and colleagues to tune in.
Shane Tews: What does the June AI cybersecurity executive order try to address?
Kevin Frazier: This executive order built on what people have referred to as the “Mythos moment,” when highly capable AI models began demonstrating the ability to identify and exploit software vulnerabilities. We saw it first with Mythos, and then we saw it with ChatGPT 5.5.
There seems to have been a reckoning moment in the White House. If these models are released, they could lead to a range of potentially bad scenarios, including critical infrastructure operators experiencing issues because of new cyber vulnerabilities they have not patched, or government systems not functioning as intended. Something appears to have gotten through to the administration: If a model demonstrates highly capable cyber functionality, then society needs some effort to become more resilient and prepared for whatever those cyber capabilities may be.
In May, it looked like we were going to get an executive order tackling what people refer to as pre-deployment testing. Before a model is released to the general public, the idea was to have some period, what Dean Ball and I have called a “kick the tires” period, where the government can get a sense of how capable the model is and what steps it needs to take to make sure its own systems are ready for that model becoming ubiquitous.
The initial voluntary framework called for a 90-day testing period before highly capable AI models were generally released. A lot of people responded that 90 days is basically an eternity in the AI space. As my colleague at the Abundance Institute, Neil Chilson, pointed out, over one 90-day period within the last year or so, roughly six different models were released. Trying to test anything robustly and earnestly over a 90-day period is quite extensive and quite difficult.
Rumor has it that someone caught President Trump’s ear, whether by whispering, tweeting, posting on Truth Social, or making a phone call. Some have said David Sacks, the former AI czar, was particularly influential and urged the president not to move forward with that version of the executive order because of concerns that pre-deployment testing could set the country back in keeping up with China and continuing to lead on AI development.
The White House then went quiet for about ten days or two weeks. On June 2, a new executive order was signed. It reduced the voluntary testing period for highly capable models to 30 days and included a number of cyber resilience mechanisms, including leaning into existing cyber funds and CISA’s ability to issue binding operational directives for agencies to patch their systems and follow cyber best practices.
Since the order leans on CISA, the federal government’s cybersecurity agency, to help strengthen cyber resilience, what implementation questions still need to be answered?
It is ironic that cybersecurity is all about regular updates and patches, and yet Congress has not set a recurring update for the federal government’s cybersecurity agency.
From a workforce recruitment and retention perspective, well before AI, there were already calls for more cybersecurity experts in the federal government. I do not think that has been resolved. We have seen a reduction in CISA’s workforce, and the new director is trying to hire some people back, but not nearly at the pace necessary to make sure the government stays ahead of these AI issues.
There are other open questions as well. The executive order does not specify whether companies are expected to allow 30 calendar days of testing or 30 business days of testing. That could make a difference.
Questions about when and how labs are expected to engage with the federal government are also open-ended and important. Are we going to see some sort of concierge service where a government official helps guide companies through the process? Will there be a clear timeline once a company enters the voluntary framework? How quickly should companies expect the review to occur?
These are major questions for frontier labs. It will also be telling to see whether the administration meets the deadlines set out in the executive order. Previous AI-related executive order deadlines have slipped, so the timing of implementation will matter.
The framework is described as voluntary, but could it become something more coercive.
I am sure we can both list some friends who have already called foul on this “voluntary” framework, saying it could quickly become something much more coercive. For example, a future president or some administration could say, “We are so glad that company X participated in our voluntary framework and they are fantastic.” We can imagine that kind of post or press release having clear business ramifications and possibly political ramifications.
On the other side of the coin, we can also imagine some companies being called out for not going through that voluntary framework. From a rule-of-law perspective, that raises real questions about this loose voluntary framework and how voluntary it actually is.
What questions remain about which AI models qualify for this voluntary framework?
I wonder when we will see an answer from the National Security Agency. The NSA is the one tasked with coming up with what qualifies as a covered model for this potential voluntary framework. A lot of people have questioned why it is the NSA, and why this is a classified process for identifying what qualifies as a covered frontier model.
Why not place this in something like CAISI, the Center for AI Standards and Innovation, which presumably has quite a high degree of AI expertise?
The question of what distinguishes a risky model from a non-risky model is becoming harder. At one point, we may have been able to say the amount of compute or the number of FLOPs involved with a model was a good proxy for the power, risks, and capabilities it may pose. But now, as open-source models become highly capable themselves and are not lagging too far behind the frontier, how do we begin to change that definition of what is truly risky and warrants review by the federal government?
What does AI mean for workforce development and education?
I love that idea of an infinity loop because we have to accept the fact that a sort of one-and-done approach to education just isn’t going to fly in the age of AI. Folks are going to need to constantly be having opportunities to retrain, and upskill, and learn new tasks, and take on new job functionalities, and so on and so forth.
If someone says, “I made it to 18,” or “I made it to 22, and I am done with education for the rest of my life,” that probably will not work out if we need more foundational retraining opportunities. There is also a concern that companies do not have enough incentive to provide that retraining, especially for young employees.
I saw a statistic that the average job tenure of a Gen Z-er within the first five years of their career is 1.1 years. If an employer sees a Gen Z employee walk through the door, they may wonder whether it makes sense to spend the next three to six months training that person on the next job and the next skills. That puts a real burden on workforce development policy thinkers to ask, “How can we make it such that it is in the interest of both the employer and these young workers to pick up those skills?”
That’s one question I hope policymakers grapple with more because looking at how we can change tax incentives around how and when you provide training is really important right now. For example, the cap on the amount of funds that companies can be reimbursed for when they provide training is quite low. Maybe we could look at increasing that. Maybe we can look at really creative solutions like income sharing agreements, where if a company provides enough training to an employee, the employee helps pay for it later if they leave for a more lucrative opportunity.
One question I think is understudied is whether we are entering what I have called a “tokenocracy,” where certain corporations and individuals have access to better AI and more AI: more tokens, more availability, and better tools than everyone else.
In the legal community, for example, Kirkland & Ellis is developing its own proprietary AI tool. That is great news for Kirkland & Ellis clients and partners. I am not sure it is great news for other legal firms that do not have the budget or the tokens available to develop that kind of AI expertise and those AI tools.
So how do we begin to think about the bifurcation of the economy into AI haves and AI have-nots, whether that is because of a lack of literacy or a lack of access to the actual tools? I think that may be an emerging policy issue.
