On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several priorities included in President Trump’s Cyber Strategy for America, released in March 2026.[1] The Executive Order declares, “It is the policy of the United States to promote AI innovation and security by working collaboratively with the private sector to modernize government and private sector information systems and harden them against external threats; to protect American ingenuity and intellectual property from exploitation and theft by adversaries; and to cultivate America’s advanced AI-enabled capabilities.”
The Executive Order is notable not only as an AI policy document, but also as a cyber governance document. It signals that the federal government increasingly views advanced AI as both a defensive capability and a national security-sensitive technology that will require closer coordination among agencies, critical infrastructure operators, and leading AI developers. For in-house counsel, that means AI governance, cybersecurity, intellectual property protection, critical infrastructure resilience, and law enforcement engagement are continuing to converge.
To advance this policy, the Executive Order focuses on three main topics: (1) Upgrading American Systems for Advanced AI, (2) Secure Frontier Model Deployment, and (3) Protection Against Criminal Actors. In addressing these areas, the Executive Order stresses that the Administration will continue “to work closely with industry to ensure that the best and most secure technology is deployed rapidly to confront any and all threats to our country” and “lead an America First cybersecurity effort that enhances both our national security and our global AI dominance.”
The Executive Order does not impose a comprehensive AI regulatory regime or create a mandatory licensing requirement for frontier models. Instead, it directs near-term agency action and emphasizes voluntary collaboration with the private sector. That structure may be particularly important for companies that operate critical infrastructure, provide technology to government or regulated sectors, develop or deploy advanced AI models, or rely on AI-enabled cyber tools as part of their enterprise security programs.
Upgrading American Systems for Advanced AI
The Executive Order first focuses on tactical actions related to the prioritization of cyber defense of American information systems. It directs the Director of the Cybersecurity and Infrastructure Security Agency (CISA), in consultation with the Director of the Office of Management and Budget (OMB), the Assistant to the President for National Security Affairs, and the National Cyber Director to release, within 30 days, Binding Operational Directives and other guidance to “expedite and prioritize the cyber defense of civilian Federal Government information systems” and “establish or expand Federal programs and cybersecurity services that enhance AI-enabled defensive tools.” The Executive Order states that the Binding Operational Directives and other guidance shall “facilitate access to cybersecurity tools and services including, where appropriate, covered frontier models for agencies, State and local authorities, and operators of critical infrastructure such as rural hospitals, community banks, and local utilities.” It also directs the Director of OMB, in coordination with the National Cyber Director and the Director of CISA to determine, within 30 days, whether any federal grant programs have funding “that can be directed toward applicants developing advanced AI vulnerability detection.”
For companies, this portion of the Executive Order may have practical implications beyond the federal government. Companies that provide technology, cybersecurity services, cloud infrastructure, managed services, or other critical support to federal agencies, state and local governments, or critical infrastructure operators may expect increased attention to AI-enabled defensive capabilities, vulnerability detection, and secure deployment practices. If AI-enabled cyber defense tools become a baseline expectation, existing government contracts, critical infrastructure obligations, information-sharing arrangements, and vendor commitments may not have been written with that understanding.
The Executive Order also directs the Secretary of the Treasury, in consultation with the National Cyber Director, the Director of the National Security Agency (NSA), and the Director of CISA, within 30 days, to “form an AI cybersecurity clearinghouse, in voluntary collaboration with the AI industry and operators of critical infrastructure, that coordinates and deconflicts scanning for software vulnerabilities, discovers and validates such vulnerabilities, and coordinates and prioritizes remediation and distribution of vulnerability patches.” This echoes National Cyber Director Sean Cairncross’s remarks at the USTelecom’s Cybersecurity Innovation Forum in March 2026, noting that the Administration was focused on improving the sharing of actionable information by the government and ensuring new technology and solutions can be deployed more quickly by the federal government and critical infrastructure entities than in the past.
The proposed clearinghouse also underscores a developing policy theme: vulnerability management through advanced AI is becoming more coordinated, more visible, and potentially more consequential. Faster information-sharing and remediation expectations will test the maturity of companies’ vulnerability disclosure programs, patch-management governance, software supply-chain controls, and incident-escalation procedures.
Secure Frontier Model Deployment
The Executive Order then turns to the assessment and use of “covered frontier models” to “promote secure innovation and strengthen the cybersecurity of critical infrastructure.” It directs the Secretary of the Treasury, the Director of NSA, and the Director of CISA, in consultation with the White House Chief of Staff, through the National Cyber Director, the Assistant to the President for Science and Technology (APST), and the Director of the National Institute of Standards and Technology (NIST), within 60 days, to “develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold at which an AI model should be designated a ‘covered frontier model’ for the purposes of this order, sharing such assessments with AI developers and researchers as appropriate.”
The classified benchmarking process is significant because it suggests that the government will seek to evaluate not only whether advanced models are useful for cybersecurity, but also whether their capabilities may create national security or cyber misuse concerns. For developers and deployers of advanced AI systems, that posture places a premium on documented model evaluation, access controls, red-teaming, cybersecurity safeguards, insider-risk controls, and limits on high-risk uses.
The Executive Order also directs the agencies, within 60 days, to “design a voluntary framework with AI developers” through which those developers could: (i) engage with the federal government to determine whether their model(s) under development constitute “covered frontier models”; (ii) provide the federal government with access to covered frontier models –– “subject to appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements” –– for a period of up to 30 days before the model is released to other trusted partners; and (iii) collaborate with the federal government to “select trusted partners that will have early access to covered frontier models.” Additionally, the Executive Order reiterates that “[n]othing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.”
The voluntary nature of the framework should not obscure its practical importance. Participation in government benchmarking or pre-release access programs may raise questions involving confidentiality, intellectual property protection, export controls, insider-risk management, contractual restrictions, board oversight, and disclosure controls. It also raises several threshold governance questions: who within the organization has authority to engage with government agencies regarding advanced model access, what protections must be in place before model access is provided, and how will any government feedback be evaluated, escalated, and documented.
More broadly, the Executive Order places frontier-model deployment within the same governance conversation as cybersecurity, critical infrastructure, and national security. That convergence may be relevant to board reporting, enterprise risk management, and AI governance programs, particularly for companies whose AI systems could be used to discover vulnerabilities, automate cyber activity, support software development, or interact with sensitive enterprise systems.
Protection Against Criminal Actors
Finally, the Executive Order directs the Attorney General to prioritize the enforcement of federal criminal laws, including 18 U.S.C. § 1028 (identity theft), § 1030 (computer fraud and abuse), and § 1343 (wire fraud), “against anyone who utilizes AI to illegally access or damage a computer without authorization, or who utilizes AI while engaged in such illegal access to further any other crime” including by “employing AI agents to unlawfully access data or information that is subsequently used for a criminal or unlawful purpose.”
This enforcement focus is also relevant for companies that may be victims of AI-enabled intrusions or that discover misuse of their own AI tools, credentials, platforms, or infrastructure. It places heightened importance on whether incident response plans adequately address AI-enabled attacks, including the use of autonomous agents, credential misuse, automated vulnerability exploitation, data exfiltration through AI tools, and downstream criminal use of stolen data. It also raises the stakes for escalation protocols governing law enforcement engagement and evidence preservation when AI-enabled criminal activity is suspected.
The Latest Tactical Implementation
The Executive Order represents the Administration’s latest efforts to translate the Cyber Strategy into tactical action and adapt to evolving technologies. It also reinforces a broader policy direction: the federal government is seeking to use AI to improve cyber defense, while simultaneously monitoring the cyber capabilities and potential misuse risks of advanced AI systems.
One immediate takeaway is that AI and cybersecurity are being treated as a combined governance priority. Boards, regulators, and counterparties are increasingly likely to ask how a company evaluates AI-enabled cyber risk, how it secures and monitors advanced AI deployments, how it manages its government and critical infrastructure relationships, and how its leadership oversees the intersection of AI innovation, cybersecurity, and national security.
[1] Sidley’s earlier Data Matters post on the Cyber Strategy is available here.
