720-891-1663

Alerts

AI EO, AI Bill, Oh My!

Leave a comment

Two weeks ago the president cancelled the signing of an AI Executive Order when his campaign donors were unhappy with it. This week he signed a new EO, pretty quietly, that included some parts of the first EO.

Some parts of the administration understand that with software like Mythos, not even fully released yet, finding 23,000 bugs in just a thousand of the millions of open source projects out there, the lame security policies that the government currently has will lead to disaster. Others, however, don’t want to put any controls on campaign donors and, apparently, they won as the first draft EO signing was cancelled.

A key part of the actually signed version is a request that large AI companies like OpenAI and Anthropic voluntarily submit their new models to a classified team at the NSA to assess them before they are released.

The new EO makes it clear that there is no mandatory anything, meaning AI developers can choose to play in the government’s sandbox or not. The president reversed many of the AI governance initiatives that the last administration had put in place and now, more than a year later, they are trying to figure out what to do.

A big part of the EO applies to the government’s own systems which are, based on all of the breaches we have seen, not terribly secure. The EO requires:

  • The Committee on National Security Systems (CNSS) must, within 30 days, prioritize the defense of systems that the intelligence community uses.
  • The DoD must prioritize the protection of its own systems
  • And, CISA, must also issue directives and guidance to strengthen the security of the rest of the federal government’s systems

All within 30 days. All with no new money and no new people.

The EO also tells CISA, which is down over a 1,000 employees and billions of dollars in budget, to figure out how to protect state and local government systems and the systems of critical infrastructure.

Again, all with no new money or people.

The security of the systems belonging to small rural hospitals, community banks and local utilities, of which there are tens of thousands, if not more, are also included.

Again, all with no money or people.

This is, of course, where magic occurs, because that is the only way this can work.

The Treasury is supposed to form a clearinghouse with VOLUNTARY cooperation from AI companies and critical infrastructure. Hmmm. Interesting. Not sure how well that will work.

Within 60 days, the NSA, CISA, Treasury, NIST and others must develop some kind of “benchmark”, which will be CLASSIFIED to make sure we don’t know what they find, for evaluating the capabilities of AI models. If the classified report, which the model developers will not be able to see, says the system you are developing is considered a frontier model (new and cool), you will receive unwanted scrutiny.

The EO also tells Justice to prioritize enforcement of federal computer crime laws. Again, Justice is not exactly brimming with new talent. Prosecuting cybercrime requires that you understand cybercrime. With hundreds and hundreds of lawyers having quit, that could be hard.

And, there is more.

At the same time Congress is proposing a new AI bill that would nuke existing state level AI laws, which, of course, will make developers of AI software happy, but, due to lobbying, will probably be weak and ineffective.

Called the Great American AI Act, the sponsors say it would protect workers and establish real accountability for the top handful of AI products, ignoring the thousands of other products and position the US to lead on AI.

For those few AI systems that the bill would cover, the developers would need to publish and follow plans to address catastrophic risk, report safety incidents and submit to third party audits.

Under this bill, the COMMERCE DEPARTMENT and not the NATIONAL SECURITY AGENCY would be responsible for establishing AI safety standards. They would do this through a new group, the Center for AI Standards and Innovation (CAISI). The standards would cover cybersecurity requirements, risk thresholds and reporting deadlines for security incidents. Again, only for the handful of companies that the bill would cover.

The bill would require AI companies to report risks tied to large scale workforce disruption (i.e. mass firings) which would alter job functions, reduce labor demand or create economic instability in critical sectors but not in the economy in general.

OpenAI, seeing some ugly handwriting on the proverbial wall, wants its software EVALUATED by federal experts, but does not want the feds to have any CONTROL over how the models are deployed.

Like the proposed bill, they want the models evaluated by the Department of Commerce (CAISI) rather than the NSA for a variety of reasons. Their proposal is about wrestling this review out of the hands of the NSA.

Another requirement that OpenAI wants is a prohibition on the government from using AI systems that have not passed an evaluation. To say this is self-serving is polite. This favors companies like OpenAI, Google, Microsoft and Anthropic and puts startups basically out of the running for government business.

Many of OpenAI’s proposed requirements are specifically designed to kill off small companies and startups by adding cost and requirements – their potential new competition. Gee, who would have guessed that they would do that.

Definitely, stay tuned.

Credit: CSO Online and Cybernews and CSO

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 CyberCecurity, All rights reserved. Privacy Policy