Table of Contents

The Trump administration is studying an executive order that would require FDA-style pre-release safety vetting for frontier AI models, a sharp reversal from its December 2025 deregulatory posture. NEC Director Kevin Hassett confirmed the drafting on May 6, citing Anthropic’s Mythos model as the trigger, but Chief of Staff Susie Wiles walked back the proposal within 24 hours, leaving the policy in limbo while an internal power struggle between Commerce and the intelligence community plays out.

The Reversal: From Broadband Preemption to FDA-Style Gatekeeping

In December 2025, President Trump signed EO 143651, which threatened to withhold billions in broadband BEAD funds from states with “onerous” AI laws. The order established a clear deregulatory posture: federal preemption over state-level AI rules, minimal burden, and no centralized gatekeeping. Five months later, the same administration is studying the opposite approach.

The pivot was not subtle. On May 6, 2026, Hassett told Bloomberg Law2 that the White House is preparing an executive order to boost AI security, with a model that would require frontier systems to undergo pre-release federal safety review. The mechanism he chose was telling: the FDA drug-approval process3.

What Hassett Said (and What Wiles Unsaid)

Hassett’s choice of words on May 6 was precise enough to alarm anyone shipping model weights. New AIs should be “released to the wild after they’ve been proven safe, just like an FDA drug,” he said, according to Yahoo News3. The implication is a federal pre-clearance docket: a lab submits a frontier model, waits for review, and receives either approval or a hold.

Less than 24 hours later, Chief of Staff Susie Wiles told the same outlet3 that the administration is “not in the business of picking winners and losers” and wants to empower innovators “not bureaucracy.” The walkback was direct, public, and fast. It also exposed that the White House does not have a unified position on AI gatekeeping.

The disagreement runs deeper than press statements. According to Daily AI Digest4, an internal “knife fight” pits the Commerce Department’s CAISI program, which runs voluntary testing partnerships with Google, Microsoft, and xAI, against the White House Office of the National Cyber Director, who wants mandatory evaluations under intelligence community control. CAISI’s partnership announcements were pulled from its website at the National Cyber Director’s request.

The Anthropic Trigger: Mythos and the CVE-2026-4747 Debate

The proximate cause for Hassett’s disclosure was Anthropic’s April 2026 release of Claude Mythos Preview, a model that demonstrated autonomous vulnerability discovery. Anthropic’s disclosure included the identification of CVE-2026-47475, a stack buffer overflow in FreeBSD’s RPCSEC_GSS module that had sat undetected for 17.5 years.

The Mythos disclosure prompted immediate policy reaction, but the technical narrative has since complicated. Flying Penguin’s analysis5 shows that the same FreeBSD bug was subsequently reproduced using Claude Opus 4.6 and small open-weight models, challenging the framing that such discoveries require frontier-scale capability. If the exploit chain can be built with smaller systems, the case for frontier-exclusive gatekeeping weakens.

Inside the Knife Fight: Commerce vs. the Intelligence Community

The structural tension is between two federal approaches to AI safety review. Commerce’s CAISI model is voluntary, partnership-based, and already has Google, Microsoft, and xAI participating. The National Cyber Director’s alternative is mandatory, intelligence-community-controlled, and would presumably cover any model classified as “frontier” by federal criteria.

Daily AI Digest reported4 that CAISI’s partnership announcements were pulled from its website at the request of the National Cyber Director’s office, a move that signals which faction currently has the upper hand in internal negotiations. The outcome will determine whether any future EO resembles a voluntary standards program or a classified-clearance process.

The medium-confidence sourcing on this internal conflict warrants caution. What is confirmed is that Wiles’ public walkback and the Hassett disclosure happened within a day of each other, which is not the behavior of an administration with a settled policy.

OpenAI’s EU Trial Balloon: GPT-5.5-Cyber and Asymmetric Access

While the White House fights over mandatory vs. voluntary federal review, OpenAI is testing the voluntary approach abroad. On May 11, 2026, OpenAI announced EU access to GPT-5.5-Cyber for vetted cybersecurity teams6, including the EU AI Office, under its “Trusted Access for Cyber” program.

Anthropic has taken the opposite path. The company has held four to five meetings with EU regulators6 but has not provided concrete access to Mythos, leaving the EU AI Office unable to review the model, according to The Parliament Magazine7 and CSO Online8.

The asymmetry is now a pattern. OpenAI offers regulator access to keep models shipping; Anthropic withholds access while talking. Both are rational competitive strategies, but they produce different regulatory relationships. The EU is getting a live demonstration of what voluntary access looks like when one lab cooperates and the other deflects.

What This Means for Frontier Labs: Release Calendars as Regulatory Artifacts

If the National Cyber Director’s version of the EO prevails, frontier labs face a fundamental operational shift. The current model is internal red-team sign-off followed by public release. The proposed model adds a federal pre-clearance docket with an undefined timeline. Release calendars become regulatory artifacts, not marketing decisions.

The cost structure changes accordingly. A new flagship model would carry not just training compute and inference infrastructure, but a clearance timeline of unknown duration. Labs would need compliance staff capable of interfacing with federal reviewers, and the review criteria themselves would likely be classified or at least unpublished, making pre-submission preparation guesswork.

OpenAI’s EU trial balloon suggests one way to thread the needle: offer regulator access voluntarily in exchange for continued shipping rights. Anthropic’s EU holdback suggests another: keep the model domestic, negotiate slowly, and accept the regulatory friction. Neither approach guarantees what matters most to labs, which is predictability. A federal docket with no published SLA, no appeal mechanism, and criteria that may shift with the internal power balance is not a compliance framework; it is a political variable.

For now, the only certainty is uncertainty. Wiles walked back Hassett. CAISI’s partnerships got pulled. The EU has OpenAI’s cyber model and not Anthropic’s. And the December 2025 EO that threatened states with deregulation now shares a White House with a proposal for federal gatekeeping. The contradiction is the policy.

Frequently Asked Questions

What concrete delays would FDA-style review introduce for model release cycles?

The FDA’s standard New Drug Application review runs 10-12 months, with priority review at ~6 months. If a frontier AI EO adopted comparable timelines, a lab shipping on a 3-4 month cadence would face release cycles of 9-16 months — freezing competitive positioning for any model caught in the federal docket.

How does this proposal differ from the EU AI Act’s approach?

The EU AI Act classifies systems into risk tiers (banned, high, limited, minimal) and imposes post-market compliance obligations — models ship first, then face ongoing requirements. The Hassett proposal inverts this: pre-market federal clearance before any public release. The EU model lets innovation proceed under supervision; this would gate it entirely.

Would open-weight model releases fall under the vetting requirement?

That depends on how ‘frontier’ is defined — a threshold the Mythos debate itself has complicated. If CVE-2026-4747 was reproducible with small open-weight models, capability-based thresholds could capture releases well below the flagship tier. The December 2025 EO’s $42.45 billion BEAD leverage already shows the administration’s willingness to use spending power to enforce AI policy across a broad surface.

What happens if the National Cyber Director’s mandatory approach wins over Commerce’s voluntary CAISI model?

CAISI’s partnerships with Google, Microsoft, and xAI would shift from voluntary benchmarks to compulsory classified-clearance evaluations. Labs without existing intelligence-community relationships would need to establish them, and review criteria would likely be classified — raising the barrier for new entrants and smaller frontier labs relative to incumbents already embedded in federal defense contracts.

Footnotes

  1. TechInformed - Trump AI order threatens broadband funds for states with onerous rules

  2. Bloomberg Law - White House prepares order to boost AI security, Hassett says

  3. Yahoo News - Trump administration not picking AI winners and losers 2 3

  4. Daily AI Digest - Commerce vs. the spies: a knife fight over AI 2

  5. Flying Penguin - FreeBSD CVE-2026-4747 log suggests Mythos is a marketing trick 2

  6. PYMNTS - OpenAI offers EU access to new cyber model as Anthropic talks continue 2

  7. The Parliament Magazine - Anthropic shuts the EU out of its most advanced cyber AI model

  8. CSO Online - European authorities without access to Anthropic’s AI for hacking

Topics:
ai-regulation frontier-ai trump-administration anthropic openai executive-order fda

Sources

  1. TechInformed - Trump AI order threatens broadband funds for states with onerous rulesprimaryaccessed 2026-05-18
  2. Bloomberg Law - White House prepares order to boost AI security, Hassett saysprimaryaccessed 2026-05-18
  3. Yahoo News - Trump administration not picking AI winners and losersprimaryaccessed 2026-05-18
  4. Daily AI Digest - Commerce vs. the spies: a knife fight over AIanalysisaccessed 2026-05-18
  5. Flying Penguin - FreeBSD CVE-2026-4747 log suggests Mythos is a marketing trickcommunityaccessed 2026-05-18
  6. PYMNTS - OpenAI offers EU access to new cyber model as Anthropic talks continueprimaryaccessed 2026-05-18
  7. The Parliament Magazine - Anthropic shuts the EU out of its most advanced cyber AI modelprimaryaccessed 2026-05-18
  8. CSO Online - European authorities without access to Anthropic's AI for hackinganalysisaccessed 2026-05-18

Related Articles

Ethics, Policy & Safety

California SB 1119 and AB 2023 Cleared Committee April 21: Companion Chatbots Owe Annual AG-Filed Audits

California companion-chatbot bills advanced in April 2026, mandating annual AG-filed audits, hard usage caps for minors, and per-child civil liability.

 Ethics, Policy & Safety

Connecticut SB 5 Passes May 1: AI Provenance, AEDT Disclosures, and Chatbot Guardrails by 2027

Connecticut SB 5 requires provenance for large generative platforms by October 2026, AEDT disclosures for HR tools, and companion-chatbot guardrails for minors by January.

 Ethics, Policy & Safety

EU Commission's May 8 Article 50 Draft Guidelines Pin AI Disclosure to an 'Average Consumer' Test

The EU Commission's May 8 draft guidelines set an 'average consumer' standard for AI disclosure exemptions under Article 50, with a multi-factor vulnerable-group test that.

Enjoyed this article?

Stay updated with our latest insights on AI and technology.

More Articles Subscribe via RSS