In a significant shift from his earlier stance, US President Donald Trump has signed an executive order that allows artificial intelligence companies to voluntarily submit their most advanced models for national security review up to a month before public release. The order, signed late Tuesday, establishes a framework for federal agencies to assess risks posed by cutting-edge AI systems, particularly those with potential cybersecurity implications.
The move comes just weeks after Anthropic, the AI safety company behind the Claude model, released its new cybersecurity system, Mythos. Reports indicate that Mythos is capable of identifying vulnerabilities in software globally, prompting key members of the Trump administration to issue warnings to tech CEOs. Anthropic initially granted access to a small group of partners but announced on Tuesday that it would extend access to 150 additional organisations, potentially including the European Commission, according to US media.
The executive order states that “advanced AI capabilities make our nation stronger, but also introduce new national security considerations that require coordinated action across executive departments and agencies.” It gives various US agencies a 30-day deadline to prioritise the administration's cyber defences by expanding access to AI. Additionally, the order establishes a “cybersecurity clearinghouse” that “coordinates and deconflicts scanning for software vulnerabilities.”
European Implications and Industry Reaction
For European policymakers and tech companies, the order signals a potential shift in transatlantic AI governance. The European Union has been at the forefront of AI regulation with its AI Act, which imposes strict requirements on high-risk systems. The voluntary nature of the US framework contrasts sharply with the EU's mandatory compliance model, potentially creating a regulatory divergence that could affect companies operating on both sides of the Atlantic. Brussels-based officials are likely to scrutinise how the US approach interacts with European data protection and security standards.
Anthropic called Trump's order “an important step in strengthening America’s leadership in AI,” according to the Associated Press, and said it looks forward to collaborating with the White House to support its implementation. Its chief rival, ChatGPT maker OpenAI, also described the policy as an important step, as did Google. The industry-wide support suggests that major AI developers see value in a voluntary vetting process, even as they navigate differing regulatory landscapes in Europe and elsewhere.
Trump had previously declined to sign an executive order on AI in May, citing concerns about compromising the US innovation lead over China, widely seen as America's closest competitor in AI development. The change in approach appears directly linked to the Anthropic security scare, which highlighted the dual-use nature of advanced AI models. The incident also underscores the growing importance of cybersecurity in AI governance, a topic that resonates strongly in Europe given recent incidents such as drone security gaps exposed after a Romanian incident.
For European companies like Stellantis, which is investing heavily in electric vehicles and hybrid models, the intersection of AI and cybersecurity is becoming increasingly critical. The automotive giant's €1 billion investment in a French plant for new EV and hybrid models relies on AI-driven manufacturing and software systems that could be vulnerable to the kind of exploits Mythos is designed to detect.
The executive order also raises questions about the future of AI safety evaluations in Europe. While the EU AI Act mandates conformity assessments for high-risk AI systems, it does not currently include a pre-release national security review similar to the US framework. European Commission officials may consider whether to introduce voluntary or mandatory vetting mechanisms, especially given the potential for AI models to be used in cyberattacks against critical infrastructure across the continent.
As the US moves forward with its voluntary approach, European leaders will be watching closely. The order's emphasis on cyber defence and vulnerability scanning aligns with broader European efforts to bolster digital resilience, but the voluntary nature of the programme may not satisfy those who advocate for stricter oversight. With Anthropic's Mythos already being tested by partners that could include EU institutions, the pressure is on Brussels to respond with a coherent strategy that balances innovation with security.
