Trump kills AI safety review, betting speed over defense

On May 21, 2026, the Trump administration abandoned a structured pathway for federal review of frontier AI models before public release. The executive order, negotiated for weeks between the White House, AI companies, and national security officials, would have required labs to share models with CISA, the Office of the National Cyber Director, and OSTP 90 days before deployment. Trump declined to sign, citing the need to preserve US speed against Chinese competition. The decision removes the only formal mechanism for government assessment of cyber-capable models and leaves critical infrastructure operators without advance notice of offensive AI capabilities.

The immediate trigger was Anthropic's Mythos Preview. Released in April 2026, Mythos represents a step-change in autonomous vulnerability discovery. It has identified thousands of zero-day exploits across every major operating system and web browser, with 99% still unpatched. Earlier models like Claude Opus 4.6 found 500+ high-severity vulnerabilities; Mythos chains multiple exploits together, reverse-engineers closed-source bugs, and identifies flaws that survived decades of human review. The model operates at a speed and scale that existing patch cycles cannot match.

Anthropic restricted Mythos access to roughly 40 organizations: AWS, Apple, Cisco, Google, JPMorgan Chase, Microsoft, and select government partners. The restriction was deliberate, intended to prevent malicious actors from obtaining a model capable of autonomous exploit development. But the restriction also meant that most central banks, critical infrastructure operators, and government agencies lacked defensive access. The proposed executive order was designed to solve this asymmetry by giving federal agencies advance sight of capabilities before public release, allowing coordinated defense preparation.

The White House framed the cancellation as a competitive necessity. Marc Andreessen, David Sacks, and other advisors argued that any pre-release delay risked handing capability advantage to Chinese labs. Trump accepted the argument. The administration had already pivoted toward AI oversight in 2025 after Mythos demonstrated the speed of vulnerability discovery, but geopolitical pressure overrode cybersecurity logic. The decision signals that US-China competition now takes precedence over domestic defense readiness.

## The governance vacuum

What replaces mandatory review is voluntary. The Center for AI Standards and Innovation announced pre-deployment evaluation agreements with Google DeepMind, Microsoft, and xAI in May 2026, building on existing partnerships with OpenAI and Anthropic. These agreements allow government review but lack enforcement mechanisms. Labs can choose to participate, choose what to share, and choose when to deploy. The White House Office of the National Cyber Director retains no formal vetting authority. CISA has no gate. The result is a system where compliance depends entirely on corporate goodwill.

Voluntary frameworks work when incentives align. They fail when they don't. A lab facing competitive pressure to release first has every incentive to minimize pre-release review windows or withhold sensitive capability details. The absence of a binding requirement means that the most strategically important models can bypass government assessment entirely. Smaller labs and open-source projects face no equivalent gate, but they also lack the resources to develop cyber-capable models at scale. The governance structure now favors closed-model incumbents.

## Second-order fragmentation

The decision creates structural advantages for closed models over open-source. Meta's Llama and Mistral's open-weight releases cannot undergo pre-release review by definition: weights are public immediately. This creates a regulatory tier system. Closed models from OpenAI, Anthropic, and Google can claim government-reviewed status if they choose to participate in voluntary frameworks. Open-source models cannot. Regulated sectors like finance, healthcare, and critical infrastructure will face pressure to adopt only closed, theoretically vetted models, fragmenting the field and concentrating power.

Startups building on frontier model APIs face unpredictable release timelines. Without transparency into government evaluation findings or advance notice of capability changes, product teams cannot reliably forecast when new features will be available. A startup building a security tool that depends on specific model capabilities has no way to know when that capability will be deployed. Dependency risk increases. The decision creates structural uncertainty that favors large companies with direct relationships to model labs over smaller builders.

The vulnerability discovery-to-patch gap widens. Mythos can find exploits in hours; patch cycles take weeks to months. With no coordinated disclosure process and restricted access to defensive tools, defenders outside the 40-organization circle have no way to prepare. A bank, utility, or hospital operator learns about AI-discovered vulnerabilities the same way the public does: after release. The asymmetry is not new, but it is now institutionalized. The government explicitly chose not to bridge it.

## The real cost

The decision is strategically coherent if speed is the only metric. The US does lead in frontier model capability. China is advancing rapidly. Any delay in deployment carries competitive risk. But the framing obscures what is actually being traded. The administration is betting that offensive capability advantage outweighs defensive vulnerability. It is betting that US labs will maintain their lead long enough that the window of risk is manageable. It is betting that critical infrastructure can absorb AI-discovered exploits as they occur.

These are not safe bets. Mythos access is restricted to 40 organizations, but the model itself exists. The weights are not public, but the capability is known. Competitors will build equivalent systems. Open-source models will eventually reach similar capability levels. The window of US advantage is real but finite. During that window, critical infrastructure operators will face AI-scale vulnerability discovery with no advance notice and no coordinated defense. The government made a choice to prioritize that window over defense readiness.

## What to watch

Monitor whether voluntary pre-release agreements actually produce government review. If labs submit models and CISA conducts genuine assessment, the system might function despite lacking enforcement. If labs participate in name only and retain full deployment discretion, the framework is theater. Track whether Mythos or equivalent models are released publicly and on what timeline. Watch whether critical infrastructure operators begin demanding contractual guarantees of advance notice from model labs. If they do, the market is pricing in the governance vacuum. Finally, track whether open-source models reach Mythos-equivalent capability. If they do, the closed-model advantage disappears and the regulatory fragmentation becomes permanent.