Trump plan to test AI models has a problem—US security teams were gutted by DOGE

On Tuesday, Donald Trump finally signed his executive order expanding the government’s efforts to conduct voluntary safety testing of frontier AI models. Now, critics are warning that the order may be short-sighted, offering only performative reassurances that the government is actively monitoring for AI risks, while changing very little about how and when models are deployed.

Last month, Trump abruptly canceled a signing event, where he had hoped to launch an earlier version of the EO with CEOs of leading AI firms in attendance. Invited at the last minute, several CEOs simply couldn’t make the signing but still signaled support for the order. Officially, Trump claimed he postponed the event because he worried that the EO might have gone too far and had become a “blocker” impeding AI innovation. Reports indicated there was infighting in his administration as cybersecurity experts clashed with officials committed to deregulating AI.

The watered-down EO that Trump signed promises not “to stifle this innovation with overly burdensome regulation” and establishes no requirements for AI firms. Instead, it sets up a voluntary process for companies to collaborate with the government on safety reviews that Trump’s EO claimed would “ensure that the best and most secure technology is deployed rapidly to confront any and all threats to our country.”

Under this order, Trump wrote, “we will continue to lead an America First cybersecurity effort that enhances both our national security and our global AI dominance.”

However, experts reviewing the EO suggest that not much changed between the leaked draft that prompted industry backlash and the order that Trump eventually signed without making a big event involving CEOs.

The biggest difference, sources told Politico, is the amount of time that the government will have to conduct voluntary testing. Trump’s scrapped EO would’ve sought access to models up to 90 days ahead of other trusted partners, giving the federal government a wider window to test for and patch up vulnerabilities. But Trump apparently felt such a wide window risked setting the US back in the AI race, so he pivoted to sign a version of the order that shortens the window to 30 days.

What does the EO say?

Under the order, Trump directed the National Security Agency to set up a classified benchmarking process to determine the threshold for designating an AI model as a “covered frontier model.” The NSA must also collaborate with the US Treasury Department and the Cybersecurity and Infrastructure Security Agency (CISA) to establish a “cybersecurity clearinghouse” to scan and patch vulnerabilities at scale, as well as a voluntary framework for AI developers to submit models for safety testing.

Critics have pointed out, however, that the text of the EO makes it clear how unprepared the government is to conduct meaningful safety testing in such short timeframes.

Trump wants these processes set up within 30 days, but it will seemingly take longer than that for the government to recruit talent and develop expertise to conduct the safety tests. The EO gives the Office of Personnel Management 60 days to “expand the United States Tech Force Information Cybersecurity Specialist hiring and placement pathways.”

The EO also suggests that funding may be a short-term problem, directing the Office of Management and Budget to “determine whether any Federal grant programs have available and relevant funding that can be directed toward applicants developing advanced AI vulnerability detection.”

As a seeming stopgap while the government scrambles to implement the program, Trump apparently plans to increase enforcement to intimidate people who might exploit untested AI models. The EO directs the attorney general to “prioritize enforcement against individuals who use AI to illegally access or damage computer systems, steal data, or facilitate other criminal activity,” a White House fact sheet said.

Trump’s fact sheet claimed the EO strikes “the right balance between innovation and security.” But critics are concerned that Trump’s order—which came in response to public concerns about the cybersecurity risks posed by Anthropic’s model Mythos—appears short-sighted and depends too much on AI firms’ goodwill to prioritize public safety over profits.

Some insiders likely also remain critical. Politico noted that one former Trump AI advisor, Dean Ball, posted on X that the benefits of the voluntary reviews seemed “barely articulable.”

“What, exactly, is the intelligence community going to do in 30 days to make the models safer?” Ball wrote.

DOGE cuts may set back safety testing

In a post picking apart Trump’s EO, two experts from the nonpartisan think tank the Council on Foreign Relations (CFR) explained the significance of the order and what seem to be glaring flaws.

Matthew Ferren, an international affairs fellow in national security, suggested that the EO is “best understood as an attempt to engineer a cybersecurity window of opportunity” that “grants defenders preferential access to frontier cyber capabilities while attempting to delay adversary access.”

“The goal is for defenders to find and fix critical vulnerabilities faster than adversaries can exploit them, but that will likely prove difficult,” Ferren wrote.

While finding vulnerabilities may be easy, consistently patching critical government systems to protect against risks would likely be challenging, Ferren suggested, especially without a specialized team of government experts. Last year, CISA was one of the hardest-hit agencies during the Department of Government Efficiency cuts. The government’s top cybersecurity recruits were “decimated,” CBS News reported, as top officers were fired, the agency was gutted, and cybersecurity contracts were canceled, Time Magazine reported.

Ferren wrote that the steep cuts to CISA may be why Trump had to assign a “prominent operational role” to the Treasury Department, instead of to “more obvious parties” like CISA or the Office of the National Cyber Director. That “may reflect that it is one of the few places where institutional capacity remains,” Ferren said.

Trump EO may not block dangerous deployments

Although “who will test frontier models” remains an urgent question for the Trump administration, “the most difficult to execute” provision of the EO—according to Vinh Nguyen, a CFR senior fellow for AI— will be “defining what counts as a ‘covered frontier model.’” As Nguyen explained:

“Frontier AI systems are probabilistic, goal-directed, increasingly autonomous, and opaque. They do not have fixed capability ceilings. They exhibit emergent behaviors that shift with scale, fine-tuning, software support structures, and deployment context. A model that appears unremarkable in isolated testing could become a potent cyber tool when integrated into an autonomous pipeline with access to real-world digital infrastructure.”

According to Nguyen, the government must be cautious when deciding which models require safety testing, since it risks shipping models with “genuinely dangerous capabilities,” if the definition for a covered model is “too narrow.” But if it’s “too broad,” then the evaluation process risks exhausting “the limited talent available to do this work.”

Once covered models are defined, Nguyen then warned that the effectiveness of the safety testing will likely depend on whether AI firms are fully transparent and treat the process as a “genuine collaboration.”

“Underneath the definitional problem sits an observability problem,” Nguyen wrote. “The government cannot assess what it cannot see, and frontier capabilities are visible only to the labs that build them.”

Ferren suggested that “the window for erecting proper cyber defenses to new AI models may also close quickly,” and that even a well-designed government program may struggle to properly vet frontier models in such a short timeframe. “Even when well implemented, pre-deployment testing has limits,” Ferren said, noting that Google’s threat intelligence team has found state-aligned actors using frontier models to automate cyberattacks and “researchers have shown that Mythos-style vulnerability reasoning can be reproduced with open-weight systems.”

So while AI may voluntarily submit to testing, they may be financially motivated to seek a rubber-stamp, rather than work with the government to test known frontier capabilities to their fullest extent.

“It will likely prove difficult to develop models that are incapable of malicious hacking yet remain commercially compelling,” Ferren said.

He concluded that the EO “may yield short-term cybersecurity benefits,” but the “long-term effect” remains “unclear.”

Nguyen suggested the EO takes necessary steps to create “classified cyber benchmarking, voluntary prerelease evaluation, and coordinated vulnerability scanning” that “the national security community will need for decades” to “continuously evaluate systems that are probabilistic rather than deterministic, autonomous rather than directed, and whose capabilities change with every update.”

But the safety testing will have to evolve as fast as the technology does, Nguyen said, otherwise we risk assessing emerging models against “yesterday’s risks.”

That’s why, at its core, the process will depend on an honest exchange between stakeholders with deep technical expertise and confidential national security insights. It’s the only way to ensure the US focuses its energies on protecting the public from the most credible and consequential AI risks, rather than just providing “performative reassurances,” Nguyen wrote.