U.S. President Donald Trump signed a new executive order on June 2, 2026, aimed at both artificial intelligence innovation and cybersecurity. The order, titled “Promoting Advanced Artificial Intelligence Innovation and Security,” presents itself as a pro-innovation measure. But a closer reading shows that it is also a declaration that the U.S. government intends to examine the security risks of advanced AI models — so-called frontier models — in a more systematic way.

The core of the executive order is twofold. First, the federal government and critical infrastructure operators are directed to make active use of AI for cyber defense. Second, the order establishes a voluntary cooperation framework under which the government may conduct nonpublic benchmarking and pre-release evaluation of highly advanced AI models that reach certain capability thresholds.

In other words, the United States is trying to avoid a mandatory licensing regime that could slow AI innovation, while still creating a structure that allows the federal government to access and evaluate models with potential national security implications for up to 30 days before they are released to trusted partners.

The order shows that the Trump administration’s AI policy is moving beyond simple deregulation. In the text of the order, President Trump criticized what he described as excessive regulation by the previous administration, arguing that it had constrained American AI developers and researchers. At the same time, he acknowledged that advanced AI capabilities can strengthen the nation while also creating new national security considerations.

The basic U.S. policy line remains clear: Washington does not want to suffocate innovation through regulation. But the administration is also signaling that when frontier AI intersects with cyberattacks, critical infrastructure, and intellectual property theft, federal coordination becomes necessary.

What the Order Directs

The executive order first calls for stronger cyber defense across U.S. government systems. The committee responsible for national security systems must prioritize relevant cyber defense measures within 30 days. Agencies responsible for defense systems must also prioritize information system defense within the same period.

For civilian federal systems, the Cybersecurity and Infrastructure Security Agency, or CISA, under the Department of Homeland Security, is directed to work with the Office of Management and Budget, the Assistant to the President for National Security Affairs, and the National Cyber Director to issue binding operational directives and related guidance.

The important phrase here is “AI-enabled defensive tools.” The U.S. government is not treating AI only as a source of risk. It also wants to use AI to identify vulnerabilities faster and strengthen the defense of federal systems and critical infrastructure. The order also includes support for critical infrastructure operators such as rural hospitals, community banks, and local public utilities, giving them access to cybersecurity tools and services when needed.

This shows that AI security policy is no longer limited to Big Tech companies and federal agencies. It is expanding into the infrastructure that supports local communities.

The executive order also directs the Treasury Secretary, in consultation with the National Cyber Director, the National Security Agency, and CISA, to establish an “AI Cybersecurity Clearinghouse.” This body is designed to coordinate voluntary cooperation between the AI industry and critical infrastructure operators. Its tasks include software vulnerability scanning, vulnerability discovery and validation, patch distribution, and patch prioritization.

Put simply, the administration wants to create a public-private hub for AI-enabled vulnerability detection and patch response.

The Key Concept: “Covered Frontier Model”

The most important concept in the order is the “covered frontier model.” This refers to advanced frontier AI models that fall within the scope of the executive order. The order directs the Treasury Department, defense-related agencies, the NSA, CISA, the National Cyber Director, the Assistant to the President for Science and Technology, and the National Institute of Standards and Technology under the Commerce Department to work together to develop and maintain classified benchmarking procedures for evaluating advanced cyber capabilities in AI models.

The purpose of these procedures is to determine when a specific AI model has reached the threshold to be designated as a covered frontier model. The decision is to be made by the NSA Director in consultation with the National Cyber Director, the science and technology adviser, the CISA Director, and other relevant officials.

This structure shows that the U.S. government is beginning to view frontier AI not merely as an industrial technology, but as a potential strategic asset with cyber capabilities.

At the same time, the framework is not a mandatory licensing system. The order calls for a structure through which AI developers may voluntarily cooperate with the federal government. Developers can discuss whether a model they are building may qualify as a covered frontier model. They may also provide the federal government with access to the model up to 30 days before disclosing it to trusted partners, subject to appropriate conditions for confidentiality, cybersecurity, insider-risk management, and intellectual property protection.

This is the compromise point between industry and government. The U.S. government wants pre-release evaluation capacity. AI companies do not want mandatory licensing or pre-approval. The executive order bridges this tension through the form of a “voluntary framework.” But voluntary does not necessarily mean weak. When national security, government procurement, critical infrastructure cooperation, and public trust are involved, major AI companies may find it difficult to ignore the framework.

No Mandatory Regulation, but Soft Governance Has Begun

The executive order explicitly states that it does not create a government licensing regime, prior approval requirement, or mandatory permit system. This is a political signal to the AI industry. The United States does not want to lose speed in its AI competition with China. The administration appears to believe that requiring the government to approve development, release, and deployment step by step could weaken America’s AI advantage.

At the same time, the order creates new pressure on AI companies. As concerns grow that frontier models could enable cyberattack automation, vulnerability discovery, malware generation, and support for critical infrastructure intrusion, companies that refuse to cooperate with the government may face criticism for avoiding security responsibilities.

The framework is formally voluntary, but in practice it may become an industry standard.

This is soft governance. It does not rely on direct legal compulsion. Instead, it uses government benchmarking, trusted partner selection, pre-release access, cybersecurity cooperation, and critical infrastructure protection to shape corporate behavior. Rather than directly controlling AI model development, the United States is creating an environment in which companies have strong incentives to cooperate in national security contexts.

The Strategy Is Not to Stop AI, but to Defend With AI

Another defining feature of the executive order is that it does not view AI only as a threat. The order repeatedly emphasizes the need to strengthen AI-enabled defensive capabilities. It includes federal information system defense, vulnerability detection, patch coordination, critical infrastructure protection, and cybersecurity workforce development.

This marks a shift in AI security policy. Early AI regulatory debates focused heavily on model risks, misinformation, bias, privacy violations, and safety evaluations. This order places cybersecurity at the center. The logic is straightforward: if AI can become a powerful tool for attackers, defenders must also use AI.

The role of AI in vulnerability detection is likely to expand. In large codebases and complex software supply chains, humans cannot manually identify every vulnerability. AI models can analyze code patterns, identify possible unknown vulnerabilities, and help prioritize patches. This is why the U.S. government wants to create an AI Cybersecurity Clearinghouse.

In the AI era, defense cannot depend only on each agency acting independently. Vulnerability discovery, validation, and patch distribution must move at national speed.

Law Enforcement Will Also Intensify

The executive order also sends a clear message to the Department of Justice. The Attorney General is directed to prioritize federal criminal enforcement against the use of AI to gain unauthorized access to computers, damage systems without authorization, or commit other crimes through illegal access. The order refers to federal provisions related to identity fraud, computer fraud and abuse, and wire fraud.

This targets the emerging criminal landscape of the AI agent era. Attackers may no longer rely only on humans manually conducting intrusions. They may use AI agents to scan large numbers of systems for vulnerabilities, gain unauthorized access, and use stolen data for fraud, extortion, or industrial espionage.

The executive order signals that such conduct will be aggressively prosecuted within the existing criminal law framework.

The important point is that “AI was used” will not serve as an excuse. On the contrary, using AI to automate unlawful access or expand criminal activity may make the conduct a law enforcement priority. This is also a warning to companies and developers. AI-enabled security testing and automation can turn into criminal risk the moment they exceed authorized boundaries.

Opportunity and Burden for Industry

For AI companies, the executive order cuts both ways. On one hand, the absence of mandatory licensing limits the regulatory burden. The order does not create a system in which models cannot be deployed without pre-release government approval. This can be seen as an attempt to preserve the speed of the U.S. AI industry.

On the other hand, it opens an era in which major AI companies must build deeper relationships with the federal government. Companies developing models that may qualify as covered frontier models will face pressure to participate in classified benchmarking, pre-release access, and trusted partner processes. For companies targeting public sector, defense, finance, energy, healthcare, and other critical infrastructure markets, government cooperation may become part of competitive strength.

This could also raise barriers to entry in the AI market. Large companies have government affairs teams, security infrastructure, legal departments, policy teams, and insider-risk management systems. Startups may struggle to meet these expectations. Even if the framework is voluntary, compliance capability may become an important competitive factor for companies building frontier models.

Implications for Korea and the Global Market

Although the executive order is a U.S. domestic policy measure, it is likely to affect the global AI order. The United States is home to many of the world’s leading AI companies, cloud infrastructure providers, and semiconductor ecosystems. If the U.S. government develops classified benchmarking and pre-release cyber evaluation systems for frontier models, those procedures may become a starting point for global standards discussions.

Korean companies and policymakers should also pay close attention. As generative AI expands into internal enterprise operations, finance, healthcare, public services, defense, and telecommunications infrastructure, evaluating only model performance will no longer be enough. Governments and companies will also need to assess cyber capabilities and misuse risks.

This will become especially important in an era when AI agents can access real systems and perform tasks directly. Model security, access permissions, audit logs, vulnerability detection, and incident response systems must be designed together from the beginning.

Another implication concerns public AI procurement. In the future, governments and public institutions may not evaluate AI services only by model performance or price. They may also ask what security assessments the model has undergone, whether it has a vulnerability response framework, whether the provider can cooperate with government in a trusted manner, and whether the model can be safely deployed in critical infrastructure environments.

U.S. AI Policy Is Moving From “Regulation vs. Innovation” to “Security-Oriented Innovation”

The executive order reveals a shift in the direction of U.S. AI policy. The Trump administration continues to reject excessive regulation. It is not creating a mandatory licensing system. But once frontier AI is combined with cyber capabilities, it is no longer merely a private technology product. It becomes a strategic asset connected to national security, critical infrastructure, intellectual property, and criminal enforcement.

The core of the order, therefore, is not a simple choice between stronger regulation and deregulation. The United States is trying to maintain the speed of innovation while also establishing a less visible evaluation and coordination system for the most powerful models. That is the new balance reflected in this executive order.

AI competition will not end with model performance. What will matter increasingly is who can deploy AI safely, who can build infrastructure resilient against cyberattacks, and who can create a trusted framework linking government, industry, and critical infrastructure.

The Trump administration’s executive order formalizes that shift. The United States is not trying to bind AI with regulation as much as bring it into the national security system.

The message to frontier AI companies is clear: keep innovating. But the most powerful models can no longer remain entirely within the private sphere.