The Trump administration has signed an executive order establishing a voluntary federal safety-testing regime for frontier AI models, compressing the government's review window from 90 days to just 30 days and creating new pressure on OpenAI and other AI labs to balance innovation speed with security scrutiny. The order, signed on June 3, 2026, routes testing through the National Security Agency, the US Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA), though participation remains optional for AI firms.

The shortened timeline reflects White House concerns about slowing US AI companies in the global race against international competitors. The original draft proposed a 90-day testing window, but that was cut in half in the final version after several AI CEOs, including those from OpenAI and Anthropic, declined to attend a planned signing event, citing concerns that the earlier version would become a "blocker" on innovation.

What Does the New Executive Order Actually Require?

The order directs the NSA to establish a classified benchmarking process within 30 days to define what qualifies as a "covered frontier model." It also calls for a "cybersecurity clearinghouse" run jointly by Treasury and CISA to scan and patch vulnerabilities at scale, and a voluntary submission framework for developers to test their systems before release.

The practical impact on AI firms like OpenAI may be limited. Submission is entirely voluntary, the 30-day window is tight enough that most labs can structure release schedules around it, and the order contains no enforcement mechanism against companies that decline to participate. This voluntary approach stands in sharp contrast to the regulatory frameworks being debated in Europe and other regions.

Why Are Experts Skeptical About the 30-Day Timeline?

Critics and analysts have raised serious questions about whether 30 days is sufficient for meaningful security review. Former Trump AI advisor Dean Ball questioned the feasibility on social media, asking: "What, exactly, is the intelligence community going to do in 30 days to make the models safer?"

"The goal is for defenders to find and fix critical vulnerabilities faster than adversaries can exploit them, but that will likely prove difficult," noted Matthew Ferren, an international affairs fellow at the Council on Foreign Relations.

Matthew Ferren, International Affairs Fellow, Council on Foreign Relations

Ferren also highlighted a deeper structural problem: the government cannot assess what it cannot see. Frontier AI capabilities are visible only to the labs that build them, meaning the entire system depends on voluntary, good-faith collaboration from companies with strong commercial incentives to move fast.

How to Understand the Real Constraints Behind This Order

• Workforce Capacity: CISA, the agency expected to lead testing, was heavily gutted during Department of Government Efficiency (DOGE) cuts in 2025, with top officers fired, contracts canceled, and institutional capacity hollowed out, leaving the government with limited talent to conduct thorough reviews.
• Definitional Ambiguity: Frontier AI systems are probabilistic, goal-directed, increasingly autonomous, and opaque, making it difficult to draw clear lines around which models require review without either missing dangerous systems or burning out reviewers on systems that don't warrant scrutiny.
• Observability Problem: The government cannot independently verify what capabilities a model possesses; it must rely on labs to disclose them honestly, creating a fundamental asymmetry of information that undermines the entire testing regime.

Vinh Nguyen, a senior fellow for AI at the Council on Foreign Relations, warned that the definition of a "covered frontier model" represents the order's hardest problem. Capability ceilings move with scale, fine-tuning, and deployment context, meaning any fixed definition risks becoming obsolete quickly.

The order does assign Treasury a "prominent operational role" instead of CISA or the Office of the National Cyber Director, which analysts interpret as a signal that Treasury may be one of the few federal agencies with remaining institutional capacity to handle the work.

What Triggered This Executive Order?

The order arrives directly downstream of Anthropic's Mythos model, which raised public concern after demonstrations showed that frontier systems could reason about cyber vulnerabilities at a level useful to attackers. The EO also directs the attorney general to "prioritize enforcement against individuals who use AI to illegally access or damage computer systems," serving as a stopgap deterrent while the testing apparatus is built.

Google's threat intelligence team has already documented state-aligned actors using frontier models to automate cyberattacks, and Mythos-style vulnerability reasoning has been reproduced with open-weight systems, underscoring the real-world stakes of the security challenge.

What Does This Mean for OpenAI and the AI Industry?

For OpenAI and competitors, the practical impact of this order is modest. The voluntary nature of submission means labs can choose whether to participate, and the tight 30-day window may actually favor larger companies with established release schedules that can work around the review period. The order contains no penalties for non-compliance, making it more of a coordination mechanism than a regulatory mandate.

"Even when well implemented, pre-deployment testing has limits," Ferren wrote, concluding that the order "may yield short-term cybersecurity benefits," but the "long-term effect" remains "unclear."

Matthew Ferren, International Affairs Fellow, Council on Foreign Relations

Ferren noted that it will likely prove difficult to develop models that are incapable of malicious hacking yet remain commercially compelling, creating a fundamental tension between security and market viability.

The broader context matters here: OpenAI, Anthropic, Google, Meta, and xAI have all signed multi-gigawatt power deals over the past 18 months as they race to build the infrastructure needed for next-generation models. A 30-day safety review is unlikely to slow that momentum significantly, especially given the voluntary nature of participation and the absence of enforcement mechanisms.

Analysts suggest the order should be understood as an attempt to engineer a "cybersecurity window of opportunity," granting US defenders preferential early access to new model capabilities while attempting to delay adversary exploitation. Whether that strategy succeeds depends on federal cyber workforce capacity that does not currently exist at the needed scale.

Analysts