The U.S. government has established a new framework to review the nation's most powerful AI systems for security risks before they become available to the public. President Donald Trump signed an executive order on June 2 that allows federal agencies to vet advanced AI models for up to one month before their release, working with trusted technology partners to identify potential threats to critical infrastructure and national security.

What Changed From Trump's Earlier AI Order?

The executive order represents a shift in the administration's approach to AI regulation. In May, Trump had postponed signing a similar directive, expressing concern that it could slow America's competitive advantage in AI development. "We're leading China, we're leading everybody, and I don't want to do anything that's going to get in the way of that lead," Trump told reporters at the time. The new order appears to address those concerns by framing the vetting process as a collaborative effort with industry partners rather than a restrictive mandate.

In May

The framework allows the government to work with "trusted partners that will have early access to covered frontier models to promote secure innovation and strengthen the cybersecurity of critical infrastructure," according to the order's language. This approach aims to balance security oversight with the industry's need for rapid innovation.

Why Is AI Security Becoming a Government Priority?

The timing of this order reflects growing concerns about how AI systems can be weaponized. Recent high-profile incidents have demonstrated the real-world risks. A deepfake robocall impersonating President Joe Biden circulated in New Hampshire before the 2024 primary, reaching registered voters and creating widespread confusion about election integrity. In another case, a Goffstown student deepfake caused significant harm to real people, prompting New Hampshire to pass a criminal defamation statute specifically targeting AI-generated synthetic media.

Beyond election interference, organizations are struggling with AI-driven security threats across multiple fronts. A 2026 Thales Data Threat report surveyed 3,120 security and IT professionals globally and found that 61 percent of respondents reported their AI applications being targeted by attackers, with sensitive data as the primary objective. Additionally, 57 percent reported experiencing AI-generated misinformation, with deepfakes showing the second-highest increase in attack techniques.

What Are Organizations Most Concerned About in AI Security?

The Thales report reveals that organizations are grappling with multiple AI-related security challenges simultaneously. The research identified several critical areas where AI systems create new vulnerabilities:

• Speed of Change: Seventy percent of respondents cited the rapid evolution of AI ecosystems as their top concern, making it difficult to keep security practices current with new threats.
• Credential Theft: Fifty-two percent ranked identity and access management as the leading security discipline, as attackers increasingly target credentials to gain unauthorized access to AI systems and the data they control.
• Secrets Management: Exactly half of respondents identified secrets management as the priority concern in application security, reflecting the challenge of protecting API keys, tokens, and other sensitive authentication data.
• Data Encryption Gaps: Only 47 percent of sensitive data stored in the cloud is encrypted, leaving a significant portion of organizational data vulnerable to theft or misuse.

The Thales report warns that "as agentic applications gain access to greater volumes of data, organizations must improve data security and management practices to ensure that AI does not become a new insider threat". Agentic AI refers to AI systems that can autonomously take actions and make decisions with minimal human oversight, which amplifies the risk if access controls are inadequate.

The Thales

How Can Organizations Protect Themselves From AI-Driven Threats?

Experts emphasize that both individuals and organizations need to adopt practical safeguards as AI-generated content becomes increasingly difficult to distinguish from authentic material. Hany Farid, a digital forensics researcher at the University of California, Berkeley, and a leading expert on deepfakes, explained the severity of the challenge:

"The average person today cannot look at a piece of content and know whether it's real or not. The six fingers, the whatever things that you thought were present in AI-generated content, it's over," Farid stated.

Hany Farid, Digital Forensics Researcher at University of California, Berkeley

Given that visual and audio artifacts can no longer reliably identify deepfakes, Farid recommends a multi-layered approach to verification and trust:

• Rely on Trusted Sources: Prioritize information from established, reputable news outlets and official channels rather than unverified social media posts or forwarded messages.
• Verify Through Multiple Channels: When you receive important information, especially about elections or sensitive matters, independently verify it through at least one other trusted source before sharing or acting on it.
• Use Analog Verification Methods: For critical communications with family and friends, establish a pre-agreed password or code phrase that can be used to confirm identity during phone or video calls, protecting against real-time deepfake impersonation.

Farid emphasized that "there's no putting this genie back in the bottle. This is our new reality. And we're going to have to start thinking about how to put some guardrails on this technology before it ends up taking us somewhere we don't want to".

Farid

What Do Organizations Need to Know About AI-Generated Misinformation?

The impact of AI-generated false content extends far beyond individual embarrassment or election interference. The Thales report found that 97 percent of respondents reported some form of organizational harm from AI-generated false content. These incidents include deepfake business email compromise attacks, brand misuse, reputational damage to key personnel, and fraudulent hiring activity where fake video interviews or credentials are used to infiltrate organizations.

The report notes that "security tools that meet users and stakeholders where they are and work consistently across environments will be essential for faster prevention, detection and response". This suggests that organizations cannot rely on a single detection tool or approach; instead, they need integrated security solutions that operate across email systems, video conferencing platforms, cloud storage, and other communication channels where deepfakes might appear.

As the federal government establishes oversight mechanisms for frontier AI models, organizations are simultaneously racing to build internal defenses against AI-driven attacks. The executive order signed by Trump represents one layer of protection at the national level, but individual companies and users will need to implement their own safeguards to stay ahead of rapidly evolving threats.