Trump Signs AI Cybersecurity Order Requiring 90-Day Pre-Release Model Sharing

By Hector Herrera | May 21, 2026

President Trump signed an executive order on AI cybersecurity Thursday that requires AI developers to share new frontier models with the federal government 90 days before public release — the first formal federal mechanism for pre-deployment oversight of advanced AI systems. The order creates a voluntary framework, but its reach extends to critical infrastructure sectors where participation carries serious regulatory weight.

Background

The order arrives as a bipartisan faction within Trump's own political base has been pushing for tighter guardrails on AI development, particularly following the release of powerful new models capable of automating cyberattacks at scale. The administration had resisted mandatory AI regulation throughout 2025, favoring industry self-governance. This executive order signals a partial shift: not mandating what AI companies can build, but requiring early visibility before powerful systems hit the public market.

What the Order Does

According to Bloomberg, the order establishes:

• 90-day pre-release sharing window. AI developers building frontier models — systems at or near the capability frontier — must share those models with the federal government 90 days before public launch.
• Critical infrastructure access. Banks and other critical infrastructure operators would receive pre-public access to these models, allowing them to assess exposure and prepare defenses before the broader public can access the same systems.
• Voluntary framework. The order does not carry the force of mandatory regulation, but voluntary participation in federal AI programs often comes with implicit pressure for companies dependent on government contracts.

The order does not define "frontier model" with precision, leaving implementation details to agency rulemaking.

Why It Matters

For AI developers, the 90-day window creates a meaningful operational constraint. Companies racing to ship competitive models — particularly in the current environment where OpenAI, Anthropic, Google DeepMind, and xAI are releasing major systems every few months — will need to factor government review into their release calendars. That is not trivial when a model's competitive window can close quickly.

For federal agencies and critical infrastructure operators, early access to frontier models is a genuine security advantage. Cybersecurity teams at banks, utilities, and government networks could test new AI capabilities against their own systems before adversaries have access. That asymmetry matters when AI-accelerated zero-day exploitation is already compressing the window between vulnerability discovery and mass attack.

For the broader AI governance debate, the order is notable for what it is not: it stops short of mandatory safety testing requirements, compute thresholds, or deployment restrictions that some lawmakers have proposed. It is best understood as information-sharing infrastructure, not a safety gate.

The Political Context

The cybersecurity framing is deliberate. Pitching AI oversight as a national security measure — rather than a consumer protection or labor issue — gives the administration political cover with constituencies that have resisted regulation in other forms. The executive order is easier to defend to the technology industry as a national security measure than as an AI safety intervention.

Parts of Trump's political coalition, including defense hawks and some conservative tech critics, have grown concerned that AI systems capable of generating novel malware, synthesizing bioweapons research, or breaching critical infrastructure are being released without any federal visibility. The 90-day window addresses that concern without restricting what companies can ultimately ship.

What to Watch

The order's teeth depend entirely on how "frontier model" gets defined in follow-on agency guidance, and whether voluntary participation translates into de facto compliance pressure through federal contracting relationships. Watch for National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) to issue implementation rules in the coming weeks.

Hector Herrera covers AI policy and government technology for NexChron.