White House order creates classified benchmark for advanced AI models

President Donald Trump on Tuesday signed an executive order establishing a classified process to evaluate the cybersecurity capabilities of advanced AI models, directing federal agencies to determine when a system qualifies as a “covered frontier model.”

The order gives federal agencies 60 days to develop a classified benchmark for measuring an AI model’s advanced cyber capabilities and to set the threshold at which a system is designated a covered frontier model. It also establishes a voluntary framework under which companies are asked to give the government access to those models up to 30 days before release, down from the 90 days in an earlier draft.

In a LinkedIn post, IBM Chairman and Chief Executive Officer Arvind Krishna said the company applauds the administration’s focus on AI security and on the open-source software ecosystem that supports much of today’s digital infrastructure.

“As AI becomes more foundational to all of us, including business and government, securing it — and the open source software our society depends on — is essential to maintaining trust and ensuring U.S. leadership,” Krishna wrote.

Industry welcomes security focus

The order arrives as governments and technology companies sharpen their focus on the security implications of frontier AI models, which can perform increasingly complex tasks and may play a larger role in protecting critical digital infrastructure.

Open-source software powers many of the frameworks and tools used to build modern AI systems. Vulnerabilities in widely used open-source components can affect organizations across industries, making software security an increasingly important issue as AI adoption grows.

The executive order also directs agencies to expand AI-enabled cybersecurity programs and strengthen federal cyber defenses. It directs the Treasury secretary, working with the National Security Agency and the Cybersecurity and Infrastructure Security Agency, to form an AI cybersecurity clearinghouse within 30 days to coordinate the discovery, validation and remediation of software vulnerabilities.

OpenAI backs public-private partnership

In a separate LinkedIn post, OpenAI Chief Global Affairs Officer Chris Lehane called the order “an important step forward” and said AI security requires close partnership between government and industry.

“Maximizing AI’s gains while minimizing its risk requires the public and private sectors to pool their respective strengths,” Lehane wrote. “The US government brings unique visibility into security threats and critical infrastructure risks, as well as access to classified systems the private sector does not possess. Frontier AI companies bring technical understanding of these systems and how to test and safeguard them.”

Lehane noted that cyber threats often target institutions people rely on every day, including hospitals, schools, utilities, financial institutions and local governments.

“That same principle is at the heart of this EO: a stronger partnership between government and industry, better tools for trusted defenders, and a safer foundation for the Intelligence Age,” Lehane wrote.

Mounting software and infrastructure attacks have put security teams on alert—a backdrop that gives the order added urgency. According to the 2026 X-Force Threat Intelligence Index, exploitation of public-facing applications was the leading initial access vector in 2025, with security researchers observing a 44% increase in these exploits year over year. The rise was attributed to a growing number of software vulnerabilities, application misconfigurations and an expanded attack surface associated with AI adoption.

The report also found that attackers increasingly targeted software supply chains, cloud services and open-source ecosystems, demonstrating how a single weak point in an interconnected environment can enable large-scale or high-privilege access. X-Force said generative AI is increasing the speed, scale and efficiency of cyber operations, helping threat actors automate tasks and adapt attacks more quickly, as weak authentication, misconfigured access controls and poor vulnerability management remain persistent security challenges.

“Attackers aren’t reinventing playbooks, they’re speeding them up with AI,” said Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM, in a news release related to the report. “The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed … Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.”

The latest tech news, backed by expert insights

Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.

Register for this webinar to learn how AI governance helps organizations manage risk, meet evolving regulations and build trusted, responsible AI at scale.