The series that translates national-security and AI-policy arguments across partisan lines, because the stakes are too high for tribal shorthand.
The EO That Almost Was
What Happened This Week
A draft AI cybersecurity executive order was on the President's desk Monday morning, May 18, ready for a Wednesday signing ceremony. By Wednesday afternoon the ceremony had been canceled, the principals had reconvened in the Roosevelt Room, and the draft had been pulled back to the National Security Council for what one senior official described to the trade press as "further interagency review." The draft will not be signed this week. Whether it is signed at all is now an open question. The substantive text was finished. The political coalition behind it was not.
The draft's core mechanism was a voluntary 90-day pre-release model-sharing window for frontier developers, paired with cybersecurity requirements on the Department of Defense and on operators of critical-infrastructure running AI systems in production. The pre-release window would let a small interagency working group, run out of the National Cyber Director's office, sit with new model capabilities before they hit the API. The DOD-side language would have required all defense AI deployments to satisfy a new minimum-security floor by October 2026. The critical-infrastructure language was lighter touch: reporting, threat-intelligence sharing, a notional incident playbook. None of it touched antitrust. None of it touched export controls. None of it touched the China-competitiveness frame that, in the end, killed it.
What killed it was an internal fight nobody outside the building was supposed to see. The hawkish faction inside the NSC and the National Cyber Director's office wanted the EO signed this week, and wanted to point to it as the operative federal posture on frontier-model security pending the next legislative cycle. The competitiveness faction inside the National Economic Council, with backing from the President's AI policy advisor David Sacks, argued that even a voluntary pre-release window would create a precedent the Chinese could use to characterize American AI policy as state-directed, and would slow the U.S. release cadence at exactly the moment when the China-competitiveness frame requires the opposite. The competitiveness faction won the meeting. The draft went back upstairs. The ceremony was canceled.
The drafting history is worth one extra beat, because it explains why the substance and the politics drifted so far apart. The text originated in late March inside the National Cyber Director's office, was circulated to the Department of Defense's Office of the Chief Digital and AI Officer for technical review in early April, and was processed through the NSC's Cyber Policy Coordination Committee in two sessions on April 24 and May 5. By May 11, the draft had been cleared at the deputies' level. By May 14, the principals had a clean version and a signing memo. The competitiveness review at the NEC did not formally engage with the text until May 15. The objection that killed the EO was, in procedural terms, raised one business day before the scheduled signing, against a draft that had been in interagency review for seven weeks. That timing is not unusual for this administration, and it is the structural reason the security case keeps losing: the security review is bottom-up and slow; the competitiveness review is top-down and arrives at the end. Whichever review arrives at the principals' meeting last gets to be the deciding argument.
Here's What You Need to Know in 30 Seconds
The administration spent six weeks drafting an AI security executive order that would have established the federal government's first operational mechanism for previewing frontier-model capabilities before release. The draft was substantively modest: voluntary 90-day sharing (industry had pushed for 14), DOD-side cybersecurity floor, light-touch critical-infrastructure requirements. Two things killed it. The framing problem: the competitiveness faction, with David Sacks as principal author and supported by external voices including Elon Musk and Mark Zuckerberg, argued that any pre-release window concedes the premise that frontier-AI developers should be slowed for security review, and that conceding the premise weakens the U.S. position against the People's Republic of China. The interagency problem: an internal proposal to give the Department of the Treasury (rather than CISA or NIST) a lead role in the security review drew sharp pushback from the cyber-defense agencies that have spent eighteen months building their AI-evaluation capacity. The hawkish faction, anchored at the National Cyber Director's office and inside NSC's cyber directorate, argued that the absence of an operational federal security posture is itself a strategic vulnerability. The competitiveness faction won the room and the Treasury-vs-CISA fight made the coalition too brittle to defend. The draft is now indefinitely paused. The next signal is the Cairncross interagency read-out anticipated in July. The pattern this week made plain is the pattern that has killed every frontier-AI governance initiative at the executive-branch handoff for eighteen months running: the security case keeps losing to the competitiveness case, not on the merits, but on the framing.
The Hawk Case: Pre-Release Sharing Is the Tool That Already Exists
The hawk position on the pulled EO is, on the operational merits, the easier of the two cases to state. Pre-release model sharing is not a new instrument. Anthropic, OpenAI, and Google DeepMind already share pre-release access with the U.S. AI Security Coordinating Office on the basis of voluntary memoranda the companies negotiated individually in 2024 and 2025. The draft EO would have generalized those memoranda into a single 90-day window applicable to any developer training above a defined compute threshold. The hawk reads this as codifying current practice rather than imposing a new burden. The frontier labs already do it. The EO would have made the practice predictable, time-bound, and uniform across developers.
The hawk further argues that the security case is empirically grounded in a way the competitiveness case is not. The Anthropic Mythos disclosure, briefed to the House Homeland Security Committee in a closed-door staff session the week of May 11, made the operational point in concrete terms: a frontier model can autonomously discover and demonstrate exploitable vulnerabilities in widely deployed infrastructure software, at a level previously attributed only to skilled human researchers. Anthropic surfaced the capability through its own evaluation process and chose to brief lawmakers. The federal government had no operational role in either the evaluation or the disclosure decision. The EO would have built the federal-side mechanism the Mythos episode revealed was absent. The hawk reads it as the strongest available argument for why the government needs operational visibility before frontier models ship, not after. Members of the briefed staff have, on background, described the substance as "the kind of thing you cannot unsee," which is the kind of phrase that does not appear in committee press releases and does shape what staff brief their principals about over the next month.
The hawk also rejects the competitiveness frame on its own terms. The argument that a 90-day pre-release window slows the U.S. release cadence relative to the People's Republic of China assumes that the relevant constraint on U.S. competitiveness is release timing. It is not. The relevant constraints are compute, talent, and capital. The PRC's frontier developers face structural disadvantages on all three, and none of those disadvantages are mitigated by U.S. developers releasing two weeks earlier. The hawk's view, often articulated by the National Cyber Director's office, is that the competitiveness frame is a rhetorical structure imported from a different policy domain (semiconductor export controls) and applied to a domain where the underlying dynamics do not support it. Pre-release security review does not slow U.S. capability development. It slows U.S. deployment by a defined window, in exchange for federal visibility on the capability frontier. The hawk treats this as a trade most national-security professionals would take in any other domain without controversy.
The hawk's bottom line: The EO would have codified a security practice the frontier labs already perform voluntarily, on a timeline that does not meaningfully affect competitiveness with the People's Republic of China, in exchange for federal operational visibility on capabilities that have already produced one publicly acknowledged near-miss. Killing the EO on competitiveness grounds is not a defense of U.S. capability development. It is a deferral of the operational federal posture on frontier-model security to whatever the next vehicle turns out to be, which in current planning is the Cairncross interagency read-out in July, which is not an executive order, has no operational authority, and will be received as guidance the labs are free to ignore.
The Reformer Case: Voluntary Sharing Is the Capture Vector
The reformer position on the pulled EO is not the position the news coverage assigned to it. The reformer is not relieved that the EO was pulled. The reformer is alarmed by the pattern the pulling exposes, and is separately skeptical of the EO itself. Both things are true at once. The reformer's first concern is that voluntary pre-release sharing, however reasonable on its face, operates structurally as a regulatory-capture vector. The frontier labs that have the resources to negotiate individual memoranda with the U.S. AI Security Coordinating Office are the same labs that will be the only entities able to meet the 90-day window without commercial disruption. A uniform regime codified by EO would, in practice, build a regulatory floor that incumbents can clear and new entrants cannot. The reformer reads this as a familiar pattern in technology policy: the regulated industry supports the rule because the rule entrenches their position.
The reformer's second concern is the China-competitiveness frame itself, but for a different reason than the hawk's. The hawk objects to the frame because it killed the EO. The reformer objects because the frame is, in the reformer's analysis, industry-supplied rhetoric that has migrated into administration messaging without independent verification. The frame's policy implication is that the U.S. government should refrain from imposing any constraint on frontier developers because constraints would advantage the People's Republic of China. That implication is structurally identical to what the frontier developers themselves have argued in every public comment cycle since 2023, and structurally similar to the case the same industry made against the 2023 Biden AI executive order before it was repealed. The reformer's worry is not that the frame is wrong (the reformer is unsure whether it is wrong) but that the frame has become the load-bearing argument against any frontier-AI rule, regardless of merits, regardless of vehicle. When the same argument defeats every rule in every venue, the reformer concludes, the argument is functioning as a veto rather than as a serious analytical claim.
The reformer's third concern is the cybersecurity provisions, which were the least-discussed part of the draft and, in the reformer's view, the most consequential. The DOD-side language would have required defense AI deployments to satisfy a security floor by October 2026. The critical-infrastructure language would have established a reporting regime overseen by the National Cyber Director's office. The reformer reads both as concentrating cybersecurity policy authority in an office whose director is appointed by the President and removable at will, with no statutory oversight mechanism, no inspector-general jurisdiction, and a budget routed through the Executive Office of the President rather than through an authorizing committee. The reformer is not opposed to a federal cybersecurity floor for AI. The reformer is opposed to the floor being established by executive order in an office structurally vulnerable to political direction, especially where the EO would set precedent that future administrations could expand to civilian deployments without further congressional input.
The reformer's bottom line: The pulled EO was a mixed instrument. Its pre-release window codified a voluntary practice that already exists, on terms that would have entrenched incumbent developers. Its cybersecurity provisions concentrated authority in an office with no statutory oversight. The reformer does not celebrate the pulling, because the pulling was not based on any of these objections. The pulling was based on a competitiveness argument supplied by industry, won inside the White House by the principal advisor most aligned with industry, and used to defeat the security case that another part of the same White House was making in good faith. The pattern is the problem. The EO is downstream.
Where They Actually Agree
The hawk and the reformer agree, with notable precision, on the institutional diagnosis. Both agree that the executive branch is not currently capable of producing a frontier-AI governance instrument that survives its own internal review. Both agree that the December 2025 executive order, the National Policy Framework for AI issued March 20, and the two failed reconciliation attempts form a sequence in which the executive branch has been able to issue framing documents but has not been able to issue or sustain an operational instrument with bite. The pulled EO this week is the fourth instance of the same pattern. They agree on the count.
Both sides also agree that the Cairncross interagency read-out anticipated in July is now the next signal worth tracking. With the EO indefinitely paused, the National Cyber Director's interagency process is the only forum where a structured federal posture on AI cybersecurity can plausibly emerge in 2026. The read-out will not have the force of an executive order. It will not, by itself, require anything of any developer. What it will do is establish, on the record, what the operational federal posture would have been if the EO had been signed. The hawk wants the read-out to be substantively aggressive enough to make the gap between the executive-branch position and any congressional response visible. The reformer wants the read-out to be procedurally clean enough to give Congress something it can legitimately ratify or reject. Both want it to exist. Both expect it in July.
Both also agree, in different vocabularies, that the Anthropic Mythos disclosure has changed what the security case sounds like in the room. Before May 13, the security case was speculative: capabilities might surface that pose serious risks; the federal government should be positioned to evaluate them. After May 13, the security case is concrete: a frontier model demonstrated autonomous vulnerability discovery against widely deployed infrastructure software, the developer chose to brief lawmakers, and the federal government learned about it through that briefing rather than through any operational mechanism of its own. The hawk reads the Mythos episode as vindication of the security case. The reformer reads it as evidence that the current voluntary regime is producing acceptable outcomes through individual developer judgment rather than through any federal mechanism. Both readings agree on the facts. The disagreement is about whether the current outcome generalizes.
And both, somewhat reluctantly, agree on the timing constraint. The next frontier-model release cycle from the three U.S. labs that meet the draft EO's compute threshold is anticipated in the third quarter of 2026. If the federal posture is going to be in place before that cycle, the operative instrument has to land by August. The pulled EO would have. The Cairncross read-out, on its current calendar, will not. Congressional action on the FY 2027 NDAA will not be final until November at the earliest. The hawk treats the August gap as a window the administration has chosen, against its own stated security interests, to leave open. The reformer treats the August gap as the appropriate consequence of the executive branch failing to build a durable coalition behind any operational rule. They agree the gap exists. They agree on the date. They do not agree on what the gap means.
Where They Don't (And Shouldn't Pretend To)
On whether the competitiveness frame is a serious analytical claim or a rhetorical veto. The hawk reads the China-competitiveness argument as a genuine but contestable national-security analysis that the competitiveness faction wins on the facts in some cases and loses in others. The reformer reads it as a rhetorical structure that wins regardless of facts because no member of the cabinet wants to be on the wrong side of a China-competitiveness vote. Both readings have evidence. The hawk can point to cases (semiconductor export controls, Huawei restrictions) where the competitiveness frame produced consequential policy that constrained industry. The reformer can point to the pattern (this EO, the FY 2026 NDAA AI language, the reconciliation rider, the December 2025 EO's preamble language) in which the frame has been deployed against rules that would have constrained the same industry. Neither side is going to convince the other. The frame's analytical seriousness depends on whether you weight cases or pattern more heavily.
On whether voluntary pre-release sharing is regulation or codification. The hawk treats the EO's 90-day window as codifying a voluntary practice the labs already perform, with no incremental burden. The reformer treats it as upgrading a voluntary practice into a regulatory floor with downstream effects on market structure. Both readings are textually defensible. The EO's language is permissive on its face and structural in its effect. Whether the structural effect counts as new regulation depends on how strictly you draw the line between an EO that codifies practice and an EO that establishes precedent. Federal courts have generally been generous to executive codification of industry practice. Whether that generosity should extend to frontier-AI security policy is the open question.
On whether concentrating authority in the National Cyber Director's office is institutionally sound. The hawk treats the National Cyber Director's office as the appropriate locus for federal cybersecurity policy on AI, given that the office was established by the FY 2021 NDAA precisely to coordinate this kind of cross-agency policy and is structurally designed to do so. The reformer treats the office as institutionally vulnerable: appointed by the President, removable at will, no statutory oversight mechanism, budget routed outside the appropriations process for any authorizing committee with AI jurisdiction. Both readings describe the same office. The disagreement is about whether the office's authority should be expanded by EO at a moment when the office's political accountability is to the President alone.
On what the Cairncross read-out should do in July. The hawk wants the read-out to function as a shadow EO, laying out in detail what the operational federal posture would have been, in language Congress can use to legislate later. The reformer wants the read-out to function as a diagnostic, identifying the gaps in current voluntary practice without prescribing executive remedies that would replicate the EO's structural problems. Both want it to land. Both want it to matter. They disagree on what mattering looks like. The hawk wants enforceable specificity. The reformer wants procedural restraint. The Cairncross office will have to choose between them. The choice will be the most consequential AI-policy decision this administration makes in 2026.
Here's My Two Cents
The EO that almost was is the fourth instance of the same pattern, and the pattern is now mature enough that I think it can be described without hedging. The pattern is this: every operational frontier-AI governance instrument drafted inside the executive branch for the last eighteen months has been killed at the principals' meeting on competitiveness grounds. The merits of the instrument do not appear to matter. The vehicle does not appear to matter. The drafting agency does not appear to matter. What matters, every time, is whether the principal who carries the China-competitiveness portfolio sees the instrument as a precedent that constrains U.S. developers relative to the People's Republic of China. If yes, the instrument is pulled. If no, the instrument is pulled anyway, on a different ground, because by the time it reaches the principals' meeting the competitiveness argument has been retrofitted to fit. The competitiveness frame is now load-bearing in a way that, on my reading of how this administration's policy-making works, no other frame is. It does not have to be correct to be load-bearing. It has to be unanswerable, and right now it is.
That diagnosis matters because it determines what counts as the next signal worth watching. The conventional read of the pulled EO is that the administration has decided not to legislate on frontier-AI cybersecurity this year, and that the next opportunity is the FY 2027 NDAA cycle. That read is wrong, or at least incomplete. The administration has not decided not to legislate. The administration has discovered that the competitiveness faction can veto the legislation, and the question now is whether the hawkish faction can build a counter-coalition with enough institutional weight to override the veto. The Cairncross interagency read-out in July is the first test of whether such a counter-coalition exists. If the read-out is substantively aggressive and procedurally clean, the hawk faction has rebuilt some of the institutional ground it lost this week. If the read-out is anodyne, the competitiveness faction has won not just the EO but the policy-making process for the rest of the term.
The other reason the pattern matters is that it establishes an upper bound on what executive-branch frontier-AI governance can actually accomplish. If competitiveness vetoes apply to any rule with operational bite, then the universe of feasible executive-branch instruments is restricted to framing documents, advisory frameworks, and voluntary commitments. The December 2025 EO is in that universe. The March 20 framework is in that universe. The Cairncross read-out, whatever it says, will be in that universe. The pulled EO almost escaped the universe. It was pulled because it almost escaped. What this tells anyone trying to forecast U.S. frontier-AI governance is that the bound is real, the bound is stable, and the bound will not be tested again by this administration without a triggering event of greater magnitude than the Anthropic Mythos disclosure. The Mythos episode was the strongest available case for federal operational visibility, and it was not strong enough to carry the EO past the principals' meeting. That is the data point. Plan around it.
The third reason the pattern matters is that it puts pressure back on Congress, which is the legislative branch this same administration's three-door preemption strategy was, last week, designed to circumvent. The pulled EO inverts the picture. On preemption, the administration is asking Congress to ratify federal authority because the executive branch wants the authority. On security, the administration is unable to issue executive-branch authority because the competitiveness faction blocks it, and Congress is therefore the only remaining venue. Both pictures cannot be true simultaneously without the result that the FY 2027 NDAA becomes the single most consequential legislative vehicle for AI policy in the second half of 2026. The preemption fight will land in it. The security fight will land in it, by default, because no executive instrument will. Title XVI is now carrying more policy weight than its drafters anticipated. The conference report in November will be the operative statement of U.S. frontier-AI policy for the next two years, whether anyone planned it that way or not.
The thing to watch over the next eight weeks is which of the principals carries the competitiveness portfolio out of the next NSC meeting on the same subject. If David Sacks remains the principal author of the competitiveness frame and the NEC remains the institutional home of the veto, the pattern continues. If the principals' meeting reorganizes so that the National Cyber Director carries equal weight to the NEC on AI security questions, the pattern shifts. The Cairncross read-out is the leading indicator. The next operational signal after that is whichever frontier developer next briefs the House Homeland Security Committee on a Mythos-class disclosure, because that is the briefing that will test whether the security case can be made loudly enough to overcome the competitiveness frame on the margin. I do not know whether that briefing happens in 2026. I know that if it does, it is the next inflection point, and that the executive branch has now established, by killing this EO, that it will not act on the security case on its own. Something or someone has to move the floor.
There is a second-order signal worth tracking, which is what the frontier labs themselves do in the weeks after the EO is pulled. The labs were not opposed to the draft. Two of the three were quietly supportive on the theory that codifying the existing voluntary regime would give them a stable compliance regime that competitors could not undercut. The third had reservations on the cybersecurity provisions but did not actively lobby against the EO. None of the three is on record either way, because none of them was given a chance to be: the EO was pulled before the public-comment window opened. If, over the next month, one of the three publicly announces an expanded voluntary commitment that mirrors the pulled EO's pre-release window, the read will be that industry is trying to occupy the policy ground the EO vacated, to make a future executive-branch rule unnecessary. If none of the three says anything, the read will be that the labs have correctly calculated that the absence of a federal posture is the policy outcome they preferred all along, and that the competitiveness frame was, on this particular question, doing work the labs wanted done. Either reading is informative. Silence is not neutral here.
That is what is happening this week. An EO was drafted. An EO was pulled. The drafting was substantive. The pulling was not. The pattern is the policy.
Related Briefings
Anna R. Dudley writes on national security, intelligence policy, and the places where hawks and reformers need to find each other. Bipartisan Translation is the weekly series for the conversation that is not happening on cable news. Subscribe at annardudley.substack.com.