All Briefings | Weekly Update
May 21, 2026
Weekly Update

The EO That Almost Was

The series that translates national-security and AI-policy arguments across partisan lines, because the stakes are too high for tribal shorthand.

The EO That Almost Was

What Happened This Week

By Wednesday afternoon, the AI cybersecurity executive order was gone. The text was finished, the signing plan existed, and the security agencies had their core mechanism: a voluntary 90-day pre-release sharing window for frontier models, plus a security floor for defense and critical-infrastructure AI deployments. What failed was not drafting. What failed was coalition control.

The NEC competitiveness faction killed the window by making the pre-release review look like a drag on U.S. model deployment. That move matters because it is now a pattern. Four operational frontier-AI instruments have died inside the executive branch in eighteen months, and each time the competitiveness frame has had an easier veto than the security frame had an answer.

The next useful question is not whether the EO comes back in some softer form. It is who carries operational AI security after this. If the July Cairncross read-out is bland, the executive branch has effectively conceded that only Congress, likely through the FY 2027 NDAA, can move the floor.

Here's What You Need to Know in 30 Seconds

The administration spent six weeks drafting an AI security executive order that would have established the federal government's first operational mechanism for previewing frontier-model capabilities before release. The draft was substantively modest: voluntary 90-day sharing (industry had pushed for 14), DOD-side cybersecurity floor, light-touch critical-infrastructure requirements. Two things killed it. The framing problem: the competitiveness faction, with David Sacks as principal author and supported by external voices including Elon Musk and Mark Zuckerberg, argued that any pre-release window concedes the premise that frontier-AI developers should be slowed for security review, and that conceding the premise weakens the U.S. position against the People's Republic of China. The interagency problem: an internal proposal to give the Department of the Treasury (rather than CISA or NIST) a lead role in the security review drew sharp pushback from the cyber-defense agencies that have spent eighteen months building their AI-evaluation capacity. The hawkish faction, anchored at the National Cyber Director's office and inside NSC's cyber directorate, argued that the absence of an operational federal security posture is itself a strategic vulnerability. The competitiveness faction won the room and the Treasury-vs-CISA fight made the coalition too brittle to defend. The draft is now indefinitely paused. The next signal is the Cairncross interagency read-out anticipated in July. The pattern this week made plain is the pattern that has killed every frontier-AI governance initiative at the executive-branch handoff for eighteen months running: the security case keeps losing to the competitiveness case, not on the merits, but on the framing.

The Hawk Case: Pre-Release Sharing Is the Tool That Already Exists

The hawk case is operationally straightforward: frontier-model capability is now moving faster than the government's visibility into it. A voluntary pre-release sharing window gives security agencies time to inspect dangerous capability before it hits customers, infrastructure, or adversary workflows.

Mythos made the argument concrete. If a frontier model can autonomously surface and demonstrate exploitable infrastructure vulnerabilities, then waiting for post-release reporting is not a security strategy. It is a hope that developers choose to brief the government after the fact.

For the hawk, the EO was not a regulatory overreach. It was the minimum federal mechanism required to make private evaluation visible to the public-security side of the state.

The Reformer Case: Voluntary Sharing Is the Capture Vector

The reformer case is not that security visibility is unnecessary. It is that voluntary sharing with a small set of frontier developers can become policy capture in procedural form.

A 90-day window may look like oversight, but it also tells the largest labs how to shape the review environment before smaller competitors can even enter it. The cybersecurity provisions raise a second concern: authority would concentrate in the National Cyber Director's office without a clear statutory oversight lane.

For the reformer, the EO's weakness is not its ambition. It is that a tool built through executive process can be widened by the next administration without Congress ever defining the guardrails.

Where They Actually Agree

Both sides agree that the executive branch lacks a durable operational mechanism for frontier-model security review. Both also agree that Mythos changed the room: the risk is no longer hypothetical once a model demonstrates autonomous vulnerability discovery against real infrastructure software.

The disagreement is about whether the first mechanism should be built inside the executive branch with voluntary industry participation or forced through Congress with slower, harder, more durable rules. That is a real disagreement. Pretending otherwise only helps the veto players.

Where They Don't (And Shouldn't Pretend To)

Competitiveness frame. Hawks treat it as a serious China argument; reformers see it as a veto that can kill any constraint without naming an alternative security plan.

Voluntary sharing. Hawks see a practical first step. Reformers see an insider regime whose burdens and benefits will be shaped by the companies already closest to the government.

Executive authority. Hawks want a mechanism now. Reformers want statutory durability. The EO died because no one built a coalition that could answer both needs at once.

Here's My Two Cents

The EO that almost was is the fourth example of the same pattern: operational AI-security tools die when they meet the competitiveness veto. That pattern is now mature enough to be the story.

The next signal is not another principles document. It is whether the July Cairncross read-out gives the National Cyber Director equal weight against the NEC on AI security. If it does not, the executive branch has accepted framing documents as the ceiling.

That leaves the FY 2027 NDAA conference report as the only operational vehicle with a plausible path. It is an ugly place to make AI-security policy. It is also where the votes, deadlines, and must-pass pressure are.

My read: the security case is real, the capture risk is real, and the current executive coalition cannot hold both. Congress has to write the floor or the floor will keep moving down.

Related Briefings

Weekly Update · May 14, 2026
Bipartisan Translation: Three Doors at Once
The preemption side of the same fight. Legislation, NDAA, and EO routes running in parallel.
Weekly Update · April 29, 2026
Bipartisan Translation II: Google Got the Contract
Defense procurement as the policy lever that does not get debated. Where the competitiveness frame originated.
Weekly Update · May 7, 2026
Bipartisan Translation: The Framework Lands
What the framework said and what its silences signaled. The drafting environment the pulled EO was born into.

Anna R. Dudley writes on national security, intelligence policy, and the places where hawks and reformers need to find each other. Bipartisan Translation is the weekly series for the conversation that is not happening on cable news. Subscribe at annardudley.substack.com.

Back to Briefings
Copied to clipboard