TL;DR
Executive Order 14409 requires federal agencies to establish a classified process by August 1, 2026, for benchmarking the cyber capabilities of advanced AI models. The results could shape government access, deployment decisions and national-security policy, but the criteria and practical effect of voluntary developer participation remain unknown.
President Donald Trump’s Executive Order 14409 requires the Treasury Department, National Security Agency and Cybersecurity and Infrastructure Security Agency to establish a classified AI benchmarking process by August 1. The process will test advanced cyber capabilities and give the NSA director authority to designate covered frontier models, placing model evaluation at the center of federal national-security decisions.
The order directs the agencies to develop a benchmark that measures whether an AI model has advanced cyber capabilities and to define the threshold for covered-frontier-model status. The NSA director will make each designation after consulting the national cyber director, the White House science adviser, CISA and other defense representatives.
A separate framework, due on the same date, will let developers ask the government to evaluate models under development. Participating companies may give federal evaluators access to covered models for up to 30 days before release to other trusted partners, subject to confidentiality, cybersecurity, insider-risk and intellectual-property safeguards.
Participation is formally voluntary. The order expressly rejects mandatory licensing, preclearance or permitting for new models. It does not say whether federal purchasing decisions, contracts or access to government programs will favor participating developers, so claims that the framework will become a de facto requirement remain interpretation rather than confirmed policy.
The August 1 Deadline:
Benchmarks Become a National-Security Instrument — a Classified One
EO 14409 · signed June 2, 2026 · what actually changes, who feels it, and the European counter-move
The fuse
Two blocs, opposite horns of the same dilemma
US: sophisticated & classified
Measures the right thing (offensive capability) but cannot be reviewed, replicated, or challenged. Steelman: a public cyber benchmark is also an instruction manual for adversaries.
EU: crude & public
Arguably measures the wrong thing (compute, not capability) — but it’s public, contestable, and identical for every party. Legitimacy over precision.
Three seats at the table
Opt-in calculus before Aug 1: 30 days of government access to weights and prompts vs. trusted-partner procurement upside. IP and NDA questions unresolved.
A pre-release window is meaningless for weights on a public hub — and no US framework binds Hangzhou. The asymmetry is the design’s quiet destabilizer.
Launch timing may stagger; US designation becomes de facto capability certification; and benchmark-gating becomes politically normal — precedent cuts both ways.
The European answer: not a classified benchmark with a circle of stars on it — public, replicable, defense-relevant evaluation anyone can inspect. Whoever writes the benchmark defines “capable” and “dangerous.” After Aug 1, one definition goes behind a vault door. Europe should answer in public — that’s the VigilSAR-Bench thesis.
advanced cybersecurity hardware for AI models
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Secret Tests Could Shape AI Access
The benchmark matters because it will define when an AI system’s cyber abilities warrant special federal attention. A covered-model designation could affect which organizations receive early access, how a model is evaluated before wider deployment and whether it is offered to agencies or operators of critical infrastructure.
Capability testing can identify risks that hardware or training-compute thresholds may miss. A model could become more effective at finding vulnerabilities, writing exploit code or directing automated cyber activity without crossing a new compute line. The federal approach is designed to measure what a model can do, rather than relying solely on how it was trained.
Classification creates a competing concern. Keeping test details secret can prevent adversaries from using a benchmark as a guide to sensitive cyber capabilities. It also limits independent review and replication. Unless agencies release a public methodology or summary, developers and outside researchers may have little basis for challenging how the threshold was defined or applied.
Capability Tests Replace Simple Proxies
The order was signed on June 2, 2026, giving agencies 60 days to build the benchmark and developer framework. It also directed the government to form an AI cybersecurity clearinghouse, expand vulnerability-detection programs and strengthen federal cyber hiring.
The policy differs from the European Union’s public systemic-risk trigger under the AI Act, which uses 10²⁵ floating-point operations as a presumed training-compute threshold for certain general-purpose models. The American process may produce a more direct measure of cyber capability, while the EU threshold is publicly visible and can be applied consistently by companies and regulators.
“develop and maintain a classified benchmarking process”
— Executive Order 14409, Section 3(a)
The Threshold Remains Behind Closed Doors
The government has not publicly disclosed which tasks, scores or safeguards will determine covered-model status. It is also unclear how much information developers will receive after an evaluation, whether designation decisions can be challenged or how frequently the benchmark will be revised.
The order does not resolve how the framework will address open-weight or foreign-developed models released outside the United States. Nor does it specify how agencies will manage model weights, prompts, evaluation records and trade secrets beyond requiring appropriate protections. The practical value of voluntary participation will depend on rules that had not been published as of July 18, 2026.
Agencies Must Set Rules by August 1
By August 1, the named agencies are expected to have the classified benchmark and voluntary developer framework in place. Model developers will then have to decide whether to seek federal evaluation and provide pre-release access, while the NSA begins applying the covered-frontier-model threshold.
Attention will turn to any public guidance explaining eligibility, confidentiality protections and trusted-partner selection. The level of disclosure will determine whether outside researchers and affected companies can understand the policy without gaining access to the classified test material.
Key Questions
What happens on August 1, 2026?
Federal agencies must complete a classified cyber-capability benchmarking process and a voluntary framework for evaluating covered frontier models.
Who decides whether an AI system is a covered frontier model?
The NSA director makes the designation after consulting CISA, the national cyber director, the White House science adviser and other defense representatives.
Must AI companies provide models to the government?
No. The framework is described as voluntary, and the order bars mandatory licensing or preclearance. Possible commercial or procurement incentives for participation have not been defined.
Will the AI benchmark be public?
The benchmarking process will be classified. The order permits agencies to share assessments with developers and researchers when appropriate, but it does not promise a public version of the criteria.
Why focus on cyber capability rather than model size?
Capability tests can examine whether a model performs sensitive cyber tasks regardless of its training budget. Whether the classified tests will provide a reliable and fair measurement cannot be judged until more information is released.
Source: Thorsten Meyer AI