When Donald Trump returned to the White House 18 months ago, his second administration made it clear that it would take a hands-off approach to artificial intelligence and allow tech companies to develop these technologies with minimal government interference.
To go along with this light-touch approach to AI development, Trump issued an order that rescinded a Biden administration directive concerning AI that sought to put more guardrails around the development of these technologies, including the implementation of cybersecurity standards to help ensure data and privacy protections.
The Trump administration followed this hands-off AI approach until April of this year, when Anthropic released Mythos, a large language model (LLM) that uses advanced cybersecurity capabilities to detect vulnerabilities — including zero-day flaws — across a variety of applications and operating systems.
Immediately following the Mythos announcement, cybersecurity experts and even some government officials raised concerns about Mythos, and the Trump administration asked Anthropic to limit access for the time being. (On June 9, Anthropic announced Claude Fable 5, a “Mythos-class model” available to the public with certain guardrails built into it to ensure that the LLM is not abused by cybercriminals or attackers.Then, on June 12, the Trump White House banned foreign governments, companies and individuals from accessing these two models, citing national security concerns. Since then, the company and the administration have worked to resolve the issue.)
The Mythos release — along with other cybersecurity models planned by OpenAI — prompted the Trump administration to consider its own executive order to address the safety and security issues surrounding the use of these AI technologies for cybersecurity and vulnerability detection. The Wall Street Journal reported that after a delay and internal debates over the size and scope of this executive order, Trump signed a “slimmed-down” directive on June 2 that allows federal government agencies access to new models 30 days before their release.
The order further asks government and cybersecurity officials to work with private companies to address vulnerabilities that these AI platforms uncover.
“Advanced AI capabilities make our Nation stronger, but also introduce new national security considerations that require coordinated action across executive departments and agencies (agencies), and components,” according to Trump’s executive order. “As these capabilities evolve, my Administration will continue to work closely with industry to ensure that the best and most secure technology is deployed rapidly to confront any and all threats to our country.”
While tech and AI firms approved the move because of the shorter review process, the executive order also faced criticism that the disclosures are voluntary and that the order is too deferential to the industry. Congressional lawmakers are also struggling to write and pass federal bills that address these issues.
Cybersecurity experts also noted that Trump’s executive order leaves additional questions about the future uses of AI unanswered.
“The big question is whether this executive order helps establish a durable safety assessment process, one that includes independent testing, clear risk thresholds, disclosure obligations, post-release monitoring, incident reporting and meaningful consequences when unacceptable risks are found,” Diana Kelley, CISO at Noma Security, told Dice. “Without that structure, a voluntary process could look reassuring without materially reducing risk.”
What Role Does the Government Now Play in AI?
While the 30-day review period is the topline takeaway from the executive order, the document also instructs the executive branch to take several additional steps, including:
- The U.S. Department of the Treasury will lead a cybersecurity “clearinghouse” committee that includes government officials, along with industry and critical infrastructure representatives, to develop AI collaboration standards.
- The Treasury Department will also lead an effort to identify and mitigate vulnerabilities that these AI models uncover in applications and operating systems.
- The Office of the National Cyber Director, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) will identify federal grants that can be used to develop AI vulnerability detection.
One of the biggest challenges facing cybersecurity professionals is managing the transition as AI technologies begin moving into more production environments, and it’s important to look to government policy for guidance.
As AI becomes increasingly embedded across applications, cloud environments, autonomous agents, operational technology and critical infrastructure workflows, organizations will need clearer visibility into how those systems behave, what data and resources they can access, and when activity moves outside expected parameters, said Marcus Fowler, CEO of Darktrace Federal. This is where federal government resources can help.
“The security conversation must extend beyond model development and testing to focus on the operational realities of AI deployment,” Fowler told Dice. “The National Institute of Standards and Technology’s AI Agent Standards Initiative and forthcoming guidance from CISA and other federal stakeholders will be important in helping organizations establish practical frameworks for securing AI in production environments, including how AI systems and agents are identified, authorized, monitored, and governed throughout their lifecycle.”
David Brumley, chief AI and science officer at Bugcrowd, noted that governments and markets do not fully grasp a central tenet of AI: the technology compresses certain security features in applications while expanding the attack surface.
The result is that as attackers utilize AI to scale, defenders must do the same. That increases demand for platforms that operationalize AI effectively. It also requires cybersecurity professionals to increase their AI knowledge and skills.
“The real shift is in how the work gets done. Security professionals are knowledge workers, and like every knowledge profession, our workflows are being reshaped by AI. Those who ignore it will fall behind,” Brumley told Dice. “Those who adopt it will become dramatically more effective. While security professionals are used to learning new skills, what makes this scarier is the speed and scale at which the change is coming.”
Developing Cybersecurity AI Skills
While the Trump administration plots a new course on AI, experts note that these technologies still offer career opportunities for cybersecurity professionals.
Professionals with expertise in AI-driven threat detection, automation and risk analysis remain sought-after as AI tools become further integrated into business and security operations.
While AI can process vast amounts of data at machine speed, it still lacks the intuition and strategic thinking that human analysts bring to the table. Security teams will increasingly need to balance technical expertise with the ability to interpret and act on AI-generated intelligence, said Darren Guccione, CEO and co-founder at Keeper Security.
“Many AI models, particularly neural networks and large language models, can produce convincing results but lack explainability. If a security tool flags a potential threat, but the system can't explain why, it puts organizations in a difficult position – do they trust the output or risk missing something critical?” Guccione told Dice. “This is why AI must be viewed as an assistive technology, not an autonomous decision-maker. Security teams must remain actively engaged in validating AI-driven insights to prevent false positives, overlooked threats or unintended biases in automated systems.”
Matthew Hartman, chief strategy officer at Merlin Group, noted that the human-in-the-loop element of AI remains critical to organizations investing in these technologies, no matter how advanced they become. It’s also critical for cybersecurity best practices.
“Agentic AI and emerging technologies will change the tools defenders use, but the most valuable skills remain broadly human ones — curiosity, problem-solving, and the initiative to investigate anomalies and adapt quickly,” Hartman told Dice. “Organizations across all industries are increasingly looking for workers who can combine strong technical fundamentals with deep AI curiosity. Defenders who demonstrate the ability to think critically about how technological evolutions change risk and defense will be successful.”
Noma Security’s Kelley added that with AI becoming intertwined with more and more platforms, now is the time to develop a skill set that can help advance a career, especially as government agencies become more involved.
“AI is quickly being woven into the fabric of all business operations and workflows. With AI everywhere, workers with skills that enable effective use of AI will be well positioned to help companies make the most of the AI revolution,” Kelley said. “Skilled AI security practitioners are now, and will be, in high demand with a substantial need for AI guardrails to be implemented in parallel with the adoption of AI in the enterprise. AI security and governance are the leading priorities for every enterprise CISO today.”
