Trump Executive Order: U.S. AI Developers Asked to Submit Models for Cybersecurity Tests

Trump administration to ask US AI firms to voluntarily submit models for cybersecurity tests

The Trump administration will ask leading AI developers to voluntarily submit their most capable models for government cybersecurity tests before ‌releasing them to the public, according to an executive order released on Tuesday, as security fears mount in Washington over powerful new AI systems such as Anthropic's Mythos.

U.S. President Donald Trump signed an executive order that directs the departments of Treasury, Defense, Commerce and Homeland Security, plus other government officials and agencies, to secure agreements with AI developers to test their models.

U.S. agencies would get up to 30 days to test the models before they are released to organizations outside the government, according to the order. It also directs the agencies to emphasize bolstering cyber defense ⁠across government.

The order signals Trump is shifting his strategy on AI and taking a more active role in monitoring the technology's capabilities.

Expanding Project Glasswing

Project Glasswing is our collaborative effort to secure the world’s most important software. In early April, we announced that roughly 50 initial partners had access to Claude Mythos Preview, and since then, they’ve been deploying the model to scan their codebases for vulnerabilities. We recently described how these partners have so far found more than 10,000 high- or critical-severity security flaws.

We’re now expanding Project Glasswing. Following several weeks of close collaboration with our Project Glasswing partners, the security industry, open-source software maintainers, and the US government, we’re extending the partnership to approximately 150 new organizations. Each one will need to meet our security requirements before they gain access.

The organizations in this new group are based in more than 15 countries, and most provide critical infrastructure to many more. … The group covers several industries that weren’t well represented in our initial cohort, such as power, water, healthcare, communications, and hardware.

DoD CIO implores industry to put a greater focus on 'foundational cybersecurity'

The Pentagon’s top IT officer is pushing for a more forceful and aggressive “foundational cybersecurity” posture, not just for the military, but for the contracting community as well, she said today.

“Our posture extends beyond our own digital networks into yours, our defense industrial base,” Department of Defense Chief Information Officer Kirsten Davie said at the TechNet Cyber conference here today. “A compromise at a small supplier can jeopardize a warfighter making a real time decision, and I don’t think that’s acceptable for any one of us in this room. That should make us all very uncomfortable, that that small of a compromise can impact a war fighter out at the edge. Let’s put a greater focus on our foundational cybersecurity.”

…

“Compliance does not equal security. It did not when I was in industry, and it does not from my seat where I am today. We must pursue a relentless focus on operational resilience, which is a byproduct, a dynamic fit for purpose cybersecurity posture,” she said.

Turning tension into collaboration: How CIOs and CISOs can lead together

The relationship between the CIO and the CISO has long been defined by friction. It is often framed as a structural conflict, with CIOs pushing for speed, scale and innovation and CISOs pulling toward control, constraint and cyber risk reduction.

In practice, this tension is real. But the problem is not that it exists: the problem is how it is managed.

For many organizations, this dynamic has drifted into something more corrosive. Security leaders report feeling pressure to downplay risk, while IT leaders often are perceived as shifting accountability rather than owning it.

These patterns do not just create internal dysfunction. They also expose the enterprise to unnecessary cyber risk, particularly at a time when technology adoption is accelerating and the consequences of misalignment are more immediate and visible.

Dozens of Red Hat npm packages targeted in supply chain attack

Researchers on Monday warned that more than 30 Red Hat npm packages have been compromised in a supply-chain attack that used a credential-stealing worm.

A total of 96 versions across 32 packages have been identified as compromised, according to researchers at Aikido Security. The accumulated downloads exceed 116,000, according to researchers.

The packages were published through the GitHub Actions OIDC, which indicates the compromise was linked to the continuous integration/continuous delivery pipeline, instead of an npm token, researchers noted.

Anyone that has downloaded an affected package version since Monday should assume that CI secrets, cloud credentials, SSH keys and npm tokens are compromised, researchers said. They should all be rotated in a preventative measure to protect against future actions.

Red Hat confirmed it is investigating the malicious activity.

“Red Hat is aware of security reports regarding certain npm packages within our development tooling ecosystem,” the company told Cybersecurity Dive in a statement.

Exclusive: AI is widening cybersecurity workforce skills gap, Accenture says

Companies are racing to secure AI systems, but many are still hiring cybersecurity workers using job descriptions, career ladders and training programs built before the AI boom.

Why it matters: Fending off AI-powered hacks expected from advanced AI models will require a new vision for how employers train, hire and retain cybersecurity talent.

The big picture: High burnout rates and extensive training requirements have left the cybersecurity industry scrambling for decades both to bring in entry-level workers and retain existing talent.

• "It's really not a shortage that we have anymore, it's a mismatch," Vikram Desai, global cybersecurity strategy and risk lead in Accenture's cybersecurity practice, told Axios.

Zoom in: Companies' growing reliance on AI systems is poised to exacerbate the problem, Desai said.