Katherine Forrest: Okay, so let's get right to it. So, you know, we wanna talk about this this June 2nd executive order. It's big stuff
Scott Caravello: It's a huge deal and, so, in our regularly scheduled June 4th episode, which was released just a bit ago, we briefly covered the original iteration of this executive order, which we termed the executive order that wasn't. Because the White House had a whole signing ceremony lined up for an AI and cybersecurity focused executive order back on May 21st. But then the president decided against signing the order on the day of. But on June2nd, President Trump went ahead and signed a new, updated version of that executive order.
Katherine Forrest: Right. And the version that was signed on June2nd, is different from the prior version. And, so, it's about a page long, a little over a page. And so let's just break it down and go through it pretty quickly because it's got some interesting things and then it's got a lot of room for things that we don't yet know…what they're going to be, what the regulation might look like, how their the interactions will occur. The order is called “Promoting Advanced Artificial Intelligence, Innovation and Security.” So, it's it's sort of a mouthful. And the first part is, you know, sort of, has a statement that the US is, really wants to be, able to unleash tremendous, and already has, technological and technological growth and economic investment in AI and doesn't want a lot of regulatory constraints. But then it goes on and talks about defense, about the government wanting to lock down various systems, ensure that the country's critical infrastructure against cyber attacks powered by AI are protected and then there's the part that's really made the headlines. And the second half is all about what are called “covered frontier models,” and you'll hear that phrase a fair amount today. And this is a framework where AI developers would voluntarily give the federal government an early look at models that might be covered frontier models, which would be, you know, highly advanced new models before they go public for just a period of 30 days. And, so, let's talk about that.
Scott Caravello: Yeah, but, so, that second half, about turning over the models for a thirty day period, that's the part of the executive order that led to the original delay in signing, right?
Katherine Forrest: Right, so there was a in the original order, at least the one that was assumed to be the original order, the one that was sort of leaked, it was going to be a 90 day period of review. Again, voluntary, but that raised concerns that that ninety day period might unduly delay things and look more like a regulatory overreach. And so the version that the president signed, as we've said, is really 30 days. And it not only talk you know allows the federal government to have a 30 day review, but also allows a 30 day review by certain trusted partners who are not yet identified. So, uh, it's not mandatory licensing, it's not mandatory permitting, but it is a voluntary 30 day review period.
Scott Caravello: Exactly. And so let's get into the details of what the voluntary framework, which again is voluntary, would entail and how exactly it works. So, the federal government is tasked with setting, and I'm quoting, this is direct language, a classified benchmarking process. And that would be designed to measure a model's quote advanced cyber capabilities. And once a model crosses the line that's set through that benchmarking process, it gets labeled, what you were talking about earlier, Katherine, a covered frontier model. And then as a covered frontier model, the government would get access to test it for that 30 day period. And then, as you mentioned, the federal government could give access to these unnamed select trusted partners as well as operators of critical infrastructure in order to quote, promote secure innovation and strengthen the cybersecurity of critical infrastructure. But with that laid out on the table, let's take a step back. Why is the government focused on grading models on their cyber capabilities in the first place?
Katherine Forrest: Right. So, we've actually with Mythos, with Claude Mythos, we've hit a real step change in model capabilities. And there are other models now that are coming out. We've seen some additional releases from different companies. And there are concerns and acknowledgements that what some of these models can do on the cyber side presents real risk and real risk to potentially critical infrastructures. So, you know, we discussed the Claude Mythos preview in a prior episode. That has had its own project, Glasswing, where there was a release to a variety of companies who are very involved in critical infrastructure. And then more recently in the last couple of days, well within the last week, it was released to almost 150 more companies to allow them to have access to harden their infrastructure as well. And so we can think about it this way. For years to find a significant hole in a piece of software and then writing the code to actually break into it was, you know, a a kind of skilled work that took time. Now, AI helped that process speed it along and, so, with the more recent developments of AI, not, this is before we get to Claude Mythos, we were seeing advances, lots of advances in the cyber capabilities of bad actors. But now the newest models can do some of that slower work much, much faster. They can read through code, find weak spots, put together a working way to actually take advantage of that weak spot called an exploit, and they can do it fast and at scale and in a way that really a human team cannot match. So, it really raises—that's a lot of “really” in the morning—it absolutely raises the stakes in terms of the need for companies and for the federal government to protect critical infrastructure.
Scott Caravello: Yeah, but that also cut, those cyber capabilities also cut, both ways. They can be used both offensively by these bad actors and defensively by the folks who are trying to protect their systems. It's the same model capabilities that are used for both. The model that finds the vulnerability so that the company can patch it is is the same one that identifies the vulnerability so the attacker can use it. So, when the order picks out these advanced cyber capabilities as the trigger for this whole review process, and then wants to give trusted partners that early access, it seems that what the government is really saying is that because they're worried about how the model can be used to attack or hack something, they'd like the folks who really need it to get their hands on it, test it, and use it for defense before the bad guys get it.
Katherine Forrest: Right. And so I just actually want to turn to the section. And it's actually, you know, by the way, when you print this thing out, it is it is actually more than a page. But don't print it out and it'll look like it's a page. That's what I'll tell our audience. All right. Anyway, so when you print this thing out and you're looking at the executive order and you look at section three, which is called the “Secure Frontier Model Deployment.” That's where you get this benchmark reference for the covered frontier model. And what it says is that the Secretary of Commerce through the director of the National Institute of Standards and Technology, that's NIST, and in coordination with other agencies shall, and here's the quote: develop and maintain a classified benchmarking process. So, develop and maintain a classified benchmark. Which is of course a term of art in terms of classified information from the federal government, benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold at which an AI model should be designated a covered frontier model for purposes of this order. And, then, those assessments would be shared with AI developers and researchers as appropriate. So, there's a lot that is left unsaid.
Scott Caravello: Absolutely. But then the assessments that are coming out of the testing can be shared with AI developers and researchers, but the order notes that it's, quote, as appropriate. And the call about whether to share those assessments actually gets made over on the national security side through the National Security Agency, or the NSA. So, maybe the assessment really points to some big risk or national security concern and they don't want it shared more broadly. But, anyway, since this whole framework is voluntary, Katherine, what are the protections that are built in for the developers who might choose to participate?
Katherine Forrest: First of all, this is voluntary. Second of all, it's 30 days. And then you've got protections like, quote, appropriate confidentiality, cybersecurity, insider risk, and intellectual property protection, use and non-disclosure requirements. And so what all that means is that when the model developers turn over their models for this early review to the federal government and some of the trusted partners, there will be a whole host of these you know, confidentiality, cybersecurity, et cetera, et cetera, intellectual property protections for the model developers. And, so, you know, the idea is you will not have these models leak out and get ahead of your, you know, planned release and rollout, you know, cycle.
Scott Caravello: Right, but you know, to your point earlier, Katherine, about how much is left to be figured out about the executive order, those categories of protections are listed only generally. And so, you know, time will tell how that actually gets worked out and what those are, though, you know, those, I imagine, will not be actually released to the public. But, so, with all that said, maybe we should go ahead and switch gears to the other part of the order, what we have been, sort of, terming the defensive half of the executive order.
Katherine Forrest: Right. So, the order instructs, there's a lot of, sort of, thou shall, you know, do this in 30 days and that in 30 days, with a lot left unsaid. And one of the “thou shall do” provisions is an instruction to the Treasury in consultation with the defense and intelligence communities to stand up something called an AI cybersecurity clearinghouse. That's a term of art, along with the AI industry and critical infrastructure operators that will serve as something like a hub for coordination. And the idea is that this cybersecurity clearinghouse, this AI cybersecurity clearinghouse, would scan for cyber vulnerabilities, it would validate them and help get patches or fixes out. It also asks CISA. C-I-S-A, which is the Cybersecurity and Infrastructure Security Agency, which sits within Homeland Security, to put out binding directives to speed up the defense of civilian federal agencies and establish and expand, or both, federal programs that will enhance AI-enabled defensive tools. So, there's a lot of you shall get ready to do the following things without specifying what those following things have to be.
Scott Caravello: And on a related note, but another interesting piece of the order, it also then directs the government to facilitate access to these AI defensive tools that it mentions, which can include the covered frontier models when the government determines it's appropriate to not only agencies, states and local authorities, but also to operators of critical infrastructure.
Katherine Forrest: Right. And the order actually calls a few of them out. Rural hospitals, community banks, local utilities. It's interesting that they call those out by name.
Scott Caravello: Yeah, well, and you know, I think that's really just because critical infrastructure is such an area of con concern when it comes to cybersecurity. If AI is making attacking cheaper and faster and the attackers get that the day the model and its capabilities become available, it's out there for anyone. And, you know, because the order mentions some of them, rural hospitals, community banks, local utilities, those might be pieces of critical infrastructure that don't have the security team to keep up on, you know, day one. So, the order's trying to hand these potential targets a tool to defend themselves.
Katherine Forrest: Right, we typically think of the critical infrastructure as the major banks, the major healthcare institutions, all of the really large systemic institutions that keep our, you know, our world running. But, part of that is what's going on at a local level and they're exposed as well. And there's a section in this executive order, section four, which is called “Protection Against Criminal Actors.” And it actually states that the Attorney General shall prioritize the enforcement of certain criminal laws against anyone who utilizes AI to illegally access or damage a computer without authorization, or who utilizes AI while engaged in such illegal access to further any other crime. And it goes on to say this includes breaching any public or private information technology system or employing AI agents to unlawfully access data or information that's subsequently used for a criminal or unlawful purpose. So, that's a big section that is actually saying a lot in just one paragraph.
Scott Caravello: Yeah, and I think that it's really so interesting that it's calling out AI agents directly because that's something that we've talked about many times, right? The concern that they're gonna go off and autonomously do bad things on their own. And here the government is directly flagging the potential for a bad actor to direct an agent toward a system and just, you know, let it go off and try to exploit vulnerabilities and navigate through someone else's systems all on their own and, you know, wreak havoc.
Katherine Forrest: Right. Somebody could actually, not just theoretically, but they could in reality, sort of, you know, spin up a whole army of these agents and point them at a target and, you know, direct them to do X, Y, or Z. And so, if you've got a person at a keyboard, that's one thing, but if you've got an army of autonomous agentic AI agents, as I call them, the little bots that are running around. That raises a whole new specter of potential vulnerability. But let's get to some closing thoughts. Do you have any closing thoughts here on this executive order?
Scott Caravello: Yeah, absolutely. So, I mean, obviously it's a big step and it's an effort to meet the moment. But, you know, as we talked about how much has yet to be figured out, the devil's in the details and a lot of those details aren't clear. So we'll see if, to the extent it's made public, what federal departments and agencies put together for a workable framework. And, you know, then of course whether developers themselves actually choose to sign up. But it's I think it's worth mentioning, right, that the voluntary agreements that some of the developers like Google, Microsoft and XAI previously agreed to, to share their frontier models with the federal government, does show that there is a workable path forward here.
Katherine Forrest: Right. And let me just give my closing thought, which is, again, I encourage everybody to take a look at this and to look at also part of what we haven't mentioned, which is section five, the general provisions, because first, the cost of publication of the order, which is, typically, a ministerial piece, is actually here borne by the Department of War. So, that's an interesting thing to note. And also that in section five subpart C, there is a specific statement that the order does not intend to or create any right or benefit substantive or procedural enforceable against the United States, its departments, agencies, entities, officers, employees, or any other person. And so what that's really doing is saying, look, if we look at a model, one of these covered frontier models, and something then after the release of that covered frontier models goes awry, there is not a cause of action against the United States or potentially anybody who has looked at this model as part of this program. So, that is saying we're gonna give it a try, but don't think that you can come back to us and hold us liable for having missed something. That's at least the way I read this. Again, this is an executive order. Like all executive orders, it's different than a piece of legislation that's actually been passed. But as we've seen, recently, executive orders of this type can carry a lot of weight and we expect this one too. So, I think that's about all we've got time for on this first, and I don't think only, but certainly our first special episode of Waking Up with AI.
Scott Caravello: And I'm Scott Caravello. Thank you for joining us for this first ever special edition. As you pointed out, Katherine, it is the first, but I don't think it will be the last.
Katherine Forrest: Right, and thank you for joining with Scott and all of his hats. Twenty hats, right, that reminds me.
Scott Caravello: And I do just want to say, if you're new to the podcast, we really do hope that you've enjoyed it and that you'll like and subscribe to tune in for future episodes which drop weekly on Thursday mornings.
Katherine Forrest: Yeah, he doesn’t want to talk about his hats.
Scott Caravello: I don't. I tried to redirect with the home organizer thing and then you brought it back to “all the hats,” you know…
Katherine Forrest: Ha ha. All right. Okay, folks, we'll be back to you soon.
