Microsoft, Google DeepMind and Elon Musk’s xAI have offered to let the U.S. government access new AI models ahead of their general release, which sets up a new phase in Silicon Valley’s often fractious relationship with the US government’s fear of AI threats, based on the latest report of AI companies offering models to U.S. officials in the name of security review, in the hopes that government analysts can vet frontier AI systems for security threats like cyberattacks and military use before it is exposed for public consumption by developers and users, and, inevitably, those who should have no business to have their hands on a weaponized AI model.
The reviews will be run by Commerce Department’s Center for AI Standards and Innovation, or CAISI, which says the company’s deal with Google DeepMind, Microsoft and xAI gives it a chance to vet AI models in the pre-deployment phase, conduct research in specific areas, and review them after they are launched into production.
That may sound boring, but it’s not. This is the government asking to have the cover lifted off the hood before the car goes on the road, and that hood is heating up by the day.
It remains to be seen, but there’s an understandable fear that highly developed AI will help cyber bad guys become even more effective in their crimes. “U.S. officials have started eyeing emerging frontier models in the early stages with suspicion and trepidation, noting that some have elevated the stress levels of the highest government officials,” wrote Reuters.
One of the AI tools that has raised the most concern is Anthropic’s Mythos, a recently disclosed model. The problem isn’t that AI could identify security flaws that people don’t see. It’s that one tool might allow security people to find security flaws and an attacker could find security flaws too.
Microsoft has entered the AI debate. Microsoft has promised to “work with U.S. and U.K. scientists to identify and mitigate unintended consequences of AI models and contribute to the development of shared datasets and evaluation methods for model safety and performance,” according to its press release.
In an example of this kind of collaboration, Microsoft signed an agreement this month with the U.K. AI Security Institute to collaborate with officials from both countries to work together to manage AI risks. This suggests that this topic has relevance beyond the confines of the American capital.
CAISI isn’t coming up from a blank slate. The agency claims it’s already conducted over 40 assessments, including those of cutting-edge, as-of-yet-unreleased models; developers sometimes share versions with protections stripped or dialed down in order to expose the worst-case national-security hazards. Yes, that does sound ominous, and it’s meant to; after all, you don’t confirm the efficacy of a lock by simply imploring the door to remain closed.
In addition, the new pacts expand on prior government access to models made available by OpenAI and Anthropic; separately, OpenAI handed the US government GPT-5.5 to evaluate in national-security contexts, according to OpenAI’s Chris Lehane. Stitch those elements together and a distinct picture begins to emerge: the very most capable AI labs are being drawn into a government vetting environment ahead of time before their technologies go live.
There’s some interesting (and messy) politics at work here. For the most part, the Trump administration has centered its AI strategy around acceleration, deregulation and America’s dominance on the world stage. But any forward-leaning AI strategy also has to grapple with the messy reality that frontier models aren’t just productivity tools.
The Trump administration’s America’s AI Action Plan is primarily geared towards boosting innovation, building the infrastructure needed to sustain it and promoting U.S. leadership in international AI diplomacy and security. That final piece is really carrying the load.
There is also a defense component that can’t be overlooked. Only days before these model-review agreements were announced, the Pentagon was making deals with leading AI and tech companies to access the best systems on classified networks, according to reporting on the armed forces’ effort to infuse commercial AI into government operations.
AI in military workflows brings a host of new challenges and consequences. A bug doesn’t have to be a bug; an errant output can be a lot more than awkward. It can be operational, and it can be costly.
Naturally, the issue is that this could impede innovation. Tech companies will argue they require latitude; and they are certainly right that AI is currently a knife fight in a phone booth, with swift iterations, aggressive rivalries, massive expenses of computing infrastructure, and a global challenge to China.
If every new AI model is held for months before it can be introduced, U.S. tech firms will surely charge Washington with gifting a present with a big bow to our adversaries.
But it can be said that the U.S. would like to avoid having the first meaningful public demonstration of a particularly threatening or dangerous capability of AI be a public release, as that is how you end up governing through apology.
Evaluation before it is deployed and released is not going to be exciting, and will likely be annoying to some or all, which is typically a good sign that regulation has landed somewhere in the middle.
The challenge will be to keep things focused. Checking every single chatbot release wouldn’t make sense, but scrutinizing the most advanced frontier models, particularly those with military or cyber, bio or chem implications is another matter.
This isn’t about a government official approving your auto-complete, but instead more about an engineer reviewing the rocket before it launches. It’s probably not as dramatic, but it’s similar.
There is also a trust problem here. Tech giants have told regulators they can self-regulate, while the latter has told tech companies they have failed to keep up with rapidly evolving technology.
The result is this uneasy middle ground in which companies offer early access to AI models, federal researchers carry out independent tests and everyone hopes the procedure filters out the worst results but doesn’t end up bogged down in red tape.
It’s hard not to feel like this moment was inevitable. Once AI models reached a point where they were powerful enough to influence sectors like cybersecurity, national security and infrastructure, it was never going to make sense for these companies to simply test their models on their own for the rest of eternity.
The average person may not know the intricacies of a benchmark or a red-team report, but they are certainly aware that the mere ability of these systems to cause tangible harm makes them worth scrutinizing before they go to market.
And while Big Tech still wants to race ahead and Washington still wants to avoid being caught off guard, the two sides have seemingly aligned, at least for now, on a feasible course of action: Open up AI models before the engine roars.