From Compute to Congress: When AI Innovation and Cybersecurity Stop Competing

The June policy wave reframes AI advancement and cybersecurity as complementary, not competing. The harder part comes next: resourcing it consistently, across budget cycles and shifting priorities.

The Brief

Two new federal actions—the recent Executive Order (EO) on Promoting Advanced Artificial Intelligence Innovation and Security and the National Security Presidential Memorandum (NSPM-11)—dropped in the last week and set the tone for more integration between AI innovation and cybersecurity, with civilian infrastructure in scope.

The June 2 EO sets up a classified process to benchmark AI models' cyber capabilities and designate the most capable as "covered frontier models." It also stands up a new AI cybersecurity clearinghouse seated at Treasury.
NSPM-11 reorganizes national-security AI around four pillars and replaces the Biden-era National Security Memorandum on AI (NSM-25).
The objectives across both releases hit the right tone. Still, their feasibility will rest on the funding and staffing allocations: the deadlines are aggressive, many federal seats are unfilled, and the AI Cyber Challenge is a fresh reminder of what happens when capability outruns the infrastructure to sustain it.
What we're watching: who actually controls frontier cyber capability when it lives in private labs and ships as open weights, and how anyone credibly measures systems that are non-deterministic by design.

The latest string of AI policy releases points to a shift in how Washington treats advancing AI systems. From the June 2 Executive Order (EO) on Promoting Advanced Artificial Intelligence Innovation and Security to the June 5 National Security Presidential Memorandum (NSPM-11), there has been a recalibration: AI innovation and cybersecurity are now framed as complementary priorities rather than competing or parallel ones.

Security has often been regarded as a brake on AI progress and progress as a risk to security. But coordinating the two strengthens the resilience of our digital ecosystems, particularly civilian infrastructure that absorbs the cost when AI is advancing and cyber is lagging behind. The EO names that infrastructure directly: rural hospitals, community banks, and local utilities. These are exactly the systems that would benefit the most from AI-enabled cyber resilience. Dreadnode has long held that such capabilities can harden real software and uplift the expertise of the security researchers and engineers who defend it, and we have built in that space since our inception.

Benchmarking Becomes a Mandate

Perhaps the most encouraging signal in the EO is the recognition that benchmarking the cyber capabilities of AI models is a necessity, not an afterthought. Section 3 directs the government to develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models, and to use it to set the threshold at which a model is designated a “covered frontier model.” That determination falls to the Director of the NSA, in consultation with the National Cyber Director and others.

This is the government operationalizing a thesis Dreadnode has argued for repeatedly, including in our response to the NIST AI Agent Security RFI: you cannot govern capabilities you cannot measure, and you cannot measure non-deterministic systems with checklists built for deterministic ones. A benchmarking process for cyber capability is the precondition for everything else in these documents.

NSPM-11 runs the same innovation-and-security logic through the national security enterprise, and it should be read alongside the EO rather than in isolation. It organizes the administration’s approach around four pillars: adoption, adaptation, assurance, and accountability. NSPM-11 also rescinds and replaces the prior National Security Memorandum on AI (NSM-25).

A few elements stand out for anyone working in AI security. The memo orders a review of procurement to rapidly onboard advanced models from multiple vendors, and it explicitly aims to close the capability gap between what is available to the public and what reaches the national security workforce, an acknowledgment that the frontier now often sits outside government. It directs assurance that no commercial entity or adversary can disable, degrade, or silently modify an AI system that personnel depend on, which is a supply-chain and integrity problem as much as a policy one. And it calls for partnerships with private-sector companies on joint AI red-team exercises and protection of cutting-edge models against malicious distillation attacks. That last item is the kind of adversarial evaluation work that has to mature fast if assurance is going to mean anything in practice.

Resourcing the Mission

What remains to be seen is how any of these priorities are resourced, and under whose authority. As a reminder, these orders create missions; they do not fund them. These initiatives advance only as far as Congress chooses to pay for them, which will in turn hinge upon filling empty federal seats. The timelines are aggressive, with much of the clearinghouse work due inside 30 days, set against agencies that already struggle to compete with each other, and with industry, for cyber and AI talent.

Further, the EO elects to seat the new AI cybersecurity clearinghouse at the Department of the Treasury with the National Cyber Director, NSA, and CISA in consulting roles. The mandate is robust: under Section 2(d), the clearinghouse is meant to coordinate and deconflict scanning for software vulnerabilities; discover and validate those vulnerabilities; and coordinate and prioritize the remediation and distribution of patches, in voluntary collaboration with industry and critical infrastructure operators. The Treasury Department is perhaps an unlikely choice, but the more important consideration will be ensuring operational capacity and consistency.

The distance between the engineering of AI-enabled cyber solutions and the adoption of these solutions often rests on some combination of staffing, appropriations, and consistent policy incentives to advance the field. We have a recent reminder of how this distance can slow progress, as the AI Cyber Challenge showed that AI systems could find and patch real vulnerabilities at machine speed, then stalled in the handoff from competition to deployment due to shifting federal priorities. That distance is the biggest risk to everything the June wave sets out to do.

What Comes Next

The policy is encouraging, and it rests on two questions that need to be resolved. The first is who actually holds this capability: the most advanced cyber-capable models live inside private labs and, increasingly, ship as open weights that no access regime can recall, which makes “designate and distribute” harder than it sounds. The second is how you measure the capability at all when the systems in question are non-deterministic, and when the same model can surface a real vulnerability and propose a confidently wrong fix in the same breath.

Those two questions, who controls frontier cyber capability and how anyone credibly evaluates it, are where this gets genuinely hard. It’s also where Dreadnode focuses our work, so we will continue to unpack these items in a follow-up.