Photo by David Everett Strickler on Unsplash
Trump pulls AI oversight order after three phone calls
/ 18 min read
Table of Contents
The order that died in the Oval Office
The signing ceremony was already on the schedule. Camera risers in the Roosevelt Room. CEOs notified. Talking points distributed to the press pool for a Thursday afternoon rollout of the most ambitious federal AI oversight document the second Trump administration had ever drafted. Then, hours before the lights came on, President Trump pulled the order. Per CNBC’s coverage of the postponement, the president told reporters in the Oval Office that he “didn’t like certain aspects of it” and added, with characteristic economy, that “we’re leading China, we’re leading everybody, and I don’t want to do anything that’s going to get in the way of that lead.” The room emptied. The order went back into the drawer. And the federal government’s most concrete attempt to put a checkpoint between frontier AI development and public release vanished overnight.
What disappeared with it is worth specifying. Per TechCrunch’s reporting on the delayed signing, the draft order would have required AI companies to share their most advanced models with the federal government for between 14 and 90 days before public launch, allowing the Office of the National Cyber Director to evaluate cyber-offensive risks. The trigger was not abstract. The order was prompted by the recent release of Anthropic’s Claude Mythos and OpenAI’s GPT-5.5-Cyber, both of which had demonstrated the capacity to identify and exploit security vulnerabilities at a pace that overwhelmed traditional disclosure pipelines. The executive branch’s national-security apparatus had decided that voluntary frameworks were no longer enough. Then the apparatus lost the argument inside the Oval Office in the span of three phone calls.
The phone calls matter because they reveal where AI policy is actually being made. Per Axios reporting on the eleventh-hour reversal, Meta’s Mark Zuckerberg, xAI’s Elon Musk, and White House AI adviser David Sacks all spoke with Trump between Wednesday night and Thursday morning. The framing they used was simple. Regulation slows American labs. Slowing American labs cedes ground to Beijing. Therefore the order is a strategic mistake. That argument has been the connective tissue of the administration’s AI posture for sixteen months, and it now has its trophy victory. The accelerationists did not just stop a rule. They demonstrated they can stop a rule already on the president’s desk, in the final hour, against the recommendation of the national-security staff who drafted it. That is a different kind of power than lobbying. It is veto power.
The stakes extend well beyond a single executive order. Per Semafor’s coverage of how the rules died, the signing’s collapse turns a year of careful interagency drafting into a cautionary tale and signals to every federal agency that the political cost of friction with frontier labs has risen. The Department of Commerce, the Treasury, NIST, and the National Cyber Director all had equities in the document. None could hold the line against three CEOs and the president’s stated belief that American AI must run unimpeded. That asymmetry will shape every subsequent regulatory cycle. Each new AI safety proposal will face the same gravitational pull: lead China, win the future, do not get in the way. The order that died Thursday was not just a document. It was a test of whether the federal government can impose binding pre-release review on the most powerful private technology in the world. It cannot. Not yet. Not under this administration.
How three phone calls killed federal AI oversight
The mechanics of the reversal deserve forensic attention because they will repeat. Per PYMNTS’s coverage of the competitiveness rationale, the order’s official rationale for postponement was that the language “could have been a blocker” — vague enough to permit a future signing, specific enough to signal which faction had won. The blocker framing was the lobbying campaign’s central artifact. It positioned the executive order not as a safety measure but as a foot on the brake during a sprint. Once that framing landed with Trump, the substance of the order — pre-release security evaluation by trained government red-teamers, in classified environments, on a calendar window labs could plan around — became politically unrecoverable. Process detail does not survive in a debate about national survival.
The phone calls themselves followed a familiar pattern. Sacks, the administration’s AI adviser and a vocal accelerationist long before his appointment, used his standing inside the West Wing to escalate concerns from industry. Musk, whose xAI just signed a voluntary CAISI evaluation agreement and would be among the first companies subject to the new mandatory regime, had personal exposure. Zuckerberg, whose Meta has staked its near-term commercial future on open-source model releases that would be functionally impossible under a 90-day pre-release lockup, had structural exposure. Per Nextgov’s reporting on the Commerce Department’s CAISI program, CAISI already has voluntary agreements in place with Google DeepMind, Microsoft, and xAI, building on the original 2024 commitments from OpenAI and Anthropic. The executive order would have converted that voluntary scaffolding into a federal mandate. The CEOs preferred the scaffolding. They told the president. The president agreed.
The order’s drafting context makes the reversal more striking. Per Bloomberg Law’s analysis of the policy puzzle, the federal pre-deployment infrastructure is not theoretical. It exists. Models are already being evaluated in classified environments. NIST researchers already have the security clearances and the test harnesses. The voluntary regime has been working, in the sense that frontier labs have shown up and submitted models. What it has not been doing is binding. Voluntary agreements can be withdrawn. Lab leadership changes can shift posture. A single Anthropic decision to skip a CAISI review on a release would create no legal exposure. The executive order was, in effect, a conversion document — turning a working voluntary system into an enforceable requirement. The conversion is what the lobbying campaign blocked. The voluntary system itself remains intact, but it remains revocable in a way that a Federal Register rule would not have been.
The substantive trigger for the order was not abstract risk. It was two specific model releases. Per CNBC’s coverage of Anthropic’s Mythos rollout, the company released Claude Mythos in March 2026 to a limited set of corporate partners, including Apple, Amazon, JPMorgan Chase, and Palo Alto Networks, under a security protocol called Project Glasswing. The reason for the controlled release was that Mythos had identified thousands of zero-day vulnerabilities — many critical — across every major operating system and every major web browser in the weeks preceding launch. Anthropic was, in effect, sitting on a catalog of exploits that could compromise most of the world’s consumer software. Per Anthropic’s own writeup on Project Glasswing, the company structured the staggered rollout to give defenders a head start. That decision was a private compromise, made without statutory authority, by a single AI lab. The proposed executive order would have made such decisions a federal matter rather than a corporate one.
OpenAI’s parallel move was just as illustrative. Per OpenAI’s announcement of GPT-5.5-Cyber, the company released a cyber-specialized version of its GPT-5.5 model on May 7 to “vetted defenders” — a category of users approved through an identity verification framework called Trusted Access for Cyber. The model assists with penetration testing, vulnerability identification, malware reverse engineering, and binary analysis, all tasks that sit one mental flip away from offense. Per CNBC’s coverage of the GPT-5.5-Cyber rollout, OpenAI’s own classifier-based refusal rules are lower for Trusted Access users than for the general population. That is a private vetting system imposing access controls on dual-use cyber capability. It is, again, a corporate substitute for what would otherwise be a regulatory function. The administration’s draft order, by contrast, would have inserted federal evaluators between the model and the rollout decision. That insertion is what the phone calls killed.
The competitiveness argument that persuaded Trump has more substance than it sometimes appears. Per the Carnegie Endowment’s analysis of Trump’s earlier AI executive orders, the administration has pursued a consistent line since the 2025 AI Action Plan: federal preemption of state AI rules, deregulation of model training and release, and weaponization of trade policy against jurisdictions that adopt EU-style approaches. The pulled order broke that pattern. It would have introduced a federal-level constraint of exactly the kind the AI Action Plan had spent eighteen months removing at the state level. Internally, the contradiction was hard to defend. Sacks’s argument — that the administration could not simultaneously preempt state regulation in the name of competitiveness and then impose federal regulation that achieves the same friction — was a coherent objection. The accelerationists had not just rhetoric on their side. They had ideological consistency. That made the persuasion structural, not just political.
| Component | Status after pull |
|---|---|
| 90-day pre-release review | Withdrawn from the order |
| CAISI voluntary evals | Operational, revocable |
| Treasury cybersecurity role | Removed entirely |
| State AI law preemption | In force |
The table captures the asymmetric outcome. The single most binding new requirement — a 90-day pre-release evaluation window — is gone. The voluntary CAISI program continues, which means the federal government retains evaluation capacity but loses enforcement leverage. The proposed Treasury role, which had drawn questions from the cybersecurity community because Treasury is not the natural home for software vulnerability assessment, was eliminated. Meanwhile, the administration’s earlier preemption of state AI rules remains in full effect, which means California and New York cannot fill the federal gap. The net result is a regulatory landscape where labs face less binding oversight than they did before the order was drafted, because the administration’s preemption framework has weakened state authority while its accelerationist faction has now blocked the only proposed federal replacement.
The case for the safety hawks
The first counterpoint to the accelerationist victory is that the threat the order was meant to address is not hypothetical. Per CNBC’s coverage of the Mythos rollout, Mythos identified zero-days at a pace that exceeded the patching capacity of every major operating system vendor it surveyed. Anthropic’s own engineers acknowledged that a model with Mythos’s capability in the wrong hands could compromise critical infrastructure at scale. The frontier labs themselves are the source of that warning, not external safety researchers. When the company building the model says the model is dangerous, the regulator’s silence becomes a documentable position. Future congressional inquiries will be able to ask why an administration informed of a real capability decided not to act. The legal exposure attaches to the inaction, not to the order itself.
The second counterpoint is the international dimension. Per Fortune’s earlier coverage of Mythos’s emergence, the model represented a “step change” in raw capability that prompted serious internal debate at Anthropic about whether to release it at all. The EU has spent the last year accelerating its own AI Act enforcement and pushing for cross-border cybersecurity coordination on frontier model releases. Per CNBC’s reporting on the EU access negotiations, OpenAI is already negotiating with Brussels to provide EU regulators with access to GPT-5.5-Cyber, while Anthropic has held out on giving Mythos access to European authorities. That posture is now harder to defend with the pulled U.S. order as backdrop. American labs are extending courtesy reviews to foreign governments while declining to accept binding review from their own. The political optics of that asymmetry will register in 2027 hearings even if it does not register in the markets next week.
The third counterpoint is that the voluntary regime is more fragile than it looks. Per Executivegov’s coverage of the latest CAISI agreements, the agreements with Google DeepMind, Microsoft, and xAI were specifically structured around voluntary commitments. They are revocable in writing. They depend on continued goodwill between labs and the administration. They contain no provision for what happens if a lab decides, mid-cycle, that a particular model release is too sensitive to subject to federal evaluation. A single decision by Anthropic to release a successor to Mythos without CAISI review would not breach any law. The voluntary architecture works as long as labs choose to use it. It does not work when the incentives change — and a lab’s incentives change every time the competitive calendar tightens.
The fourth counterpoint is the structural one. The reasoning that killed the order — that any federal friction sets back American labs against Chinese ones — applies to every future safety proposal with equal force. A bioweapons-related model release? Friction equals competitive loss. A model with persistent goal-directed agency? Friction equals competitive loss. A model that materially shifts the cost of mass disinformation? Friction equals competitive loss. The accelerationist argument has the structure of a closed loop. It does not specify what level of risk would justify federal intervention; it specifies that the cost of intervention is always greater than the cost of inaction. That position is, in practice, a permanent veto. The pulled order is a single instance. The doctrine that produced it is durable, and the same three phone calls will work on the next attempt. The political economy now resembles what existed for high-frequency trading regulation in 2010: an industry that has captured the relevant policy channels arguing that the cost of intervention exceeds the cost of any plausible failure mode.
The fifth counterpoint is also the most uncomfortable for the accelerationist faction. Per the National Institute of Standards and Technology’s framing of CAISI’s mission, CAISI was explicitly designed as the U.S. answer to the U.K. AI Safety Institute and the EU’s emerging evaluation infrastructure. Its credibility depends on having actual binding authority somewhere in the pipeline. The pulled order would have provided that authority. Without it, CAISI becomes a research center with privileged access to model weights but no operational hook into the deployment timeline. International peers will notice. Future cooperative evaluation arrangements — sharing test results across U.S., U.K., and Japanese safety institutes — will be harder to negotiate if the U.S. partner has no statutory backstop. The accelerationists won the domestic argument. They may have weakened the international institution-building project that was supposed to make American AI safety the global standard.
What survives when regulation doesn’t
The first thing that survives is the voluntary CAISI infrastructure. Per the Trump administration’s earlier Commerce Department announcement on AI oversight, the testing regime that the executive order would have hardened into mandate continues to operate as a voluntary program. Labs will continue to submit frontier models. NIST evaluators will continue to test them in classified environments. The relationships, the clearances, and the test harnesses remain. What is missing is enforcement, but enforcement is the slowest piece to build and was likely to face procedural challenges anyway. The infrastructure persists, which means it can be activated quickly if a future order succeeds where this one failed. The next AI safety president will inherit a working CAISI rather than a blueprint. That is a partial consolation for safety hawks, but a real one.
The second thing that survives is the political coalition. The order’s drafting required interagency consensus that crossed Commerce, Treasury, NIST, and the National Security Council. That coalition did not dissolve when the order was pulled. It is now waiting for the next political opening — a major AI cyber incident, a congressional shift in 2027, an industry-side mistake significant enough to flip the accelerationist coalition. The bureaucracy has the document. The arguments have been rehearsed inside the executive branch. The next iteration will be faster, and it will be drafted against the experience of the May 21 reversal. Past failures often produce more durable subsequent orders because the drafting team learns what counterargument to preempt. The accelerationists won a round. They did not win a permanent settlement.
The third thing that survives is the state-level constraint, though the survival is partial. Per Manatt’s analysis of Trump’s preemption order targeting state AI laws, the administration’s December 2025 order conditioning federal AI funding on state compliance with the federal framework has weakened California’s and New York’s leverage. But weakening is not elimination. California’s existing AI transparency laws remain in force. State attorneys general retain consumer-protection authority that can reach AI deployment in their jurisdictions. The federal failure to act may, paradoxically, embolden state attorneys general who view the regulatory vacuum as license. Local enforcement will fill some — but only some — of the gap left by the pulled order. Builders should plan for a patchwork rather than a vacuum.
The fourth thing that survives is the international framework. Per the U.K.’s ongoing AI Safety Institute work and the broader Bletchley process, allied jurisdictions have continued to build pre-deployment evaluation regimes that do not depend on U.S. participation. Anthropic, OpenAI, and Google DeepMind already engage with these systems voluntarily. The pulled order does not unwind that engagement. It does, however, leave the U.S. without a binding peer institution, which weakens the moral authority of American labs when they argue to Brussels or Tokyo that voluntary evaluation is adequate. The international constraint persists. The American labs will continue to feel it, just from outside their own borders.
The fifth thing that survives — and this is the part operators should plan around — is the actual cyber-offensive capability of frontier models. Per CNBC’s coverage of GPT-5.5-Cyber’s vetted access framework and Help Net Security’s technical breakdown, the capabilities that drove the executive order have not gone away because the order was pulled. Mythos’s zero-day catalog still exists. GPT-5.5-Cyber’s permissive workflows still ship to vetted users. The risk profile of frontier models continues to grow on the same curve it has been on since Google’s first AI-built zero-day disclosure in May. Regulation lagged the capability before Thursday. Regulation lags it more now. That is the operating environment.
Operator and policy checklist for the next twelve months:
- Frontier labs: Treat the voluntary CAISI relationship as your binding constraint until a future order changes the equation. Document evaluations rigorously; the next administration will demand the records.
- Enterprise security teams: Assume zero-day catalogs of the kind Mythos demonstrated will be normalized within twelve months. Plan patch cycles accordingly and accelerate adoption of AI-assisted defensive tools through frameworks like OpenAI’s Trusted Access program.
- Policy operators: The accelerationist veto is durable but conditional on the absence of a triggering incident. Position legislative drafting now so a future opening can be exploited within weeks, not months.
- Frontier model deployers: Map your release pipeline against the CAISI voluntary evaluation timeline and build internal protocols that can scale to a mandatory 90-day review window if the next administration revives the order.
- State attorneys general: The federal vacuum is your opening. Existing consumer-protection statutes already reach deceptive AI marketing, training-data sourcing, and synthetic media disclosure. The pulled order will be cited as evidence that the federal route is closed, which strengthens the state-action case in any forthcoming litigation.
- Investors: The accelerationist win removes one tail risk from the U.S. frontier-lab thesis but does not change the structural cyber-capability trajectory. Position cybersecurity defensive infrastructure as the durable hedge — the $5.3 billion in AI infrastructure orders Cisco recorded year-to-date is the most legible flow of capital into this thesis. See also our prior analysis on the Cisco AI networking order surge for the demand picture.
The deepest signal from May 21 is not about a single executive order. It is about who decides the operating envelope of the most powerful private technology in the world. Per Yahoo’s syndicated account of the lobbying campaign, the answer in 2026 is: three CEOs, one AI adviser, and a president who hates regulation. The next AI incident — and there will be one — will test whether that arrangement holds. Until then, the frontier labs will continue to release models with cyber-offensive capability into a voluntary review regime they can leave at will. The order that died Thursday is not coming back this term. But the document is in the drawer, the coalition is intact, and the next signing ceremony has already been imagined inside the Department of Commerce. The question is what has to happen in the world for it to actually take place. The accelerationists are betting on nothing. The safety hawks are betting on time. The frontier labs are betting on themselves.
In other news
OpenAI co-founder Andrej Karpathy joins Anthropic — Karpathy started this week on Anthropic’s pre-training team under Nick Joseph, after stints at OpenAI, Tesla’s Autopilot program, and his own education startup Eureka Labs. The hire signals continued researcher migration toward Anthropic as Claude’s training infrastructure scales (TechCrunch).
SpaceX files $80B IPO prospectus, the largest in history — SpaceX filed its public S-1 on Wednesday, disclosing for the first time the audited financials of its combined SpaceX-xAI entity and seeking a $1.7 trillion valuation. The filing bundled $6.4 billion in AI-related losses inside the broader business (Fortune).
OpenAI prepares confidential IPO filing — Within the same 24-hour window as SpaceX’s filing, CNBC reported OpenAI is preparing to confidentially submit a draft IPO prospectus, with Goldman Sachs and Morgan Stanley advising on the process. The company is targeting a September 2026 debut at a valuation above $1 trillion (CNBC).
Gemini 3.5 Flash hits general availability — Google made Gemini 3.5 Flash generally available, priced at $1.50 input and $9 output per million tokens with a 1M-token context window and roughly 4x the throughput of comparable frontier models. The release is Google’s bid to capture the cost-sensitive enterprise tier (CNBC).
Recursive Superintelligence emerges from stealth with $650M — The London-based AI research company, focused on building systems that can recursively improve themselves, raised $650 million at a $4.65 billion valuation. The round was led by GV and Greycroft with participation from Nvidia and AMD, co-founded by former Salesforce chief scientist Richard Socher (Tech.eu).
OpenAI opens ChatGPT Ads Manager to all U.S. businesses — Earlier in May, OpenAI launched a self-serve advertising platform with cost-per-click bidding, no minimum spend, and integration with major ad-tech firms including Adobe, Criteo, and StackAdapt. The company is reportedly targeting $100 billion in annual ad revenue by 2030 (Axios).