News Reaction: U.S. Executive Order on Frontier AI and Security

"When it comes to AI guardrails for addressing risks posed by new frontier models such as Mythos, there are several areas not well covered by existing international frameworks that should be focus areas for the executive order:

• Context-specific risk evaluation: Many real AI vulnerabilities stem from how systems integrate within wider IT environments, not model output alone.
• Testing methods for systemic and emergent risks as organizations integrate memory, autonomous agents and orchestration across systems.
• Robust guidance for model deployment environments, including permissioning, data access controls and AI gateway monitoring.
• And clearer boundaries between AI-caused vs. system-caused harms to inform liability frameworks.
   

The executive order needs to strike the right balance between accelerating U.S. AI innovation and ensuring advanced models are tested for risks before broader deployment. That involves:

• Security as a non-negotiable foundation: Guardrails must be in place to prevent systemic vulnerabilities that could undermine trust.
• Proportionality and flexibility: It should avoid rigid, overly prescriptive rules at early stages, and instead, adopt risk-based frameworks that can evolve with technology.
• Enable innovation by minimizing legal uncertainty: Clear interim guidelines and voluntary alignment with global standards avoid compliance paralysis.
• Plan for dynamism: Build in iterative review cycles to update rules as risks and capabilities evolve, rather than hard-coding requirements that quickly become obsolete.
   

In short, it should not sacrifice security in the name of speed, but avoid regulatory “freeze” by using staged or adaptive obligations supported by global best practice frameworks.

Voluntary guidance alone is not enough. Current risk levels, combined with the acceleration of frontier models mean relying solely on non-binding advice would leave systemic vulnerabilities unmanaged.

Instead, mandatory, risk-based requirements are necessary, but they should be staged and adaptable. Requirements should apply proportionally, focusing first on high-risk AI systems impacting safety, critical infrastructure or national security. Mandates should refer to established frameworks (e.g. NIST AI RMF, ISO) to ensure consistency and global interoperability.

The right approach is to issue high-level interim guidance now while technical standards mature, then transition to mandatory obligations once standards are published, with regular review cycles to prevent obsolescence and support innovation."