Trump Cancels Voluntary AI Model Vetting Executive Order Hours Before Signing

President Trump pulled an executive order establishing voluntary 90-day government reviews of frontier AI models hours before a scheduled White House signing ceremony on May 21, 2026, following opposition from former AI czar David Sacks and industry executives including Elon Musk and Mark Zuckerberg. The seven-page draft obtained by Politico explicitly stated reviews would be voluntary and prohibited mandatory licensing, but Sacks warned Trump that the framework could slow innovation, disadvantage the U.S. against China, and be manipulated by future administrations into mandatory controls. The order had been negotiated with Treasury Secretary Scott Bessent and National Cyber Director Sean Cairncross, who were not informed of the cancellation until after Trump made the decision. Both Musk and Zuckerberg confirmed they spoke with Trump only after the event was canceled.

The cancellation reveals deep fractures in U.S. AI policy between cybersecurity imperatives and economic competitiveness. National Cyber Director Cairncross has repeatedly emphasized that advanced AI models like Anthropic's Mythos can discover vulnerabilities faster than human defenders can patch them, and Treasury Secretary Bessent convened urgent Wall Street meetings in April 2026 warning banks about AI-driven cyber risks. The draft order represented the administration's attempt to address those risks without imposing binding obligations — yet even that voluntary framework proved too constraining for the tech industry. For AI security practitioners, the outcome signals that federal AI oversight will remain fragmented and industry-led for the near term, placing greater responsibility on enterprise security teams to govern AI adoption without regulatory scaffolding.

CISOs should not wait for federal AI safety standards. Establish internal governance frameworks now: maintain an AI asset inventory (models, agents, MCP servers, gateways), define approval workflows for frontier model adoption, map AI supply chain dependencies, and update incident response playbooks to address AI-accelerated vulnerabilities. Document your AI governance posture for board reporting — regulatory expectations may shift quickly if a high-profile AI-driven breach occurs.