What happened
Published June 8, 2026, this interim RAND–Oxford Programme for Cyber and Technology Policy report proposes a five-domain bilateral security framework for coordinating U.S.-UK efforts to protect frontier AI development. The five domains — access and interfaces, development and supply chain, monitoring and response, personnel security, and physical security — are designed to map directly to real-world threat vectors. The report argues that bilateral cooperation between the U.S. and UK is the most effective means to 'harmonize protective controls, enhance threat intelligence-sharing, and build security interoperability across U.S. and UK AI infrastructure,' while avoiding burdensome regulation. The modular structure allows both governments to prioritise highest-impact protections and adapt to evolving risks without wholesale organisational changes. The framework explicitly addresses both technical practices and policy interventions in parallel, translating shared security objectives into coordinated bilateral action.
Why it matters
This report directly responds to the Trump AI Executive Order (signed June 2) and the intensifying U.S.-UK security coordination on frontier AI. CISOs at companies with operations in both countries, and government contractors, should expect the framework's five-domain structure to shape upcoming bilateral agreements and procurement requirements.
Action needed
Map your organisation's current frontier AI security controls against the report's five-domain taxonomy and identify gaps that could become compliance requirements under forthcoming U.S.-UK bilateral arrangements.