Tom Hundley
On June 2, 2026, two stories about frontier AI and national security landed on the same day. One came from a lab: Anthropic expanded Project Glasswing, its coalition for using a withheld frontier model to find critical software vulnerabilities, to roughly 150 new organizations across more than 15 countries. The other came from the White House: President Trump signed an executive order titled Promoting Advanced Artificial Intelligence Innovation and Security, putting the National Security Agency at the center of how Washington will measure the cyber capabilities of the most advanced AI models.
These were not coordinated events. The expansion makes no mention of the order, and the order names no company. But read together, they map the same terrain from two directions โ a private coalition racing to secure critical infrastructure with AI, and a federal government deciding how forcefully it wants to watch that capability mature. This piece examines that collision, its policy mechanics, and the governance disagreement it exposed between the industry's two largest labs. Elegant Software Solutions writes here as an analyst, not a participant.
Per the order's own text, published by the White House, Promoting Advanced Artificial Intelligence Innovation and Security builds a framework around a new and deliberately undefined category: the "covered frontier model." Rather than spell out what makes a model "covered," it directs officials to "develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models" โ and to use that process to determine which models cross the threshold.
Three mechanics matter, and they run on different clocks, so it is worth keeping them distinct:
The order is also explicit about what it is not. Its text states that "nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement" for AI development or release. CyberScoop characterized the final order as a scaled-back version of earlier drafts, one that gives AI companies "significant influence" in defining which models would be covered.
That posture drew predictably split reactions. The administration's AI czar, David Sacks, called the revised order "a game changer," noting the 30-day window would "allow frontier labs to comply without delaying new model releases," and that only models representing a "meaningful step-change" in cyber capability โ not "incremental version numbers" โ would be covered, per CyberScoop. Senator Mark Warner (D-Va.) praised parts of it but warned, in the same reporting, that the administration could "politicize" the testing regime "to pressure U.S. firms into making changes to their products or Terms of Service."
The most consequential design choice in the order is who holds the pen. By routing the capability determination through the NSA and the broader national-security apparatus, the administration framed advanced AI cyber capability as an intelligence-and-defense problem rather than a consumer-safety or civilian-regulatory one.
That framing is where the Glasswing story becomes more than a coincidence of timing. The capability the order is built to measure โ a model that can autonomously find and, in some cases, exploit vulnerabilities in critical software โ is precisely what Anthropic says its withheld Claude Mythos model demonstrates inside Glasswing. Anthropic has described partners collectively surfacing more than 10,000 high- and critical-severity flaws in under two months, and has said that for most partners "a major attack could affect more than 100 million people." A government deciding it needs a classified yardstick for cyber-capable models, and a lab demonstrating exactly that capability against power, water, and healthcare systems, are two halves of one emerging reality โ a coincidence of the calendar, a convergence of substance.
The international dimension lives more in the Glasswing expansion than in the order itself. The executive order, as published, specifies no international or allied provisions; the allied posture instead shows up in who got access to the model.
According to TechCrunch's Rebecca Bellan, the June 2 expansion spanned more than 15 countries โ including Australia, Canada, France, Germany, Italy, the Netherlands, Spain, Japan, and South Korea โ and named participants including Okta, Samsung, SK Hynix, SK Telecom, NATO, and ENISA, the European Union's cybersecurity agency. SiliconANGLE's coverage likewise listed NATO and ENISA among the new organizations.
Two cautions belong on those names. First, this is press-reported participation: Anthropic's own announcement frames the cohort by sector and geography rather than publishing a definitive roster, so NATO and ENISA should be read as reported by reputable outlets, not as Anthropic-confirmed roles. Second, an EU agency and a defense alliance on a private lab's access list raise a governance question the order does not answer. A U.S. intelligence agency setting the benchmark for "covered" models is a national instrument; the systems those models defend, and the allies relying on them, are transnational. The order's clearinghouse is a domestic, voluntary body. Glasswing's footprint is global. That gap between where the capability spreads and where the oversight sits is, in ESS's reading, the most underexamined seam of the week.
Beneath the headlines, the order surfaced a substantive disagreement between the two labs most associated with frontier capability โ about governance design, not whether to govern at all.
OpenAI broke with the White House the very next day. In a policy paper titled Democratic Governance of Frontier AI: A blueprint for a federal framework, released June 3 and reported by SiliconANGLE's James Farrell and by Cryptobriefing, OpenAI argued for mandatory third-party evaluations of advanced models โ not the voluntary participation the order describes โ and for civilian rather than intelligence-led oversight. OpenAI's preference is that evaluation authority sit with the Center for AI Standards and Innovation (CAISI), the unit inside the Commerce Department's NIST, which Chris Lehane argued has the "sophisticated testing" needed for the job. Lehane also pressed the question the classified benchmark leaves open: "when do you hit the capability threshold?"
It would be a mistake to read this as OpenAI opposing the order. Lehane called it "an important step forward" (per Cryptobriefing), and CEO Sam Altman publicly endorsed it, saying it "gets the balance right" (per SiliconANGLE). The divergence is narrower than opposition: OpenAI accepts federal review but wants it compulsory and civilian-run, while the order makes it voluntary and national-security-run. SiliconANGLE noted both OpenAI and Anthropic have already shared information with CAISI โ so the disagreement is over the legal form and institutional home of evaluation, not the principle.
Where does Anthropic sit on this axis? Here ESS is careful: Anthropic has not, in the reporting reviewed for this piece, issued a public position on the executive order itself, and it would be wrong to invent one. What is documented is Anthropic's behavior โ and that behavior anchors the voluntary-self-governance pole. Anthropic built Claude Mythos and chose not to release it for general availability, describing that non-release as a voluntary dual-use judgment rather than a tripped threshold under its Responsible Scaling Policy. The most powerful cyber-capable model in this story is being withheld not because a regulator required it, but because its developer decided to โ self-governance in its purest form.
So the fault line resolves into a clean question with no settled answer. OpenAI's position: evaluation should be mandatory and civilian-overseen, because voluntary regimes bind only the conscientious and national-security control invites politicization. The self-governance position, embodied by Anthropic's withholding of Mythos: the labs closest to the capability can move faster and more responsibly than statute, and the order's voluntary framing leaves room for exactly that restraint. The order, by forbidding mandatory licensing, picks the second frame โ for now.
ESS takes no side. A voluntary regime that depends on the goodwill of the most cautious actor is fragile by construction: the moment a less cautious lab fields a comparable model, the restraint of the careful one protects no one. But a mandatory, civilian regime is not self-evidently better if it is slow, captured, or outpaced by the technology it is meant to gate. June 2, 2026 did not resolve the question โ it only drew the two poles in sharp relief.
One note on what is not above. Some coverage in this window made far more dramatic claims โ that Anthropic embedded engineers inside the NSA for offensive operations, or sued the Pentagon. ESS found those claims in a single low-credibility outlet and in no reputable primary or major-press source, and has excluded them. Where a claim could not be grounded in the order's text or in named, reputable reporting, it does not appear here โ the line between analysis and rumor a national-security story has to hold.
Did Anthropic's Glasswing expansion and the Trump executive order happen because of each other?
No. Both were dated June 2, 2026, but TechCrunch's expansion coverage makes no mention of the order, and the order names no company. The thematic connection โ a lab demonstrating cyber-capable AI on the same day a government decides how to benchmark it โ is ESS's analysis of two independent events, not a documented coordination.
What is a "covered frontier model" under the executive order?
The order does not define it outright. Per the White House text, it directs Treasury, the NSA, and CISA to build a classified benchmarking process for assessing a model's advanced cyber capabilities, with the NSA Director making the final "covered" determination. The threshold itself is classified.
Is the 30-day government review mandatory?
No. The order describes a voluntary window in which developers may give the federal government access for up to 30 days before releasing a model to other trusted partners. CyberScoop reported this was scaled back from a 90-day requirement in earlier drafts, and the text explicitly bars any "mandatory governmental licensing, preclearance, or permitting requirement."
How does OpenAI's position differ from the order?
Per SiliconANGLE and Cryptobriefing, OpenAI's June 3 paper Democratic Governance of Frontier AI calls for mandatory third-party evaluations overseen by a civilian body โ the Commerce Department's CAISI โ rather than the order's voluntary, NSA-led approach. OpenAI did not oppose the order: Chris Lehane called it "an important step forward" and Sam Altman said it "gets the balance right."
Did Anthropic publicly support or oppose the executive order?
Based on the reporting reviewed here, Anthropic did not issue a public position on the order itself. Its documented stance is its voluntary decision to withhold Claude Mythos from general release โ a dual-use judgment rather than a regulatory requirement. ESS presents that as the clearest example of the voluntary pole, not as an Anthropic statement about the order.
Are NATO and ENISA officially Glasswing partners?
NATO and ENISA are reported as new participants in the June 2 expansion by both TechCrunch and SiliconANGLE (SiliconANGLE citing the Financial Times). Okta and Samsung are reported by TechCrunch relaying the Financial Times, not by SiliconANGLE. ESS treats all of these names as press-reported rather than Anthropic-confirmed, because Anthropic's own announcement frames the expanded cohort by sector and geography rather than publishing a role-attributed roster.
Discover more content:
