U.S. AI Regulation U-Turn: From Laissez-Faire Innovation to "Pre-Release Review" – Security Risks Force Policy Revolution​

On May 5th, the Trump administration unveiled a groundbreaking regulatory initiative: the White House is urgently drafting an executive order requiring tech giants such as OpenAI, Google, and Anthropic to pass federal national security reviews before releasing new advanced AI models. This move directly reverses the administration’s previous core AI strategy of "deregulation and encouraging innovation," marking the official shift of U.S. AI regulation from "post-hoc remediation" to "pre-release approval" – a policy revolution triggered by mounting security risks has officially begun.​

In the early days of the Trump administration, it maintained a laissez-faire and relaxed attitude toward the AI industry. In December 2025, Trump signed an executive order to curb "fragmented and overly ideological" AI regulation across states, establishing a unified, low-burden federal policy framework. Its core goal was to "unshackle AI innovation," unlock trillions of dollars in AI investment, and consolidate America’s global leadership in AI. In March 2026, the government re-emphasized "reducing regulatory barriers," even revoking some AI risk control measures implemented during the Biden era to fully clear obstacles for tech enterprises. In just over a year, however, the regulatory tide has completely turned. The proposed executive order centers on establishing a "pre-release review mechanism for AI models," to be led by the White House. A joint working group consisting of government officials and tech executives will be formed to develop unified security assessment procedures. The review will be co-supervised by the National Security Agency (NSA), the White House Office of the National Cyber Director, and the Office of the Director of National Intelligence (ODNI), focusing on screening potential risks of models in areas such as cyber warfare, intelligence, and the military. White House officials have briefed executives from Anthropic, Google, OpenAI, and other companies on the plan in early May, explicitly requiring new models to "pass security checks before entering the market." This reversal is no accident but an inevitable result of the intensified conflict between the rapid development of AI technology and its potential risks. As large models achieve breakthrough capabilities, their threats to national security and critical infrastructure have evolved from "theoretical conjectures" to "real crises," forcing the government to abandon its "innovation-first, security-second" approach.

The direct trigger for this sudden regulatory shift is Anthropic’s latest large model – Claude Mythos. Dubbed the "most powerful cybersecurity AI" by the industry, this model has demonstrated unprecedented vulnerability-detection capabilities, raising high alert within the U.S. government. According to informed sources, Claude Mythos has independently identified thousands of unpatched high-risk vulnerabilities in commonly used software such as mainstream operating systems and web browsers. It also possesses exceptional coding capabilities, enabling it to quickly convert vulnerabilities into exploitable attack chains, bypass security defense systems, and launch sophisticated cyberattacks. More dangerously, the model can accurately locate core vulnerabilities in critical infrastructure systems such as water and electricity, communications, finance, and healthcare. If made public, it could easily be exploited by hackers, triggering systemic security disasters that directly threaten U.S. national interests and people’s livelihoods. In fact, Anthropic itself has long been aware of these risks and has hesitated to release Claude Mythos to the public, limiting it to small-scale closed-door testing. Previous high-profile leaks of core technologies at Anthropic have further heightened government concerns: in March 2026, nearly 3,000 internal sensitive documents were leaked, including security capability assessment reports on Claude Mythos; in April, 510,000 lines of source code for the Claude Code programming tool were accidentally made public, exposing hidden features such as "undercover mode" and sparking widespread industry anxiety about the loss of AI control. The emergence of Claude Mythos has completely shattered the illusion of "controllable AI safety." The U.S. government argues that allowing unrestricted release of such ultra-powerful models would be equivalent to "publicly proliferating weapons of mass cyber destruction," leaving national security defenseless. Thus, "pre-release review" has become the only urgent damage-control measure.​

The White House’s new regulatory policy has immediately sent shockwaves through Silicon Valley, placing AI giants in a stalemate between support and opposition, and forcing the entire industry to confront the dilemma between "innovation speed" and "security control." For the government, the core objective of the review mechanism is to safeguard national security. Relevant officials have made it clear that the review is not intended to "hinder innovation" but to "screen risks." Through the review process, the government can prioritize access to AI model capabilities for defense, intelligence, and other fields while preventing high-risk technologies from falling into malicious hands. Susie Wiles, Chief of Staff to the Trump administration, has recently taken over the leadership of AI policy, stating explicitly that the government will "take a more proactive role in managing AI risks" to pave the way for the new policy’s implementation. However, from the perspective of tech enterprises, the stringent pre-release review mechanism is tantamount to an "innovation straitjacket." Executives from companies like OpenAI and Google have privately expressed that the core competitiveness of the AI industry lies in "rapid iteration and seizing first-mover advantage." The pre-review process will inevitably extend model release cycles, increase compliance costs, and erode the competitive edge of U.S. enterprises in the global AI race. Furthermore, businesses worry that core technical details may be leaked during the review, leading to the loss of trade secrets and ultimately doing more harm than good. Industry polarization is also intensifying: financially robust giants (such as Google and Microsoft) can absorb compliance costs and even use the policy to squeeze out smaller competitors; meanwhile, startups face an existential crisis, as their limited financial and technical resources make it difficult to meet the strict review requirements, potentially forcing them out of the market and further consolidating an oligopolistic industry structure.​

As a global leader in AI technology, the U.S.’s regulatory U-turn will not only reshape its domestic AI ecosystem but also exert a profound impact on the global AI governance landscape, with its demonstration effect spreading rapidly. For the global AI industry, the U.S.’s "pre-release review" policy has shattered the previous consensus on "industry self-regulation." The European Union, the United Kingdom, and other regions have closely monitored U.S. developments and accelerated the advancement of their own AI regulatory frameworks: the EU’s existing AI Act already mandates strict oversight of high-risk AI systems, and the U.S. policy shift is likely to push the EU to tighten its rules further; the UK is also developing a similar model review process, forming a transatlantic trend of coordinated strict regulation. For latecomer AI nations like China, the U.S. policy shift presents both challenges and opportunities. On one hand, the U.S. may use "security reviews" as a pretext to erect technical barriers, restricting the outflow of advanced AI technologies and exacerbating the "campization" of global AI development. On the other hand, China can learn from the U.S.’s experience in balancing "security and innovation," refine its own AI security regulatory system in line with national conditions, and reserve sufficient space for AI innovation while safeguarding national security, achieving the goal of "safe, controllable, and independent innovation."​

The U.S. AI regulatory U-turn – from laissez-faire innovation to "pre-release review" – is essentially an inevitable result of rebalancing "technological dividends" and "security risks" as AI technology matures. In the future, this "strict regulation for security" model is likely to become the mainstream trend in global AI governance, with normalized and refined regulation being an irreversible direction. For the Trump administration, the implementation of the new policy still faces numerous challenges: How to develop scientific and transparent review standards to avoid "abuse of power"? How to balance national security with corporate trade secrets to prevent technical leaks? How to coordinate relations between the federal and local governments, as well as between the government and enterprises, to form a regulatory synergy? If these issues are not properly addressed, the new policy may degenerate into "formalism" or even spark new conflicts. For the AI industry, it is crucial to recognize that the era of "unregulated freedom" has ended, and security compliance has become a "bottom-line requirement" for enterprise development. In the future, AI companies must proactively adapt to the new regulatory normal, increase investment in security R&D, and build dual core competencies of "technological innovation + security control" to achieve sustainable development under compliance requirements. At a deeper level, as a core technology leading the new round of technological revolution and industrial transformation, AI development will always be accompanied by "coexisting innovation and risks." The U.S. policy shift serves as a reminder: AI governance must neither be "laissez-faire" nor "overly restrictive." Only by finding a precise balance between "security" and "innovation" can AI technology truly benefit humanity rather than becoming a "double-edged sword" that threatens safety.