Introduction
On June 5, 2026, U.S. President Donald J. Trump signed National Security Presidential Memorandum-11 (NSPM-11, hereinafter referred to as Memorandum 11), which instructs the military and the intelligence community to accelerate the adoption of artificial intelligence (AI) and rescinds and replaces National Security Memorandum 25 (NSM-25), issued by the Biden administration in October 2024. Three days earlier, on June 2, Trump also signed the Executive Order titled Promoting Advanced Artificial Intelligence Innovation and Security (hereinafter referred to as the June 2 Executive Order), establishing a voluntary framework for assessing the cyber capabilities of frontier AI models.
The successive release of these two documents indicates that the Trump administration’s AI policy has not abandoned its innovation-first, low-regulation orientation, but has clearly strengthened government intervention within the national security domain. Over the past year and a half, the Trump administration first dismantled the Biden-era AI regulatory framework and promoted infrastructure investments such as Project Stargate, signaling a deregulatory approach toward the AI industry. Subsequently, through the Genesis Mission, the June 2 Executive Order, and Memorandum 11, it has gradually integrated AI capability building into the country’s scientific research, national security, military, and intelligence systems.
Viewed from this perspective, the United States is not simply shifting from deregulation to regulation. Instead, while accelerating innovation, it is attempting to enhance the government’s visibility into frontier AI capabilities, expand its authority to coordinate their development and use, and strengthen its control over their deployment. This shift will reshape domestic government-enterprise relations and may spill over into competition over global AI rules, technical cooperation networks, and the safety governance of military AI.
I. Trend Assessment: The New National Security Memorandum and the Building of U.S. State Capacity in AI
1. Reshaping Military and Intelligence Uses of AI: Adoption, Adaptation, Assurance, and Accountability
At the outset, Memorandum 11 establishes four pillars: Adoption, Adaptation, Assurance, and Accountability.
At the adoption and adaptation levels, Memorandum 11 requires the Department of War (formerly the Department of Defense), the Office of the Director of National Intelligence (ODNI), and related national security agencies to review and update AI procurement processes within 120 days. It calls for the rapid onboarding of advanced AI models from multiple vendors, reducing the national security enterprise’s reliance on any single model or vendor and accelerating the military and intelligence community’s transition toward a multi-model, multi-vendor architecture. The White House simultaneously disclosed plans to build out next-generation, high-security computing infrastructure and establish an AI National Security Strategic Reserve of top non-governmental experts.
At the assurance level, Memorandum 11 sets specific requirements for the reliability of AI systems: they must be “reliable, robust, steerable, and controllable,” while ensuring system-wide security.
More critically, it introduces a strict contractual mechanism to ensure that “no commercial entity or adversary possesses the capability to prevent use of, disable or degrade, or materially modify” an AI system without Federal Government knowledge and approval. An analysis by the Council on Foreign Relations (CFR) suggests that this clause is directly linked to the Pentagon’s dispute with Anthropic, indicating that the White House intends to reduce the latitude available to commercial vendors to unilaterally interrupt, degrade, or modify model services in national security missions.

On June 5, 2026, U.S. President Donald J. Trump signed National Security Presidential Memorandum-11 (NSPM-11).
Source: The White House
At the accountability level, Memorandum 11 anchors responsibility for AI use within military and intelligence chains of command. Michael Horowitz, a Senior Fellow at the Council on Foreign Relations and a former Deputy Assistant Secretary of Defense, remarked that this approach to assigning responsibility exhibits significant continuity with the Biden-era framework. The difference is that, while the Biden administration emphasized testing and evaluation through civilian institutions such as NIST and the development of international norms, Memorandum 11 further embeds the assurance framework within national security contracts and military-intelligence systems.
Furthermore, to manage the rapid evolution of AI capabilities, Memorandum 11 instructs the Secretary of War to update DoD Directive 3000.09 on Autonomy in Weapon Systems within 90 days and review it annually. This effectively leaves institutional room for the United States to update its autonomous weapons governance policies and adjust human oversight and chain-of-command responsibility arrangements.
2. Policy Evolution and Recalibration
To understand the historical significance of Memorandum 11, one must observe it within the broader trajectory of AI policy development during Trump’s second term.
The first step was dismantling the institutional constraints left by the previous administration. On January 20, 2025, his first day in office, Trump revoked Biden’s AI regulatory executive order (EO 14110). On January 23, he signed the executive order titled Removing Barriers to American Leadership in Artificial Intelligence, shifting the policy focus from risk governance to innovation-driven growth. Project Stargate, announced that same month, sought to strengthen the foundation of U.S. AI capabilities through large-scale infrastructure investment.
The second step was consolidation, with the government actively guiding industrial resources through institutional arrangements. In July 2025, Winning the Race: America’s AI Action Plan was released, advancing the administration’s policy agenda across innovation, infrastructure, and international AI diplomacy. On November 24 of the same year, Trump signed the “Genesis Mission” executive order, integrating AI into national energy, science, and security infrastructures. Led by the Department of Energy, this initiative integrated national laboratory supercomputing, secure cloud environments, and federal datasets to construct the American Science and Security Platform. At this stage, the state was no longer merely deregulating industry, but was beginning to actively steer computing power, data, models, and scientific research infrastructure toward strategic objectives.
The third step was direct intervention, with national security departments taking a more active role in model deployment, vendor management, and the setting of usage boundaries. In 2026, the intensity of state intervention scaled further. Anthropic was designated as a “supply chain risk” by the Pentagon after refusing contract provisions that allowed “any lawful use,” insisting instead on retaining restrictions against autonomous weapons and domestic mass surveillance. Although a federal court subsequently issued an injunction against this designation, the incident demonstrated that the U.S. government was unwilling to accept commercial AI vendors maintaining independent “red lines” within national security contracts.
Against this backdrop, the focus of Memorandum 11 is not merely to drive the military and intelligence agencies to utilize AI, but rather to redefine the relationship between the government and frontier AI enterprises. While the U.S. government still seeks to maintain the pace of innovation in the AI industry, it has also begun requiring companies to accept greater government coordination and tighter constraints in national security contexts, thereby gradually adjusting its strategic perception of the AI industry across two dimensions:

Anthropic’s new AI model comes with extensive restrictions, promoting strong user backlash.
Source: The Wall Street Journal
First, it acknowledges that frontier AI carries significant national security externalities, marking a shift by the government from passive response to limited, proactive intervention. The leap in frontier AI capabilities is no longer viewed merely as a matter of industrial competition, but has increasingly been brought within U.S. frameworks for national security and critical infrastructure protection. The vulnerability discovery and exploitation capabilities demonstrated by Anthropic’s Claude Mythos Preview model in April 2026 served as an important case in U.S. policy discussions of the cyber risks posed by frontier models, providing a real-world backdrop for the June 2 Executive Order’s specialized assessments of “advanced cyber capabilities.”
In other words, the U.S. government has realized that frontier AI functions both as an asset of national power and a potential source of symmetrical security exposure, and has consequently begun seeking earlier visibility into these technologies and limited scope for intervention within a voluntary cooperation framework. The arrangements for trusted partners in the June 2 Executive Order may appear on the surface to be a procedural mechanism for granting early access to frontier models, but substantively, they reflect that the release and diffusion of frontier model capabilities are no longer determined solely by companies based on commercial timelines; national security policy has also begun to shape this process.
This arrangement aligns with the Trump administration’s broader approach of advancing selective technology sharing via trusted partners. It indicates that the United States is placing domestic AI capacity integration and the selection of partners for external technology cooperation within the same policy framework.

U.S. Commerce Secretary Howard Lutnick
Source: Associated Press
Second, it aligns leading AI laboratories more closely with national strategic goals, redrawing the boundary between the state and industry. The prohibition on disabling deployed systems in Memorandum 11 and the government’s role in selecting trusted partners under the June 2 Executive Order effectively transform a company’s safety and compliance record into a condition for access to the national security market. The Anthropic dispute demonstrates that when an AI enterprise attempts to preserve its own value-based restrictions in a national security contract, the government’s response is to characterize it as an improper intervention in the military’s right to use the technology, leveraging statutory tools designed primarily to address threats from foreign or hostile actors. Although a federal court ultimately issued an injunction, the logic of this dispute is clear: under the U.S. government’s policy framework, the operational space for AI vendors to maintain independent red lines in national security contracts is narrowing.
Furthermore, the precise mechanisms of these red lines have yet to be clarified. Michael Horowitz pointed out that the key to a framework centered on the chain of command and compliance with the law lies not in the text but in its implementation, which remains in question. He noted that a visible trust deficit has emerged between the White House and Congress on AI issues. Over the past year and a half, the White House has repeatedly demonstrated its belief that “executive power has no constraints,” heightening concerns that part of the Trump administration may not willingly abide by rules established by Congress.
Technology-policy figures such as David Sacks, the White House AI and Crypto Czar, have placed greater emphasis on maintaining model iteration speed and preventing safety reviews from becoming a form of de facto pre-release approval. The June 2 Executive Order’s final adoption of a 30-day voluntary early access framework, rather than the longer and more stringent review arrangements present in early drafts, reflects this preference. Although Memorandum 11 has drawn red lines, it does not specify whether the authority to draw them resides with Congress, the courts, or the executive branch. Consequently, the red-line mechanism of Memorandum 11 is more of a policy posture than a credible political commitment.
However, the implementation of these policies still faces tensions and limitations. According to a recent Axios report, on June 12, the Trump administration moved to block foreign governments, corporations, and individuals from accessing and utilizing Anthropic’s most advanced AI models. The report said that U.S. Commerce Secretary Howard W. Lutnick sent a letter to Anthropic CEO Dario Amodei on June 12, stating that Claude Mythos 5 and Claude Fable 5 would be subject to U.S. export controls covering all locations outside the United States and all foreign persons within the country. According to Reuters, the Department of Commerce was concerned that such models could be acquired by military or intelligence users in countries like China and Russia, and invoked its authority over emerging technologies under the Export Control Reform Act. Anthropic subsequently disabled global access to the models and dispatched technical personnel to consult with the Department of Commerce on a restoration pathway. Against this backdrop, the new restrictive order reflects an escalation of this securitization trend and indicates that the dispute between the Trump administration and Anthropic will be extended to a broader policy level.
This incident itself also clearly demonstrates the reliance of the U.S. defense and intelligence systems on Anthropic; moreover, a ban does not equate to a rapid or clean break. Concurrently, certain U.S. security agencies have not entirely given up on frontier models. According to reporting and expert assessments cited by the defense media outlet Breaking Defense, the National Security Agency (NSA) continues to utilize the Mythos Preview, an earlier, restricted-access version that is distinct from Fable 5 and Mythos 5, whose public access was disabled.
Furthermore, this model’s vulnerability discovery capabilities give it significant value for cyber operations, making it difficult for agencies like the NSA to easily discard it. Viewed in this light, Memorandum 11 reveals an internal contradiction: it instructs agencies to terminate contracts with AI firms that repeatedly act inconsistently with its policies, yet allows limited waivers when continued cooperation is necessary to responsibly safeguard U.S. national security. How the rigor and scope of implementation are coordinated across agencies and systems will therefore be a key issue to watch.
From an agency perspective, the Department of Commerce focuses on capability leakage risks, while security agencies like the NSA focus on the strategic value of the models’ capabilities. Amidst this interagency tension, the model governance agenda must simultaneously secure vendor cooperation with national security requirements and take into account the practical need for advanced models in specific agency missions. This divergence explains why collaborations did not immediately cease after Anthropic’s conflict with the Pentagon. Previously, the Pentagon believed Anthropic’s restrictions on certain military uses impaired the performance of contracted missions, prompting it to require a gradual phase-out of the company’s products. However, public information indicates that the phase-out measures did not take effect immediately, with some agencies retaining transitional arrangements; thus, existing deployments of models such as Mythos Preview were not immediately halted. The limited waiver mechanism established by Memorandum 11 appears, to some extent, designed precisely to address these operational realities.
II. Impact Assessment: Understanding the Shifts in U.S. AI Policy
1. The Technology Dimension: Security Screening and Access to Cooperation
Another important shift introduced by Memorandum 11 lies in its organization of previously fragmented, selective arrangements into departmental mandates, procurement processes, and security cooperation mechanisms. The filtering logic for technical cooperation and technology access has begun to transcend ad-hoc, case-by-case handling and become institutionalized within the U.S. AI security architecture.
First, it strengthens intelligence collection and sharing mechanisms, shifting AI technical assessments from an internal process toward coordination with allies. The document instructs the Director of National Intelligence (DNI) to prioritize the collection and analysis of foreign AI technologies that could present a threat to “United States national security, economic security, and strategic competitiveness,” encompassing the AI technology stack, AI applications and uses, and AI governance policies. The Secretary of State, in consultation with the DNI, is required to formulate a strategy to engage with allies and partners to share findings from these analyses. Consequently, AI technology assessments will no longer function merely as internal judgements by U.S. security agencies, but will also serve as a basis for external communication, risk labeling, and ally-partner mobilization. Differences in technological capabilities may be further translated into differences in security postures, thereby influencing the policy positioning of various actors within international AI rule discussions.

A service member with the U.S. Military’s 175th Cyber Operations monitors cyberattacks during Exercise Southern Strike at Camp Shelby, Mississippi.
Source: Associated Press
Second, it reshapes government-enterprise relations through security cooperation, drawing the frontier AI supply chain closer to the national security apparatus. Section 4(c) of Memorandum 11 requires the Secretary of War, the Secretary of Energy, the Director of National Intelligence, and the Director of the National Security Agency, acting through the AI Security Center, to establish partnerships with voluntarily participating private enterprises within 120 days to protect the nation’s most advanced AI technologies from threats such as “malicious distillation attacks.” This collaboration includes threat intelligence sharing, joint AI red-teaming exercises, personnel vetting assistance, and the reinforcement of physical and cybersecurity at data centers. While framed as technical security cooperation, this arrangement links leading AI laboratories, cloud computing firms, and data center operators more tightly with national security agencies. It further reduces corporate discretion over safety boundaries, partner selection, and how technologies are made available, embedding the frontier AI supply chain more deeply in the development of U.S. national security capabilities.
Third, it reshapes access arrangements through release pacing, constructing tiered channels around frontier AI technology cooperation. The June 2 Executive Order establishes a voluntary framework under which AI developers may provide the Federal Government with access to covered frontier models for up to 30 days before releasing them to other trusted partners. Memorandum 11 further requires updates to procurement processes to enable the national security enterprise to rapidly onboard advanced models from multiple vendors, bridging the capability gap between what is available to the public and to the national security workforce. Operating in tandem, the two documents construct tiered channels spanning pre-release testing, trusted partner access, and government procurement deployment. Going forward, access to frontier models will depend not merely on market purchasing power, but also on an enterprise’s security profile, cooperative relationships, and level of institutional trust.
Viewed in this light, selective arrangements for technology cooperation have begun to be embedded in institutional processes. Allies and enterprises within the inner circle are required to accept U.S. technical standards, security requirements, and information-sharing arrangements. Meanwhile, the opportunities for actors outside the circle to access frontier models, computing resources, and evaluation architectures may narrow further. As procurement, access, intelligence, and diplomatic tools are incorporated into the same policy framework, the external orientation of U.S. AI technology cooperation will become clearer, and the global diffusion of frontier AI capabilities may consequently take on a more pronounced bloc-based pattern.
2. The Security Dimension: Military Use of AI and Risk Governance
Memorandum 11 accelerates the integration of AI into the U.S. military and intelligence systems, extending AI safety concerns from corporate compliance to military decision-making and crisis management. The document requires the Secretary of War to update DoD Directive 3000.09 within 90 days and provides for the issuance of a classified annex addressing sensitive national security issues. Because these operational details will not be fully disclosed, it remains difficult for outside observers to evaluate how the United States will adjust specific rules regarding autonomous weapons, human oversight, and command responsibility.
More notably, as AI is integrated into intelligence analysis, battlefield awareness, and decision support, it may alter the speed of information processing during military crises. While models can improve the efficiency of identification, screening, and response, they may also amplify problems stemming from data bias, erroneous correlations, and over-automation. In a highly tense security environment, more information and faster processing do not necessarily lead to sounder judgements. If model outputs are over-trusted, or if different systems lack cross-validation mechanisms, localized friction could be interpreted more quickly as a strategic signal, thereby elevating miscalculation risks.
Compared to the domain of nuclear arms control, military AI has yet to establish mature crisis communication mechanisms. Various actors possess limited visibility into their competitors’ AI deployment scope, usage boundaries, and degrees of human oversight, and lack stable channels for incident notification and risk de-escalation. In this scenario, one country’s accelerated use of AI in military and intelligence activities is likely to prompt corresponding adjustments by others, generating competitive pressure to catch up. The issue is not that AI will necessarily lead to crisis escalation, but that the integration of AI into military and intelligence processes will require traditional crisis management mechanisms to contend with faster information cycles and less transparent technical systems.

In May 2026, the U.S. Department of Defense announced agreements with eight AI firms, including SpaceX and OpenAI, to deploy their AI capabilities across its classified networks.
Source: Associated Press
As the United States accelerates the integration of frontier AI into its military and intelligence systems, other major countries will closely observe these developments and adjust their own policies. Against this backdrop, military AI governance should not focus solely on the safety of corporate AI models, but should also address how states utilize AI, how human judgment is preserved, and how crisis communication channels are established. This also presents new challenges and creates further scope for improvement in global AI safety governance.
III. Conclusion
Judging from the current policy trajectory, the state-centric orientation of U.S. AI policy is likely to continue, but it may not take the form of comprehensive regulatory tightening. Instead, it is more likely to exhibit a parallel configuration characterized by a low regulatory burden on the industrial side and strong government intervention on the security side. The Trump administration still seeks to sustain the innovation speed of frontier U.S. AI firms and remains reluctant to have the Federal Government bear the burden of approving and regulating every model release. However, in areas involving the military, intelligence, critical infrastructure, and the cyber capabilities of frontier models, the government is demanding earlier intervention, stronger coordination, and more consistent control over deployment.
New shifts in U.S. AI governance and regulatory policies will also introduce new spillover impacts on global AI governance. The United States’ use of security assessments to screen partners for technology cooperation reflects that the diffusion of frontier AI capabilities is increasingly dependent on security profiles and institutional trust. Other open-source innovators, as well as countries in the Global South, may be excluded from this unidirectional security framework and face higher barriers to accessing frontier AI technical capabilities.
Consequently, global AI competition may no longer be confined to a pure rivalry over model capabilities, but may also evolve into a contest over cooperative eligibility and participation rights in rule-making. The international community also calls for more inclusive and broadly beneficial mechanisms for multilateral governance and technology cooperation. The way forward is to expand support for capacity building, open innovation, and resource sharing so that more countries have the technical capabilities to participate in governance and global AI can truly develop in a beneficial and inclusive direction.
Author
Yao Xu, Xin Yanyan, Zhang Ao, Yuan Luming, Zhong Yifei and Yu Yue from the Research Office of CGAIG
Original URL: https://mp.weixin.qq.com/s/w92_C7BtF7JBPakvjxqb8Q
References
https://www.whitehouse.gov/presidential-actions/2026/06/national-security-presidential-memorandum-nspm-11/
https://www.whitehouse.gov/fact-sheets/2026/06/fact-sheet-president-donald-j-trump-signs-historic-directive-on-ai-in-the-national-security-enterprise/
https://www.whitehouse.gov/presidential-actions/2026/06/promoting-advanced-artificial-intelligence-innovation-and-security/
https://www.whitehouse.gov/fact-sheets/2026/06/fact-sheet-president-donald-j-trump-promotes-advanced-artificial-intelligence-innovation-and-security/
https://www.whitehouse.gov/wp-content/uploads/2025/07/Americas-AI-Action-Plan.pdf
https://www.whitehouse.gov/fact-sheets/2025/12/fact-sheet-president-donald-j-trump-ensures-a-national-policy-framework-for-artificial-intelligence/
https://www.whitehouse.gov/presidential-actions/2025/12/eliminating-state-law-obstruction-of-national-artificial-intelligence-policy/
https://www.presidency.ucsb.edu/documents/national-security-presidential-memorandum-artificial-intelligence-the-national-security
https://www.cfr.org/articles/what-trumps-national-security-ai-memo-gets-right-and-leaves-unresolved
https://www.cfr.org/articles/assessing-trumps-executive-order-on-ai-oversight
https://www.benton.org/blog/president-trump-signs-directive-reshaping-how-military-and-intelligence-community-use-ai
https://www.washingtonpost.com/technology/2026/06/02/trump-signs-order-designed-give-government-early-look-powerful-ai-models/
https://www.techpolicy.press/trump-signs-previously-shelved-ai-executive-order/
https://www.cnbc.com/2026/06/02/trump-executive-order-ai.html
https://www.reuters.com/technology/us-says-it-will-speed-development-use-ai-national-security-2026-06-05/
https://www.nytimes.com/2026/02/18/technology/defense-department-anthropic-ai-safety.html
https://www.npr.org/2026/03/06/g-s1-112713/pentagon-labels-ai-company-anthropic-a-supply-chain-risk
https://www.washingtonpost.com/technology/2026/03/26/pentagon-anthropic-national-security-risk-order-blocked/
https://www.cnn.com/2026/03/26/business/anthropic-pentagon-injunction-supply-chain-risk
https://www.anthropic.com/news/statement-department-of-war
https://www.lw.com/en/insights/president-trump-signs-executive-order-establishing-ai-cybersecurity-and-frontier-model-framework
https://www.wiley.law/alert-New-AI-Executive-Order-Addresses-Frontier-Models-and-Cybersecurity-Vulnerabilities
https://www.reuters.com/business/eu-targets-big-tech-dependence-with-made-in-europe-drive-2026-06-03/
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
https://www.un.org/global-dialogue-ai-governance/en
https://www.unesco.org/en/articles/global-dialogue-ai-governance-geneva-6-7-july
https://www.un.org/independent-international-scientific-panel-ai/en/faq
https://docs.un.org/en/A/RES/79/325
https://www.cnas.org/publications/reports/ai-and-international-stability-risks-and-confidence-building-measures
https://carnegieendowment.org/research/2026/05/chinas-pivot-on-global-ai
https://www.chathamhouse.org/2026/03/breaking-deadlock-ai-governance/02-barriers-global-ai-governance
https://www.atlanticcouncil.org/dispatches/eight-ways-ai-will-shape-geopolitics-in-2026/
https://www.ft.com/content/e2980d15-b593-4946-8f2f-fecf2b543e1a?syn-25a6b1a6=1

