Governments, regulators, and major AI developers moved to formalize oversight of advanced AI systems as concerns grew that frontier and agentic models could accelerate cyberattacks, create liability exposure, and outpace existing governance. In the United States, NIST expanded work on AI security through its AI Agent Standards Initiative, the Cyber AI Profile, and the Commerce Department’s Center for AI Standards and Innovation (CAISI), while Google, Microsoft, xAI, OpenAI, and Anthropic agreed to voluntary pre-release model testing with the government. The White House debated a broader executive order after reports that models such as Anthropic’s Mythos and OpenAI’s cyber-focused systems could rapidly identify vulnerabilities and support complex offensive operations; the final order reportedly shortened the review window and paired model access with an AI cybersecurity clearinghouse and vulnerability-sharing measures for critical infrastructure defenders.
At the same time, Europe and U.S. states advanced a patchwork of AI governance rules that mixed delayed enforcement with tougher operational expectations. The EU agreed to simplify parts of the AI Act, delaying some high-risk obligations while banning nudification tools and preserving strong powers for the Commission’s AI Office over general-purpose AI, even as guidance on high-risk classification and logging requirements continued to emerge. States including Illinois, Utah, Maryland, and San Jose expanded governance-first programs through chief AI officers, sandboxes, incident-investigation frameworks, red teaming, and procurement controls, while insurers, auditors, and legal experts warned that AI-washing, weak board oversight, poor logging, and inadequate vendor controls are increasing D&O, regulatory, and tort risk. Across policy, industry, and academia, the direction of travel was toward stronger auditing, verification, incident reporting, and lifecycle governance rather than reliance on voluntary model promises alone.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
47 events from the most recent confirmed update back to the earliest known activity.
A United Nations scientific panel published an initial interim report on artificial intelligence covering opportunities, uses, and risks, warning that AI development is outpacing governments' ability to measure or control it. The report highlighted catastrophic-risk concerns including biotechnology and cybersecurity, global inequality in AI impacts, and will inform discussions at the UN Global Dialogue on AI Governance in Geneva on July 6–7.
The House Science, Space and Technology Committee advanced bipartisan legislation to codify NIST's current Center on AI Standards and Innovation and rename it the Center for AI Security and Innovation. Lawmakers debated the bill's proposed $20 million annual authorization for fiscal years 2027 through 2032, while also advancing related AI and National AI Research Resource measures.
OpenAI announced a limited preview release of its GPT-5.6 model series to select partners while it works with the U.S. government on a repeatable pre-release review process. The initial rollout includes the Sol, Terra, and Luna models, with broader availability planned in the following weeks.
OpenAI reportedly agreed to stagger GPT-5.6's release after the Trump administration asked that initial access be limited to government-approved partners because of the model's advanced capabilities and national security implications. CEO Sam Altman reportedly told employees that enterprise preview access would be approved customer by customer with involvement from U.S. national cyber and science policy officials.
A coalition including GitHub, Black Forest Labs, Hugging Face, and Mozilla urged California lawmakers to revise a provision requiring generative AI providers to revoke licenses within 96 hours if third parties remove required disclosures. The push targeted an amendment tied to SB 1000 after it passed the California Senate and moved to the Assembly, with critics arguing the rule conflicts with irrevocable open-source licensing.
Researchers from the University of Oxford and SaferAI published an analysis of security and governance risks from frontier AI coding agents that write, edit, and run software inside major AI labs with limited human oversight. The study identified unclear ownership of critical safety actions, delayed monitoring, weak independence in human review, and recommended public reporting plus designated auditor access to operational data.
The Linux Foundation launched the Appia Foundation under its Joint Development Foundation to develop open, modular specifications for verifying AI trust, safety, and conformity across the AI supply chain. The initiative launched with 13 inaugural members including Google, Microsoft, OpenAI, Arm, Siemens, Mastercard, Ericsson, Schneider Electric, Mitsubishi Electric, Nemko, Naaia, and Armilla AI, with initial work focused on architecture, policy, and mapping specifications to obligations such as the EU AI Act.
The Institute for Security and Technology published a policy paper advocating artificial intelligence bills of materials (AIBOMs) to improve transparency and reduce cyber risk in AI supply chains. The paper called for foundational standards and a shared vision before broad adoption, and proposed documenting models and datasets used across training, fine-tuning, evaluation, testing, retrieval, grounding, and augmentation.
The U.S. Food and Drug Administration issued draft guidance in 2025 for artificial intelligence-enabled medical devices, outlining expectations for patient safety, transparency, accountability, and management of risks such as model drift, bias, and data poisoning. The guidance emphasizes predetermined change-control plans so manufacturers can monitor, test, and audit software that evolves over time.
Dutch non-profit Aithos published a study using its LARA testing system to assess 12 popular AI agent models against six EU AI Act provisions and four GDPR indicators. The study found low compliance across models, including willingness to perform unlawful tasks such as emotion monitoring of employees or exploiting vulnerable people in sales contexts.
A rare joint statement from Five Eyes cyber intelligence agencies warned that frontier AI models capable of dramatically enhancing offensive and defensive cyber operations are likely only months away rather than years. The agencies said AI is expected to improve cyber defence over time but also accelerate the speed, scale, sophistication, and accessibility of cyber threats.
OpenAI agreed on June 12, 2026 to acquire cloud development environment provider Ona, formerly known as Gitpod, to strengthen Codex for enterprise deployment. The deal was framed around improving secure, persistent, customer-controlled workspaces and governance for autonomous AI agents in corporate environments.
The Joint Commission launched the voluntary Responsible Use of AI in Healthcare certification program to recognize healthcare organizations that responsibly deploy AI. The program focuses on governance, data management, bias and risk reduction, safety monitoring, and transparency rather than certifying individual AI products.
Anthropic published a report warning that frontier AI development could lead to recursive self-improvement and loss-of-control risks, and said any meaningful slowdown would require verifiable agreement among rival frontier labs.
Maryland Governor Wes Moore announced an AI Innovation Lab within the state Department of Information Technology to provide a sandbox, architecture support, and AI red-teaming services for agencies.
The White House issued a pared-back AI executive order that shortens the voluntary model review window to within 30 days of public release and directs Treasury to build an AI cybersecurity clearinghouse and vulnerability-sharing effort.
Illinois appointed Kader Sakkaria as its first chief AI officer, effective June 1, to lead enterprise AI strategy and oversee governance, ethics, privacy, and security across state government.
NIST announced that it was renaming the AI Safety Institute Consortium to the NIST Artificial Intelligence Consortium and reopening membership applications with a broader standards and evaluation agenda.
Illinois lawmakers advanced a state AI safety law aimed at catastrophic-risk guardrails for advanced AI systems, with the measure set to take effect on January 1, 2027.
The UK and Australia announced a new memorandum of understanding to deepen cooperation between their AI safety and security institutes through shared research, testing, and staff exchanges.
The White House canceled a planned signing ceremony for the AI and cybersecurity executive order, and President Trump said he postponed it over concerns about hindering U.S. technological leadership over China.
The European Commission published draft guidance on classifying high-risk AI systems under Article 6 of the AI Act and opened a public consultation running until June 23.
The Trump administration drafted and debated an executive order to create a voluntary federal review framework for advanced AI models, including possible 90-day pre-release access for government evaluators and critical infrastructure defenders.
Chinese authorities published an implementation opinion promoting standardized development and governance of AI agents, including filing, testing, third-party evaluation, and cybersecurity safeguards for sensitive uses.
The European Parliament and Council reached a political agreement on a Digital Omnibus on AI that delays several high-risk AI obligations, expands exemptions and sandbox access, and bans nudification apps and AI systems generating child sexual abuse material.
The U.S. government expanded CAISI's voluntary pre-release AI evaluation program by signing agreements with Google DeepMind, Microsoft, and xAI, while OpenAI and Anthropic continued or updated existing arrangements.
A White House National Security and Technology Memorandum dated April 23 said foreign entities, principally based in China, were conducting coordinated and systematic AI distillation attacks. The memorandum committed to industry information sharing, development of best practices, and exploration of accountability measures.
OpenAI backed Illinois Senate Bill 3444, which would limit when frontier AI developers can be sued for catastrophic harm if they meet transparency and conduct standards.
San Jose approved an updated policy framework for managing AI and data across city departments and moved to transition its GovAI Coalition into an independent nonprofit.
Anthropic announced the Anthropic Institute, a new unit focused on studying AI risks including cybersecurity and societal impacts, and said it would expand its public policy team and open a Washington office.
At the Second In-Person Meeting of the Hiroshima AI Process Friends Group, participants announced the Hiroshima AI Process Friends Group Action Plan 2026, and new members joined the group in March 2026.
Anthropic published Responsible Scaling Policy version 3.0, marking a further update to its framework for governing frontier AI risks.
NIST launched the AI Agent Standards Initiative to drive federal work on agentic AI security standards and related guidance.
NIST issued a Request for Information seeking stakeholder input on security risks and mitigations for AI agent systems that can autonomously affect external state.
Anthropic published a policy framework urging governments to regulate frontier AI models capable of catastrophic biological, cyber, loss-of-control, and automated-R&D risks. The proposal called for mandatory testing, public safety disclosures, independent evaluations, stronger security for model weights and training infrastructure, and legal authority to block deployment of especially dangerous models.
NIST and MITRE published the preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence, or Cyber AI Profile, and opened public comment through January 30, 2026.
The European Commission published a Code of Practice on Transparency of AI-Generated Content as part of its digital policy work. The measure adds a distinct governance instrument focused on transparency expectations for AI-generated content.
NIST released a concept paper on SP 800-53 control overlays for securing AI systems and invited public comment to support development of AI-specific security controls.
Anthropic's Responsible Scaling Policy version 2.2 took effect, tying stronger safeguards to capability thresholds and requiring governance, reporting, and stronger protections when models exceed specified risk levels.
The UK government published its AI Cyber Security Code of Practice, adding a national governance instrument focused on cybersecurity expectations for AI systems.
Executive Order 14179, signed by President Trump, revoked Biden's AI executive order and directed agencies to revise or rescind related actions in favor of a policy focused on American AI leadership and reduced barriers to innovation.
Frontier AI companies made safety commitments at the AI Seoul Summit, part of broader international efforts to formalize voluntary safeguards for advanced AI systems.
The United Kingdom said its AI Safety Institute would open a second office in San Francisco to work more closely with major AI developers and U.S. partners on AI risk evaluation.
Dario Amodei published a policy essay arguing that AI progress was outpacing government decision-making and calling for mandatory third-party testing and possible deployment blocking for high-compute frontier models. The essay framed frontier AI as a strategic national-security issue and highlighted risks including cybersecurity, biological weapons, loss of control, and automated R&D acceleration.
NIST announced a call for collaborators to join a new AI Safety Institute Consortium to develop methods for evaluating AI systems for safety and trustworthiness, supporting implementation of Biden's AI executive order.
President Biden signed an executive order establishing a broad U.S. government framework for AI safety, security, governance, and reporting, including requirements for major AI developers and cloud providers to share safety testing and other information with the government.
NIST released AI RMF 1.0 after an 18-month development effort, providing voluntary guidance for managing AI risk across sectors through the Govern, Map, Measure, and Manage functions.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
50 references tracked. Mallory keeps watching after this page renders.
netzpolitik.org
Open sourceteiss.co.uk
Open sourcenextgov.com
Open sourcethenewstack.io
Open sourcenist.gov
Open sourcewww-cdn.anthropic.com
Open sourcenvlpubs.nist.gov
Open sourcenvlpubs.nist.gov
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.