Illinois, New York, and California have advanced frontier AI laws that would require major model developers to implement safety frameworks, disclose risks, report incidents, and in some cases undergo independent audits, creating a patchwork of state obligations as the United States lacks a comprehensive federal regime. The measures target highly capable models increasingly used in critical infrastructure and other sensitive environments, where policymakers and security leaders warn they could enable cyber abuse such as autonomous zero-day exploitation, guardrail evasion, deception by agentic systems, and AI-assisted ransomware.
At the same time, pressure is building for a broader U.S. oversight structure for frontier models. Google DeepMind CEO Demis Hassabis called for an independent, expert-led body to evaluate advanced AI systems before release, while OpenAI said the Trump administration is developing a federal cyber-testing framework for highly capable models and argued that national institutions should lead audits, incident reporting, security standards, and whistleblower protections. Together, the proposals point toward a de facto national baseline for frontier AI governance, though unresolved questions remain around fragmented state compliance, technical rigor, transparency, and how rules would apply to downstream users and modified or embedded models.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Demis Hassabis, CEO and co-founder of Google DeepMind, proposed creating an independent professional body in the United States to evaluate frontier AI models before release. He said the organization could begin as a voluntary public-private or self-regulatory effort and later become a mandatory certification gate.
The Trump administration imposed a requirement that advanced AI models undergo a government security review 30 days before launch. Critics cited in the coverage argued the process lacked technical rigor and transparency.
The Trump administration was reported to be developing a federal framework to test highly capable AI models for cyber-related risks. OpenAI said the goal was to have the framework in place by early August.
State-level legislation in Illinois, New York, and California advanced requirements for frontier AI developers, including safety frameworks, transparency or incident reporting, and oversight or audits. The measures were described as emerging in the absence of comprehensive federal U.S. rules.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
zdnet.fr
Open sourceopenai.com
Open sourcedarkreading.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.