The White House signalled a major shift in AI governance on 7 May when National Economic Council Director Kevin Hassett revealed that the administration is drafting an executive order to create an FDA-style evaluation process for frontier AI models before they can be deployed commercially. The comparison to pharmaceutical regulation is deliberate — Hassett described a framework where models would undergo structured safety and capability assessments before public release, similar to how new drugs must clear clinical trials.
The catalyst is cybersecurity. Anthropic's Claude Mythos Preview recently became the first AI model to complete the UK AI Security Institute's 32-step 'The Last Ones' cyber-attack simulation, succeeding in 3 of 10 runs with a 73 per cent success rate on expert-level offensive security tasks. OpenAI's GPT-5.5 matched this capability three weeks later. The AISI now estimates that frontier cyber-offence capability is 'doubling every four months'.
Separately, the Center for AI Standards and Innovation announced agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations of their models. Notably, OpenAI and Anthropic are not yet part of these agreements, though both companies have their own internal evaluation frameworks.
For context engineers, the practical impact depends on how prescriptive the executive order becomes. If model providers must submit to government evaluation before releasing updates, the pace of frontier model releases could slow considerably. If the framework is limited to cybersecurity capabilities — offensive tooling, vulnerability discovery, autonomous exploitation — the impact on general-purpose coding and reasoning models would be minimal. The draft is expected within weeks, and AI policy observers note that the FDA comparison may be more aspirational than practical given the speed of model development cycles.
