The Last Holdout: Washington Presses Meta to Open Its AI to Federal Security Review

Reporting says every other major US lab has agreed to let government evaluators study its most powerful models before release. Meta has not, and the timing points straight at its newest system.

The Trump administration has spent recent weeks quietly pushing Meta to hand its most capable artificial intelligence models to federal evaluators for security testing, according to a New York Times report published Tuesday that cited four people familiar with the confidential request. The outreach arrived by email, the paper said, as Washington tightens its grip on the frontier of AI development.

What makes the request stand out is who sits on the receiving end. Among the small group of American companies building the world's most advanced AI systems, Meta is the only one that has not agreed to share its models with the government for pre-release review.

The reviews are voluntary, at least on paper. The point is to give federal evaluators a clear look at what a model can do and where it breaks, so officials can flag dangers, such as help with a cyberattack or military misuse, before a system reaches hundreds of millions of users. Meta has not publicly confirmed the contents of those email exchanges, and the account rests on the Times' sources rather than any statement from the company itself.

A Meta spokesperson, Francis Brennan, told the paper that the company supports the goal of keeping the United States ahead on secure frontier AI and expects to finalize an agreement before long. That puts the matter on a clock of Meta's own setting, even as the gap between the request and a signature stays open.

A request, not a rule

The framework behind all of this traces back to an executive order President Trump signed on June 2, titled "Promoting Advanced Artificial Intelligence Innovation and Security." It invites developers of what the order calls "covered frontier models" to offer those systems to the government for as long as 30 days before releasing them to outside partners.

Two features of the order matter for the Meta standoff. Participation is optional, and the text goes out of its way to say it does not create any licensing or permitting requirement for building or shipping AI models. The government cannot compel a company to take part, which leaves an obvious question hanging over the whole design: what happens when a developer simply declines?

Reaching that voluntary structure took a fight inside the administration. An earlier draft, nearly issued in May, would have given evaluators a 90-day review window. Trump pulled it at the last minute, telling reporters he did not want to slow American firms racing against China. The version signed in June trimmed the window to 30 days, a compromise that White House AI adviser David Sacks pressed for to keep the largest labs from being boxed in by federal red tape.

The order also stands up a classified benchmarking process, run with input from the National Security Agency, to decide which systems are powerful enough to count as covered. Where that line gets drawn will settle whether the rules touch only a handful of flagship releases or a far wider band of models.

Why Meta, and why the timing fits

Meta's place at the back of the line is no accident of scheduling.

In April, the company shipped Muse Spark, the first model out of its Meta Superintelligence Labs unit, the team assembled under Chief AI Officer Alexandr Wang after Meta poured $14.3 billion into a stake in the data firm Scale AI. The release marked a sharp break from the company's history. For years Meta built its AI reputation on Llama, a family of open-weight models that anyone could download and modify. Muse Spark is closed. Its weights and training code stay private, and Meta now treats its strongest AI as commercial property rather than a public resource.

A government hunting for early access to frontier systems would naturally circle the developer that just launched a flagship behind locked doors.

The stakes for Meta are enormous. The company has guided toward $115 billion to $135 billion in capital spending this year, much of it aimed at the infrastructure underneath models like Muse Spark, and it is not inclined to hand over the crown jewels of that investment without firm guarantees. Its shares closed Tuesday at $562.20, little changed on the day, as investors weighed how government access might shape future launches.

The timing cuts another way too. Meta's AI operation has been through a rough stretch, including a security lapse that reportedly exposed sensitive internal training material. That complicates any conversation about who gets to peer inside the company's models and under what protections.

The Anthropic episode hanging over the talks

To grasp why Washington is leaning on Meta right now, look at what happened to Anthropic less than two weeks earlier.

On June 12, Commerce Secretary Howard Lutnick sent Anthropic CEO Dario Amodei a letter placing the company's two most powerful models, Mythos 5 and Fable 5, under export controls. The directive barred any foreign national from using them, including foreign employees inside Anthropic itself. To stay compliant, the company said it had no choice but to switch off both models for every customer, only days after Fable 5 had gone public.

The trigger, as far as Anthropic could tell, was a reported method of jailbreaking Fable 5, a way around the model's built-in guardrails. Anthropic pushed back on the idea that this justified recalling a commercial product used by hundreds of millions of people. It said it had reviewed a demonstration of the technique and found that it surfaced only a few already-known, minor software flaws that other public models could uncover on their own.

What rattled officials was the broader capability. Anthropic's Mythos technology is unusually skilled at locating vulnerabilities buried deep in software, some of which had gone unnoticed for years. That talent helps defenders patch their systems, and the same skill looks like a weapon in an adversary's hands. The episode showed how readily Washington would now treat a single AI model as a national security matter, and how fast it would move.

It also landed in the middle of an existing feud. The Pentagon had already branded Anthropic a "supply chain risk" after the company refused to let the military use its models for mass surveillance and autonomous weapons systems, and Anthropic is suing the government over that designation.

For Meta, the lesson reads two ways. Cooperation has not spared other labs from friction, yet refusing to engage at all could invite exactly the kind of blunt intervention that froze Anthropic's flagship overnight.

What a federal review would actually involve

For all the pressure, the substance of these reviews stays thin.

The stated aim is to find weaknesses before deployment. What evaluators would test, how long they would hold a model, and what they could do with their findings all sit inside a framework that is only weeks old. The benchmarking threshold that decides which systems qualify will be classified, so the public may never learn why one model gets flagged and another moves ahead untouched.

The order does require the framework to protect intellectual property and confidentiality, and to guard against insider risk. Those safeguards are not a courtesy. A frontier model can hold commercially sensitive details and represent billions of dollars in research and compute, and no company wants that information walking out the door during a government review.

There is one more wrinkle worth watching. The order lets companies work with the government to choose the "trusted partners" who receive early access to covered models. In practice, that gives Washington a hand in arrangements like Anthropic's Project Glasswing, the limited-access program built for its Mythos-class systems.

A government that changed its mind on AI

Step back, and a clear pattern comes into view.

This is the third major AI move from the administration this year, following a push for federal preemption of state AI laws and the order it scrapped in May. The direction has held steady: a light touch on innovation, a heavy hand on security, and a stated preference for partnership with industry over rules imposed from above.

That marks a notable turn for a White House that spent its early months minimizing AI regulation, including at the state level. The arrival of more capable models, and the speed at which they can now break things, spooked enough officials to nudge the administration toward safety measures it once waved off.

Meta's rivals fell into step months ago. OpenAI and Anthropic were already cooperating on pre-release testing, while Google DeepMind, Microsoft, and xAI agreed back in May to grant evaluators early access through the Center for AI Standards and Innovation, the federal AI safety group housed at the Commerce Department.

That is the arrangement Meta keeps standing outside.

The executive order never spells out what happens if a lab refuses, which is the gap sitting at the center of the Meta question. So far no one has tested it. Every other major developer signed on without being pushed to the brink, and Meta says it intends to follow. Until that signature lands, the company remains alone outside a deal its competitors treated as the price of doing business, watched by an administration that no longer regards a powerful AI model as just another product launch.

Comments

Join the discussion and share your perspective.