TL;DR: A June 9, 2026 executive order would let federal agencies request up to 30 days of private testing for AI models deemed “covered,” while the NSA helps build a benchmarking process and participation remains voluntary, according to Swarmnetics. The policy signals that model evaluation is shifting from internal assurance to national-security scrutiny, but it still leaves governance fragmented.
NHIMG editorial — based on content published by Swarmnetics: Trump Executive Order Seeks Pre-Release Access and Assessment of AI Models
Questions worth separating out
Q: How should organisations govern frontier AI models before release?
A: Organisations should require a formal approval gate before any frontier model is released or connected to tools, data, or users.
Q: Why do AI evaluations need identity and access context?
A: Because many AI failures happen through who can retrieve, prompt, or act on data, not just through model quality.
Q: What do security teams get wrong about AI safety testing?
A: The common mistake is treating AI safety testing as if it were just another security scan.
Practitioner guidance
- Define a pre-release approval gate for frontier models Require documented benchmarking, red-team results, and sign-off before any model is connected to tools, data, or production workflows.
- Separate model validation from tool delegation Make sure a model that passes evaluation does not automatically inherit access to APIs, internal data, or execution environments.
- Inventory models that bypass voluntary review Identify which internal or third-party models are outside any expected external testing path and record the residual risk they introduce.
What's in the full analysis
Swarmnetics' full analysis covers the operational and policy detail this post intentionally leaves for the source:
- How the proposed pre-release evaluation process would work across agencies and trusted partners
- The implications of a 30-day private testing window for frontier model release timing and assurance
- What the benchmarking process may mean for developers that want to remain in voluntary review programs
- How state-level AI laws could interact with federal expectations in a patchwork compliance environment
👉 Read Swarmnetics' analysis of the Trump executive order on AI model pre-release testing →
AI model pre-release testing: what it means for security teams?
Explore further
Voluntary pre-release testing is a governance signal, not a governance solution. The order recognises that frontier models can create security externalities before release, but voluntary participation means assurance remains uneven. In practice, the most sensitive systems may still be the least consistently reviewed. Practitioners should read this as a cue to build their own model acceptance gates rather than waiting for policy to harden.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging (37%) and over-privileged accounts (37%).
A question worth separating out:
Q: Who should be accountable for AI risk when multiple teams deploy models?
A: Accountability should sit with named lifecycle owners, backed by a governance forum that includes legal, privacy, security, data and business leads. Shared responsibility does not mean shared ambiguity. Each model needs one accountable owner who can answer for the data, use case, controls and retirement state.
👉 Read our full editorial: AI model pre-release testing exposes the governance gap in frontier AI