President Donald Trump unveiled his
AI Action Plan Wednesday, which focuses on reducing AI regulations and bolstering innovation while strengthening defenses against AI-related risk.
With emphasis on “winning the race” of global AI innovation, the plan’s recommended
policy actions include seeking guidance from the technology industry to remove regulations that hinder AI development and reducing AI-related federal funding for states with overburdensome regulations.
The AI Action Plan also aims to strengthen AI security and national security against AI threats through measures including the establishment of an AI Information Sharing and Analysis Center (AI-ISAC) led by the Department of Homeland Security (DHS) and improvements in AI secure-by-design, incident response and risk assessment frameworks.
“Crucially, the plan emphasizes security. It is promising to see they are leveraging respected organizations, such as NIST, for frameworks and standards, and the proposed AI-ISAC signals a proactive federal stance on cybersecurity standards,” Bugcrowd CEO Dave Gerry told SC Media in an email.
The 24-page plan includes more than 90 policy recommendations under three key pillars: Accelerating Innovation, Building American AI Infrastructure and Leading in International Diplomacy and Security.
AI deregulation, workforce development and model evaluation sought for innovation
The “Accelerating Innovation” section opens with a call to “remove red tape and onerous regulation,” noting that Trump already
rescinded former President Joe Biden’s Executive Order on AI soon after his inauguration in January.
Several states have passed AI regulations, including New York, Colorado and California, with the latter passing more than 17 such bills last year, although its most restrictive and controversial regulation was
vetoed by Gov. Gavin Newsom last September.
Bugcrowd’s Gerry praised Trump’s plan for its “focus on accelerating innovation by cutting unnecessary regulations” and positioning the U.S. as a global leader in AI.
However, experts have long raised concerns about
the nation’s lack of a comprehensive federal AI regulation, pacing it behind the United Kingdom and European Union in this aspect, and these concerns remain as the White House lays out its new plan.
“From a CISO perspective, we need a unified cybersecurity framework, similar to other countries’, but with more requirements, to prevent a fragmented approach with constantly evolving state-level mandates,” Deepwatch CISO Chad Cragle told SC Media.
The AI Action Plan also aims to bolster innovation through federal investments in AI workforce development. While the plan does not directly address the cybersecurity workforce, it emphasizes the impact of AI on the labor market and the importance of AI skills and literacy in workforce training and education.
“The U.S. faces a growing talent gap in AI. While demand for skilled professionals is accelerating, our pipeline of trained engineers, researchers, and cybersecurity experts isn’t keeping pace. Closing the gap will require long-term investments in STEM education, immigration pathways for top talent and stronger industry-academic collaboration,” noted Polyguard CEO and Co-founder Joshua McKenty, a former chief cloud architect at NASA, in a statement to SC Media.
The need to better understand and evaluate the behavior and resilience of AI systems is also noted as a key factor in boosting technological innovation and defending national security from AI risks.
The plan sets forth recommendations to launch a technology development program on AI interpretability, AI control systems and adversarial robustness, as well as an AI hackathon initiative to uncover security vulnerabilities and make AI systems more effective.
It also calledsitessssssss for the building of an “AI evaluations ecosystem” leveraging agencies including the
National Institute of Standards and Technology (NIST) and the Center for AI Standards and Innovation (CAISI) to publish evaluation guidance and resources and develop both AI testbeds and new methods of AI evaluation.
The plan also recommended a twice-yearly meeting hosted by CAISI that brings together federal agencies and researchers to share AI evaluation insights and best practices, as well as the convening of the NIST AI Consortium to aid the development of new measurement techniques.
One aspect of the plan that drew criticism from experts was the recommendation to revise NIST’s AI Risk Management Framework to “eliminate references to misinformation, Diversity, Equity, and Inclusion, and climate change.”
“NIST’s framework is one of the few widely respected tools for managing AI risk. Revisions should focus on technical clarity, threat modeling, operational usability, and science – not politics. Stripping out key areas that address misinformation or emergent behavior would make the framework less relevant just as the stakes are getting higher,” McKenty said.
Plan promotes critical infrastructure security, secure-by-design AI and AI incident response
The second section of the plan, focused on building American AI infrastructure, gives significant emphasis to ensuring both that the U.S.’s growing AI infrastructure is protected and that the nation’s critical infrastructure if protected from AI vulnerabilities and AI-powered threats.
The plan’s recommendations focused on paving the way to build more data centers, semiconductor manufacturing facilities and energy infrastructure include measures to “maintain security guardrails to prohibit adversaries from inserting sensitive inputs to this infrastructure.”
Part of protecting this infrastructure involves prioritizing domestic products in the AI computing stack and curbing the use of software and hardware sourced from foreign adversaries, the plan states. AI-driven cybersecurity technologies can also contribute to this effort, noted Darktrace Federal CEO Marcus Fowler.
“Thankfully, AI-powered cybersecurity capabilities at every layer — from cloud and compute to the APIs, networks, and data centers — is already being leveraged by some federal agencies for robust protection and can quickly scale to meet both growing need and advancing threats,” Fowler said.
As AI technology is increasingly incorporated into critical infrastructure systems, the plan aims to tackle AI-specific vulnerabilities and threats affecting these systems.
The plan mentions the potential to use AI-driven defenses in this effort, and more specifically recommends in the establishment of the AI-ISAC, the issuing of AI-specific vulnerability and threat guidance for the private sector through DHS and the collaborative sharing of AI vulnerability intelligence between federal agencies and the private sector through existing vulnerability sharing mechanisms.
“As the federal government accelerates its adoption of AI, we encourage both the public and private sectors to adopt practices crucial to testing and protecting AI systems, including frequent active red-teaming, vulnerability disclosures policies, bug bounties, and protections for good-faith researchers,” said HackerOne Chief Legal and Policy Officer Ilona Cohen in a statement to SC Media.
The plan further recognizes the importance of promoting AI systems that are secure-by-design to resist attacks such as data poisoning, malicious inputs and sensitive data exposure. To this end, it recommends continued refinement of the Department of Defense’s Responsible AI and Generative AI Frameworks, Roadmaps and Toolkits as well as the publication of an Intelligence Community Standard on AI Assurance, led by the Office of the Director of National Intelligence.
The government’s AI incident response capabilities are also addressed with recommendations for NIST to partner with the AI and cybersecurity industries to “ensure AI is included in the establishment of standards, response frameworks, best-practices, and technical capabilities (e.g., fly-away kits) of incident response teams” and for the Cybersecurity and Infrastructure Security Agency (CISA) to modify its Cybersecurity Incident & Vulnerability Response Playbooks to include considerations for AI systems.
CISA playbooks should also include requirements for CISOs to consult with chief AI officers, senior agency officials for privacy, CAISI and other agency officials when appropriate, the plan states.
“The current administration understands that cyber warfare is real and happening daily. A strong, assertive cyber posture, including potential offensive operations, is necessary to deter adversaries. There must be real consequences if critical infrastructure, banks, or healthcare systems are taken offline,” Cragle noted.
Chinese influence, frontier model risks addressed
The final section of the plan focuses on the U.S.’s leadership in “International AI Diplomacy and Security,” with a specific recommendation addressing China’s influence on AI development and governance by advocating for “international AI governance approaches that promote innovation, reflect American values, and counter authoritarian influence.”
The White House also planned to promote the export of American AI innovations to allies and partners while restricting access to key technologies like semiconductors from adversaries. The plan recommended the Department of Commerce develop new export controls for semiconductor manufacturing sub-systems as well as establish a new global chip export control enforcement effort.
Liberty Defense president, and former White House lawyer and CIA officer, Bryan Cunningham told SC Media that the ambiguity of this section raised some concerns.
“’Export American AI to Allies and Partners’ is the right approach, if we properly define who are allies are, which is unstated in this document. I agree that we need to counter Chinese influence, but exactly who are our allies? I would have stated NATO, the Five Eyes, Ukraine, Israel, Japan, S. Korea, etc., to eliminate any ambiguity there,” Cunningham said.
The plan also aimed to “ensure that the U.S. government is at the forefront of evaluating national security risks in frontier models.” These risks include cyberattacks as well as the development of chemical, biological, radiological, nuclear, or explosive (CBRNE) weapons.
The White House recommended CAISI lead the effort to evaluate frontier AI systems for such risks, in collaboration with frontier system developers, and also calls for CAISI to evaluate the risk of using adversaries’ AI systems in critical infrastructure and industry.
The use of Chinese AI models such as DeepSeek in government and critical infrastructure have raised concerns about potential collection of data by the Chinese government, with
some U.S. agencies banning the use of DeepSeek by employees and
lawmakers proposing bills prohibiting the use of AI systems from adversary nations.
The plan further directed agencies, including NIST, CAISI, the DOD and the Department of Education, to prioritize the recruitment of leading AI researchers to boost the federal government’s model analysis capabilities, and encourages collaboration between CAISA, national security agencies and research institutions to build, maintain and update national security-related AI evaluations.
Cunningham, of Liberty Defense, says that while the goals outlined in Trump’s AI Action plan are a positive step, the implementation plans to follow will be crucial in determining whether the plan can succeed in its goals.
“Usually, such Presidential policy directives are quickly followed by a detailed implementation plan, with specific taskings and timelines for actions from each USG department and agency. This is where we’ll sort the devils in the details and much will depend on how they’re implemented,” Cunningham stated.