EveryAILaw.com

Establishes a voluntary framework under which frontier developers may engage the government to have models designated "covered frontier models" and provide up to 30 days of pre-release access for evaluation before other trusted partners. The framework itself does not yet exist — Treasury, NSA, and CISA must design it within 60 days. Section 3(c) expressly disclaims any mandatory licensing, preclearance, or permitting requirement, so participation is opt-in. Worth watching: a voluntary pre-release evaluation regime can harden into a de facto procurement or trusted-vendor expectation.

Directs Treasury, NSA, and CISA to develop and maintain a classified benchmarking process that assesses the advanced cyber capabilities of AI models and sets the threshold for designating a "covered frontier model." This is the first federal mechanism defining a frontier-model threshold by capability rather than compute. Developers engage the designation process voluntarily; assessments are shared with developers as appropriate. The benchmark and threshold are pending — agencies have 60 days to develop them.

Directs the Secretary of the Treasury to form an AI cybersecurity clearinghouse, in voluntary collaboration with the AI industry and critical-infrastructure operators, to coordinate vulnerability scanning, validate discovered vulnerabilities, and prioritize remediation and patch distribution. To be formed within 30 days. Participation is voluntary, but for AI providers and critical-infrastructure operators it functions as a coordinated channel for software-vulnerability discovery and remediation.