Google, Microsoft, xAI grant US government pre-release access to AI models via CAISI

The trigger event for this policy shift is hiding in plain sight in an Anthropic red-team blog post. In April 2026, Anthropic previewed Claude Mythos, and the cyber capability jump was not incremental. Anthropic's internal benchmark recorded the model producing working JavaScript exploits against Firefox 147 in 181 of its trials, compared with just 2 for the prior Opus 4.6 generation. Anthropic engineers also reported asking Mythos overnight for remote code execution exploits and finding complete working ones by morning. More than 99% of the vulnerabilities Anthropic identified with Mythos remain unpatched, and the company says it has surfaced thousands of additional high- or critical-severity flaws.

That is the capability profile that landed on policymakers' desks weeks before the CAISI deals were signed. White House National Economic Council Director Kevin Hassett's pitch for an FDA-style executive order on AI lands very differently when read against a model that can produce browser exploits at industrial scale. The Mythos preview did not just spook safety researchers; it gave an administration that had spent two years framing AI rules as an innovation tax a politically usable national security justification to pull frontier models into a federal review queue.

The mechanics of these deals only make sense once you grasp how thinly resourced CAISI actually is. The agency runs on roughly 30 staff and has received about $30 million in total funding since 2024. Congress added another $10 million earmarked specifically for CAISI expansion in January 2026, on top of $55 million for broader NIST AI research. That is a rounding error against the compute footprints of the labs CAISI is meant to evaluate.

This is why the agreements are structured the way they are. As Georgetown's Jessica Ji puts it, the partnerships exist precisely because CAISI lacks the manpower, technical staff, and compute access that big tech companies have for rigorous testing. The labs supply the model, and crucially they supply versions with safeguards reduced or removed so CAISI can probe the unmitigated capability surface. CAISI brings methodology, classified testing environments, and the federal imprimatur. It is less a regulator inspecting a factory and more a small measurement lab borrowing the factory's tools to do the inspection. That dependency shapes everything that follows: enforcement leverage is limited, but methodological learning compounds with every model passed through the pipeline.

The institutional story behind these deals is a rebrand that changed the substance, not just the letterhead. The Biden-era US AI Safety Institute, which signed its first MOUs with Anthropic and OpenAI in August 2024, was reorganized in mid-2025 by Commerce Secretary Howard Lutnick into the Center for AI Standards and Innovation. The word 'safety' was dropped. The new mandate centers on demonstrable national security risks: cyber, bio, chemical, and adversary AI influence operations.

That reframing is what allowed OpenAI and Anthropic to renegotiate their old AISI agreements without political friction, and it is what made the new Google DeepMind, Microsoft, and xAI deals possible in a Trump administration. By recasting evaluation as national security measurement rather than 'AI safety,' the Commerce Department moved the same underlying activity into a category Republicans broadly support. Lutnick's designation of CAISI as industry's primary government point of contact for AI testing then concentrated a fragmented set of bilateral conversations into one funnel. The labs got a single counterparty; the administration got a single chokepoint where it could observe what frontier models can actually do.

Every signature on a CAISI MOU today is voluntary, and the Reddit policy-watcher discourse has split between cautious optimism that the structure will hold and skepticism that anything voluntary can constrain capability releases when commercial pressure mounts. The policy ground is shifting underneath that debate. Hassett's public comments about studying an FDA-style executive order are not abstract: he frames frontier AI as something that should be 'released in the wild after they've been proven safe, just like an FDA drug.' That is a regulatory model with mandatory pre-market review, not a voluntary partnership.

If such an order materializes, the existing CAISI agreements become the de facto template. Google, Microsoft, xAI, OpenAI, and Anthropic have already accepted the operational pattern: hand over an unreleased model, often with safeguards stripped, accept a federal evaluation. Codifying that into binding rule would not require building a new institution, just upgrading the legal status of the one labs are already cooperating with. Humane Intelligence CEO Rumman Chowdhury captured the political whiplash bluntly, calling it 'a 180 for the Trump administration.' The 180 is significant precisely because it suggests the voluntary phase may be a runway, not a destination.

The cleanest illustration that CAISI participation is not a free pass came in March, when the Department of Defense designated Anthropic a security risk despite the company's then-active CAISI partnership and its status as one of the original 2024 AISI signatories. Cooperating on pre-release evaluation buys a seat at the measurement table. It does not buy procurement protection or exempt a lab from broader national security determinations made elsewhere in government.

That split signal matters for how every other lab reads these deals. xAI, Microsoft, and Google DeepMind are now inside the same evaluation tent as Anthropic, but the Anthropic precedent shows the tent does not insulate them from adversarial decisions on contracts, export controls, or downstream restrictions. OWASP AI Exchange founder Rob van der Veer's framing is the realistic posture: 'AI models will remain fragile, no matter how much we test them…so yes, test the models. Vet them. Improve them.' Testing is becoming a prerequisite for deployment legitimacy, not a guarantee of government favor. The labs that signed this week did so understanding that distinction, which is itself the most underappreciated tell about how much the political economy of frontier AI has changed.