White House Taps Political Operative to Lead AI Security Policy Despite Cybersecurity Gaps
Sean Cairncross, the Trump administration's national cyber director, is leading efforts to regulate advanced artificial intelligence models before they're released to the public. The move comes after Anthropic announced its Claude Mythos model can find security flaws in every major operating system and web browser - capabilities that could become widely available within 18 months.
Cairncross has spent the past month meeting with corporate executives, security experts and administration officials to discuss potential executive action on AI model releases. The White House is considering requiring tech companies to submit advanced AI models for federal vetting before public release.
The challenge is significant. Advanced AI tools can help cybersecurity teams patch vulnerabilities faster. But the same technology could let adversaries launch cyberattacks at unprecedented speed and scale if it falls into the wrong hands.
A Political Operator in a Technical Role
Cairncross's background raises concerns among current and former government officials. Before his Senate confirmation as national cyber director in August 2025, he served as chief operating officer of the Republican National Committee and as a senior adviser to Trump's first chief of staff. He has no background in cybersecurity or technology policy.
He was given the assignment because Trump and White House chief of staff Susie Wiles trust him and view him as a skilled political operator, according to current and former national security officials. Those same officials say he is smart and personable but lacks the technical expertise his predecessors brought to the role.
His predecessors - Chris Inglis and Harry Coker Jr. under President Biden - spent decades working on digital security in the U.S. intelligence community before assuming the position.
Industry and Agencies Frustrated With Progress
Private-sector recipients of outreach from Cairncross's office complained that questions sent ahead of White House meetings lacked clarity about AI and federal cyber policy. One question simply asked: "What is the most effective role for the government?"
At some in-person meetings, Cairncross gave a brief introduction and then left, turning proceedings over to his chief of staff, Lara Smith, who also lacks a technology background. Current officials said this frustrated participants who believed Cairncross's presence could accelerate discussions.
Current U.S. officials said Cairncross's office tried to fast-track the AI executive order before several agencies were comfortable with its language. The first draft raised privacy and legal issues that other agencies found impractical. It met enough resistance that it was effectively discarded, and additional drafts have since circulated.
A bipartisan group of more than 30 House members urged Cairncross on Thursday to take action to address the likely influx of AI-powered cyber threats targeting U.S. networks.
Understaffed and Undermanned
Cairncross's office has roughly 36 people, a significant reduction from the Biden administration's ONCD staff of nearly 100. Only a small cohort works on policy.
The broader cyber apparatus has also shrunk. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has no Senate-confirmed leader since Trump took office and has had its workforce cut. Trump also made significant cuts to National Security Council staff, leaving only a handful focused on cyber policy.
CISA typically plays a central role in protecting U.S. critical infrastructure from cyber threats. With leadership and staffing gaps, that responsibility has largely fallen to Cairncross's under-resourced office.
Current officials said Cairncross "just doesn't have a staff surrounding him who can help him execute these things professionally."
The Stakes
Federal agencies, congressional committees, global banks and regulators are requesting access to advanced AI models like Anthropic's Mythos and OpenAI's GPT-5.5-Cyber. They want to secure key networks before adversaries like China develop equivalent hacking capabilities.
Anthropic has limited Mythos access to a small group of trusted researchers and companies. An ongoing dispute between the Pentagon and Anthropic has further complicated access - the Defense Department declared Anthropic a national security risk after the company tried to limit its software's use for mass surveillance and autonomous weapons.
A White House spokesperson defended Cairncross's performance, saying he is "doing excellent work to protect the American people and our nation's critical infrastructure from cyber threats." The ONCD did not respond to a request for comment.
For government employees working in cybersecurity or policy roles, the uncertainty around AI model access and federal guidance creates immediate challenges. Learn more about AI's role in cybersecurity and explore AI for Government initiatives to understand how federal agencies are adapting to these new threats.
Your membership also unlocks:
