美國政府 AI 測試計畫：前沿模型治理的「FDA 式」路線圖

從反監管到監管轉向的 2026 年政策轉折

2026 年 5 月，美國政府 AI 政策出現驚人的 180 度轉向。曾在拜登時期批評過「過度負擔的 AI 安全措施和許可制度」的特朗普政府，在 Anthropic Mythos 模型暴露大量高嚴重性漏洞後，突然轉向擁抱 AI 治理。這不僅僅是政策立場的調整，而是對前沿 AI 技術國家安全風險的實質回應。

Fortune 報導指出，特朗普 AI 團隊曾「反對拜登的一切」，但現在正準備實施許多相同的政策。關鍵驅動因素是 Mythos Preview——這款具備編碼能力的前沿模型，據稱發現了「數千個高嚴重性漏洞」——這迫使政府重新思考 AI 模型的安全邊界。

CAISI 合作框架：40+ 次前沿模型評估

CAISI（AI 標準與創新中心，前美國 AI 安全研究所）已與 Google、Microsoft 和 xAI 簽署合作協議，允許政府在前沿模型發布前進行評估。據 CAISI 的新聞稿，這些協議「使政府能夠在 AI 模型公開可用前進行評估，以及發布後的評估和其他研究」。CAISI 已完成超過 40 次此類評估，包括對保持未發布的先進模型。

「獨立、嚴格的測量科學對於理解前沿 AI 及其國家安全影響至關重要，」CAISI 主任 Chris Fall 在聲明中表示。這一框架代表了從「發布後監管」到「發布前評估」的結構性轉變。

FDA 式評估路線圖：速度與安全的權衡

白宮國家經濟委員會主任 Kevin Hassett 在 Fox Business 的採訪中提供了關鍵洞見：

「我們正在研究可能發布行政命令，為所有人提供一條清晰的行動路線，說明未來能夠創造漏洞的 AI 應該如何經過流程，以便在釋放到野外之前證明它是安全的——就像 FDA 藥物一樣。」

這一 FDA 類比揭示了治理架構的核心權衡：

• 速度 vs 安全：FDA 模式承認發布後監管成本高昂，但提供發布前篩選
• 測量科學的獨立性：CAISI 作為獨立機構，確保評估結果不受廠商商業壓力影響
• 評估範圍：從「漏洞發現速度」到「攻擊向量識別」，前沿模型能力正成為國防工具

國防視角：防禦者優勢的戰略意義

五角大樓網路政策助理部長 Katie Sutton 在 AI+ Expo 上的觀點提供了更宏觀的視角：

「當人們談論 Mythos 的挑戰和威脅時，我實際上是從非常不同的角度來看待它——從成功的角度。這談到了我將領導的部門最大的競爭優勢——美國產業的快速創新能力。」

Sutton 強調了三個關鍵機會：

1. 構建更安全的代碼：工具幫助構建更健壯的代碼，而非僅僅補丁漏洞
2. 漏洞學習與緩解：使用工具學習漏洞位置並進行修補
3. 從勞動密集到機器速度：從數天/數週的修補時間縮短到數分鐘/數秒

然而，她也指出挑戰：「國防部門如何實施這一點？我們有大量技術債和遺留系統——這就是為什麼我們必須加快升級速度。」

前沿模型的雙面性：防禦者優勢 vs 攻擊者能力

Mythos Preview 的案例揭示了前沿 AI 的雙面性：

防禦者優勢：

• AI 發現漏洞的速度遠超人工
• 統一測試框架確保模型一致性
• 發布前評估降低公開後的突發風險

攻擊者能力：

• 同樣的前沿技術可用於識別系統漏洞
• 自動化漏洞利用可縮短攻擊窗口
• AI 驅動的網路攻擊可能突破傳統防禦

這種雙面性使得治理不僅是技術問題，更是國家安全問題。

比較分析：前沿 AI 治理的全球競爭

與其他國家相比，美國的 AI 治理策略呈現出以下特點：

美國模式：

• 發布前評估為主，發布後監管為輔
• 廠商合作協議（CAISI + 廠商）
• 獨立測量科學為基礎
• 認可「速度」作為競爭力

潛在對手可能的回應：

• 加速開放權重模型（Open Weights）以繞過評估
• 在開源生態中建立「安全子集」
• 聯合國際標準組織制定「互認」評估框架

實施邊界：技術債 vs AI 優化

治理框架的實施面臨兩個關鍵邊界：

技術債邊界：

• 國防系統的遺留架構限制了 AI 優化的速度
• 大規模遷移成本高於發布前評估成本
• 某些系統的 AI 優化空間有限

AI 能力邊界：

• 當前前沿模型仍無法自動修補高複雜度系統
• AI 發現漏洞與人類修補之間存在認知差距
• AI 開發的自動化攻擊工具與防禦工具的雙向武器化

商業影響：前沿實驗室的發布策略調整

這一治理框架對前沿 AI 實驗室產生實質影響：

發布策略調整：

• 發布前需要通過國家安全評估
• 可能增加評估成本（時間與資源）
• 部分高風險功能可能延遲或限制發布

競爭優勢重構：

• 「安全」從成本轉化為競爭力
• 通過評估的廠商可獲得政府信任優勢
• AI 安全能力成為產品護城河

評估指標：測量科學的關鍵維度

CAISI 的評估框架可能包含以下維度：

技術維度：

• 漏洞發現速度（從發現到報告的時間）
• 漏洞嚴重性分類準確性
• 跨模型漏洞識別一致性

系統維度：

• 網路攻擊向量識別能力
• 複雜系統漏洞分析深度
• 自動化修建議可行性

戰略維度：

• 攻擊面識別完整性
• 關鍵基礎設施脆弱性評估
• 國家安全風險量化

國際協調：前沿 AI 的「外交」維度

AI 治理不僅是內部問題，也涉及國際協調：

互認框架：

• 可能需要建立「互認評估」機制
• 避免不同國家評估標準的碎片化
• 聯合國際標準組織（ISO/IEC）的角色

技術合作 vs 競爭：

• 前沿 AI 能力既是競爭力也是合作需求
• 網路安全協同可能是合作領域
• AI 服務的全球化與國別限制的張力

結論：前沿 AI 治理的「先發優勢」

2026 年的這一政策轉向，標誌著前沿 AI 治理進入「先發優勢」時代：

1. 先發者優勢：率先建立治理框架的國家可獲得標準制定權
2. 技術債代價：後來者需要投入更多資源補償治理缺口
3. 評估即競爭：AI 能力評估本身成為競爭維度
4. 速度即安全：快速發布與安全評估的平衡是關鍵

Mythos Preview 的案例表明，前沿 AI 的雙面性使得治理從「可選項」轉化為「必選項」。對於前沿 AI 實驗室而言，這不僅是監管挑戰，更是戰略機會——通過與政府合作建立「安全發布」標準，將治理成本轉化為競爭優勢。

這一治理框架的實施，標誌著前沿 AI 從「技術競爭」向「治理競爭」的轉折點。誰能建立可信的 AI 評估框架，誰就能在 2026 年及以後的 AI 佔領制中佔據先發優勢。

#US Government AI Testing Program: An “FDA-style” roadmap for cutting-edge model governance

Policy transition from anti-regulation to regulation in 2026

In May 2026, the U.S. government’s AI policy took a stunning 180-degree turn. The Trump administration, which had criticized “overburdened AI security measures and licensing systems” under Biden, suddenly pivoted to embrace AI governance after the Anthropic Mythos model exposed a large number of high-severity vulnerabilities. This is not just an adjustment in policy stance, but a substantive response to the national security risks of cutting-edge AI technology.

Fortune reported that the Trump AI team had “opposed everything about Biden,” but is now gearing up to implement many of the same policies. The key driver was Mythos Preview — a cutting-edge model with coding capabilities that reportedly discovered “thousands of high-severity vulnerabilities” — forcing governments to rethink the security perimeter of AI models.

CAISI Collaborative Framework: 40+ sub-frontier model evaluations

CAISI (Center for AI Standards and Innovation, formerly the American AI Safety Institute) has signed collaboration agreements with Google, Microsoft, and xAI to allow governments to evaluate cutting-edge models before they are released. The agreements “enable governments to conduct evaluations of AI models before they are publicly available, as well as post-release evaluations and other research,” according to a CAISI press release. CAISI has completed more than 40 such evaluations, including on advanced models that remain unpublished.

“Independent, rigorous measurement science is critical to understanding cutting-edge AI and its national security implications,” CAISI Director Chris Fall said in a statement. This framework represents a structural shift from “post-release regulation” to “pre-release assessment.”

FDA-Style Evaluation Roadmap: Speed vs. Safety Tradeoff

White House National Economic Council Director Kevin Hassett provided key insights in an interview with Fox Business:

“We are exploring the possibility of issuing an executive order to provide everyone with a clear course of action on how future AI capable of creating vulnerabilities should go through a process to prove it is safe before being released into the wild — just like FDA drugs.”

This FDA analogy reveals the core trade-offs of governance structures:

• Speed vs. Safety: FDA model acknowledges the high cost of post-release regulation but provides pre-release screening
• Independence of measurement science: CAISI, as an independent body, ensures that evaluation results are not influenced by commercial pressure from manufacturers
• Assessment Scope: From “vulnerability discovery speed” to “attack vector identification”, cutting-edge model capabilities are becoming a national defense tool

Defense Perspective: The Strategic Implications of Defender Advantage

Pentagon Assistant Secretary for Cyber Policy Katie Sutton’s perspective at AI+ Expo provides a broader perspective:

“When people talk about the challenges and threats to Mythos, I actually look at it from a very different perspective - from a success perspective. This speaks to the greatest competitive advantage of the department I will lead - the rapid innovation ability of American industry.”

Sutton highlighted three key opportunities:

1. Build more secure code: Tools help build more robust code, not just patch vulnerabilities
2. Vulnerability Learning and Mitigation: Use tools to learn the location of vulnerabilities and patch them
3. From Labor Intensity to Machine Speed: From days/weeks of patching time to minutes/seconds

However, she also noted the challenges: “How does the defense sector implement this? We have a lot of technical debt and legacy systems - that’s why we have to accelerate upgrades.”

The duality of the frontier model: defender advantage vs attacker capability

The case of Mythos Preview reveals the duality of cutting-edge AI:

Defender Advantage:

• AI can discover vulnerabilities much faster than humans
• Unified testing framework ensures model consistency
• Pre-release assessment to reduce unexpected risks after disclosure

Attacker abilities:

• The same cutting-edge technology can be used to identify system vulnerabilities
• Automated exploits shorten attack windows
• AI-driven cyberattacks may breach traditional defenses

This duality makes governance not only a technical issue, but also a national security issue.

Comparative Analysis: Global Competition in Frontier AI Governance

Compared with other countries, the United States’ AI governance strategy exhibits the following characteristics:

US Model:

• Pre-release evaluation is the main focus, post-release supervision is the supplement
• Vendor Cooperation Agreement (CAISI + Vendor)
• Based on independent measurement science
• Recognize “speed” as competitiveness

Possible responses from potential adversaries:

• Accelerate Open Weights models to bypass evaluation
• Establish a “safe subset” in the open source ecosystem
• Cooperate with international standards organizations to develop a “mutual recognition” assessment framework

Implementation Boundary: Technical Debt vs AI Optimization

The implementation of the governance framework faces two key boundaries:

Technical Debt Boundary:

• Legacy architecture of defense systems limits the speed of AI optimization
• Large-scale migration costs are higher than pre-launch evaluation costs
• Some systems have limited room for AI optimization

AI capability boundary:

• Current cutting-edge models are still unable to automatically patch highly complex systems
• There is a cognitive gap between AI finding vulnerabilities and humans patching them
• Two-way weaponization of automated attack tools and defense tools developed by AI

Business Impact: Frontier Labs’ release strategy adjustments

This governance framework has substantial implications for cutting-edge AI labs:

Release strategy adjustment:

• Requires national security assessment before release
• May increase assessment costs (time and resources)
• Some high-risk features may be delayed or restricted from release

Competitive Advantage Reconstruction:

• “Safety” is transformed from cost to competitiveness
• Vendors that pass the assessment can gain government trust advantage
• AI security capabilities become product moats

Assessment Metrics: Key Dimensions of Measurement Science

CAISI’s assessment framework may include the following dimensions:

Technical dimension:

• Velocity of vulnerability discovery (time from discovery to reporting)
• Vulnerability severity classification accuracy
• Consistency in vulnerability identification across models

System Dimensions:

• Network attack vector identification capabilities
• Depth of vulnerability analysis of complex systems
• Feasibility of automated repair suggestions

Strategic Dimension:

• Attack surface identification completeness
• Critical infrastructure vulnerability assessment
• Quantification of national security risks

International coordination: the “diplomatic” dimension of cutting-edge AI

AI governance is not only an internal issue, but also involves international coordination:

Mutual Recognition Framework:

• It may be necessary to establish a “mutual recognition assessment” mechanism
• Avoid fragmentation of assessment standards in different countries
• The role of joint international standards organizations (ISO/IEC)

Technical Cooperation vs. Competition:

• Cutting-edge AI capabilities are both competitiveness and cooperation requirements
• Cybersecurity synergy may be an area of cooperation
• The tension between the globalization of AI services and national restrictions

Conclusion: The “first-mover advantage” of cutting-edge AI governance

This policy shift in 2026 marks the entry of cutting-edge AI governance into the era of “first-mover advantage”:

1. First mover advantage: The country that takes the lead in establishing a governance framework will gain the right to set standards.
2. Technical debt price: Latecomers need to invest more resources to compensate for the governance gap
3. Assessment is Competition: AI capability assessment itself becomes a competitive dimension
4. Speed is security: The balance between rapid release and security assessment is key

The case of Mythos Preview shows that the duality of cutting-edge AI transforms governance from “optional” to “required.” For cutting-edge AI laboratories, this is not only a regulatory challenge, but also a strategic opportunity - by working with governments to establish “safe release” standards, turn governance costs into competitive advantages.

The implementation of this governance framework marks a turning point in cutting-edge AI from “technology competition” to “governance competition”. Whoever can build a credible AI assessment framework will have a first-mover advantage in the AI ​​domination of 2026 and beyond.