Spy vs. Commerce: U.S. Intelligence Agencies Fight for Control of AI Regulation
As Anthropic's Mythos AI model demonstrated an unprecedented ability to discover and exploit cybersecurity vulnerabilities, America's intelligence community has launched an internal campaign to wrest AI regulatory authority away from the Commerce Department. The battle over who governs frontier AI reveals a White House increasingly uncertain about the right approach as the technology's national security implications become impossible to ignore.
In Washington, the question of who regulates the most powerful AI systems is no longer merely a bureaucratic turf war. It is rapidly becoming one of the defining national security debates of the year — and America’s intelligence community has decided it is no longer willing to cede the field to civilian agencies.
According to reporting from The Washington Post, officials from the National Security Agency, elements of the Office of the Director of National Intelligence (ODNI), and other intelligence community stakeholders have been pushing the White House to give them significantly greater authority over how advanced AI models are evaluated, restricted, and potentially licensed before deployment. Their target: the current arrangement under which the Department of Commerce, through its Center for AI Standards and Innovation (CAISI), holds primary jurisdiction over pre-deployment AI evaluation.
The intelligence community’s argument is straightforward: AI models capable of discovering and exploiting zero-day vulnerabilities, generating functional exploit code, and potentially enabling unprecedented cyberattack campaigns represent a national security threat that civilian regulators are institutionally unsuited to manage. Classified threat intelligence — the kind that Commerce Department officials do not routinely hold clearances to access — is essential for understanding the full risk profile of a frontier AI model. The evaluation process, the intelligence agencies argue, must therefore be classified itself.
The Catalyst: Anthropic’s Mythos
The proximate trigger for the intelligence community’s push is Anthropic’s Mythos AI model, which the company released in limited form on April 7. Mythos was described internally as representing “a step change in capabilities” — in particular, its ability to analyze software at scale and identify exploitable vulnerabilities at a speed and breadth that no human research team could match. Anthropic used the model to identify thousands of zero-day vulnerabilities across major operating systems and browsers, and committed the findings to its Project Glasswing security initiative.
The White House was alarmed from the moment Mythos’s existence leaked in late March. Anthropic CEO Dario Amodei met with Chief of Staff Susie Wiles and reportedly Treasury Secretary Scott Bessent — an unusual set of interlocutors for a technology company regulatory meeting — to discuss the model’s security implications. The administration subsequently told Anthropic it opposed expanding Mythos access beyond its initial small cohort of technology partners, citing both the potential for misuse and the infrastructure implications of a broader rollout.
But the Mythos controversy exposed a deeper structural problem. The White House had no clear framework for who should make these calls. The Commerce Department’s CAISI, which had been building up a pre-deployment AI evaluation capability, was operating with limited national security coordination. The intelligence community watched this unfold and concluded that the existing arrangement was inadequate.
Commerce vs. Intelligence: A Structural Conflict
The institutional tension is not merely about which agency holds the official authority. It reflects a fundamental disagreement about what AI governance should look like.
The Commerce Department’s approach, embodied in CAISI, is oriented toward public standards, transparency, and industry cooperation. The agency has structured its pre-deployment evaluation agreements with companies like Google DeepMind, Microsoft, and xAI as collaborative exercises — voluntary partnerships in which AI developers share models for assessment against published capability benchmarks. The results, at least in part, are expected to be publicly documented.
The intelligence community’s preferred model is the opposite. It wants classified evaluations conducted by personnel with appropriate security clearances, against threat assessments that themselves cannot be made public, with outcomes that inform access decisions rather than benchmarking reports. The IC doesn’t want to publish the results of a Mythos evaluation — it wants to decide whether Mythos can be deployed at all, and to whom.
These are not merely different procedures. They reflect different conceptions of what AI governance is for: building public trust in the technology, or controlling it as a strategic asset.
Trump’s Zigzag on AI Policy
The White House’s position on AI regulation has undergone a remarkable reversal in the span of a few months. When President Trump took office, one of his first acts was to rescind Biden’s Executive Order 14110 on safe and trustworthy AI, framing it as a bureaucratic obstacle to innovation and American competitiveness. The administration’s initial posture was essentially libertarian: let AI develop as fast as possible, with the market rather than regulators setting the pace.
That posture has crumbled under the weight of the capabilities AI systems have since demonstrated. By early May, Trump administration officials were privately discussing proposals for formal government review requirements before high-risk AI models can be deployed to the public — a position that would have been unthinkable under the administration’s founding framework. The White House has also been working to establish an AI working group that includes both technology executives and government officials, designed to give the executive branch more visibility into what frontier AI systems can do before they reach the market.
The Register described the shift as moving “from ‘anything goes’ to ‘strict regulation’” — though the administration’s public messaging has not caught up with the private deliberations. Officials have been careful not to frame the evolving posture as a reversal, preferring language about “security” and “American leadership” over “regulation.”
CAISI’s Expanding Role — For Now
Despite the intelligence community’s pressure, Commerce’s CAISI has been quietly expanding its footprint. Since announcing initial evaluation agreements with Google DeepMind, Microsoft, and xAI in early May, the agency has also been in discussions with Anthropic and OpenAI about formalizing similar arrangements. The agreements allow CAISI to evaluate frontier models before public release, assessing them against a set of capability thresholds defined in partnership with NIST.
CAISI’s supporters argue that the intelligence community’s preferred approach would create a chilling effect on AI development. Companies would face not just commercial but national security review processes that could take months, involve classification requirements that conflict with their global business operations, and ultimately be wielded as tools of industrial policy rather than genuine safety assessment.
The tension is further complicated by the fact that the intelligence community is itself a significant consumer of frontier AI. The Pentagon’s recent deals with OpenAI, Google, Microsoft, Amazon, and others to deploy AI on classified networks mean that IC agencies have a direct interest in maintaining access to — and influence over — the most capable AI systems. Regulating those systems rigorously risks constraining their own tools.
The Broader Stakes
The outcome of this bureaucratic fight will shape the structure of American AI governance for years. If the intelligence community succeeds in claiming primary jurisdiction over frontier AI evaluation, the regulatory regime will become substantially less transparent, less globally interoperable, and more subject to national security considerations that may have little to do with the safety concerns driving the initial impetus for oversight.
If Commerce retains the lead, with CAISI developing into a genuine independent evaluation body, the U.S. will have a framework that at least aspires to public accountability — though critics argue it lacks the teeth to constrain a determined developer who disagrees with its findings.
For international observers — including Taiwan’s technology sector and government — the outcome matters for several reasons. The U.S. regulatory framework, whatever form it takes, will affect which AI models can be exported, how allied nations gain access to frontier AI evaluation insights, and what standards become de facto global benchmarks. A classified, IC-led regime would be far harder for allies to engage with than a transparent CAISI-led process.
Google’s disclosure of an AI-assisted zero-day attack on Monday will almost certainly give the intelligence community’s arguments new urgency. When a criminal group, not a nation-state, can deploy AI for zero-day exploit development, the line between commercial AI capability and national security threat has effectively dissolved. The question is not whether Washington will respond — it is which part of Washington will be in charge when it does.