Prepared, Not Paralyzed

Executive Summary

The Trump administration has embraced a pro-innovation approach to artificial intelligence (AI) policy. Its AI Action Plan, released July 2025, underscores the private sector’s central role in advancing AI breakthroughs and positioning the United States as the world’s leading AI power.¹ At the Paris AI Action Summit in February 2025, Vice President JD Vance cautioned that an overly restrictive approach to AI development “would mean paralyzing one of the most promising technologies we have seen in generations.”²

Yet this emphasis on innovation does not diminish the government’s critical role in ensuring national security. On the contrary, AI advances will yield significant threats alongside unprecedented potential in this domain. Experts warn of advanced AI introducing more autonomous cyber weapons, bestowing a broader pool of actors with the know-how to develop biological weapons, and potentially malfunctioning in ways that cause massive damage.³ Private and public sector leaders alike have echoed these concerns.⁴ The urgent task for policymakers is to ensure that the federal government can anticipate and manage the national security implications of AI with advanced capabilities—without resorting to blunt, ill-targeted, or burdensome regulation that would undermine America’s innovative edge. In other words, the government must prepare at once for potential risks from rapidly advancing AI without imposing onerous regulations that unduly stifle the technology’s vast potential for good.

The status quo is insufficient: Technical expertise in advanced AI remains concentrated in a handful of companies, and the government is playing catch-up. Existing voluntary information-sharing commitments between AI labs and the federal government already face hurdles and likely will prove insufficient over time as the costs of providing transparency increase. Meanwhile, the private sector lacks both the national security expertise and the commercial incentives to manage these risks to the national interest. The United States cannot afford policies built solely on speculative fears. Yet in the face of real and rapid progress in national security–relevant capabilities, neither can it risk allowing an AI-driven disaster or a regulatory vacuum to derail technological progress.

While much of the policy debate rightly focuses on innovation and accelerating adoption, this report concentrates on a less developed but equally vital counterpart: managing the risks that could undermine those ambitions without stifling AI’s innovative potential. Effective risk management is not a brake on progress but a prerequisite for it, playing an essential role in sustaining public trust, preventing setbacks, shaping global standards, and ensuring that American leadership in AI endures over the long term.

Yet the pace of AI progress is accelerating, exacerbating the difficulties of developing evidence-based policy and being responsive to emerging risks and opportunities. The federal government needs to strengthen its ability to manage AI risks without overregulating. It can do this through building three interconnected capacities:

• Situational awareness to detect, analyze, and communicate emerging AI risks and opportunities;
• Agile policymaking that can adapt and scale proportionately to evolving threats; and
• Incident response and readiness to manage and contain significant AI-related incidents should they arise.

The AI Action Plan provides an ambitious foundation for these capacities. But it remains a high-level blueprint, leaving gaps in coverage and open questions around implementation and authorities.

This report makes the case for robust, proactive federal government engagement in AI risk management. It examines the current state of U.S. preparedness, assesses the AI Action Plan’s contributions, identifies persistent shortcomings and gaps, and offers solutions to address them. The report advances the following recommendations for U.S. policymakers:

To establish AI situational awareness in government:

1. Empower and equip the Center for AI Standards and Innovation (CAISI) as the federal government’s center of technical AI expertise and evaluation.
   1. Designate CAISI as the federal government’s interagency lead for AI risks.
   2. Fund CAISI sufficiently to execute its critical role.
2. Strengthen information flows from frontier AI developers to government.
   1. Congress should pass a bill enacting greater protections for AI whistleblowers.
   2. The Office of Science and Technology Policy (OSTP) should work with CAISI and other relevant agencies to develop a plan for mandating information sharing and testing for dangerous capabilities, in case voluntary mechanisms prove inadequate.

To bolster policy agility:

3. Establish an interagency AI National Security working group, co-led by the OSTP and the National Security Council, to strengthen intragovernment coordination on AI national security risks.
4. Prepare contingency planning for AI risk scenarios to allow expedited policy action.
5. Establish regular congressional reports by the AI National Security interagency working group to ensure Congress is aware of emerging risks and policy options.
6. Work with allies and partners to harmonize policy approaches to identified AI risks.

To strengthen incident response capacity:

7. Build stronger interconnectivity between the range of agencies and stakeholders that would need to coordinate a response to an incident.
   1. Engage AI companies and experts in updating the Cybersecurity and Infrastructure Security Agency incident response playbooks.
   2. Ensure the AI Information Sharing and Analysis Center also includes representatives from the AI industry.
   3. Conduct regular tabletop exercises including government, private sector, and nonprofit representatives to bolster connectivity between incident responders across public and private sectors.
8. Establish a mechanism for post-incident review and lesson learning.
9. Engage with international partners, including adversaries, on best practices for real-time AI incident response.

Introduction

The rapid advancement of artificial intelligence (AI) presents policymakers with the challenge of governing a transformative technology that is both critical to national security and primarily driven by private innovation. The platitude that societies should harness the benefits of AI while managing its risks fails to address the central question: How?⁵ As AI capabilities continue to advance rapidly, developing a sophisticated answer has become essential for maintaining America’s technological leadership.

The Trump administration has signaled a clear commitment to American AI dominance, championing innovation over restrictive regulation.⁶ However, this innovation-first approach does not negate the need for risk assessment and preparedness.⁷ The potential consequences of advanced AI systems—from automated cyberattacks to exacerbated biosecurity risks to potential loss of control—demand serious attention from policymakers and national security experts. Leading researchers have identified scenarios where AI capabilities, if left unmanaged, could pose significant threats to national security, economic stability, and public safety.⁸ Yet the significant uncertainty about these scenarios necessitates a nimble approach that emphasizes increasing policymaker awareness and speedy response.

Recognizing both the opportunity and urgency of this moment, the White House released the AI Action Plan in July 2025, outlining an ambitious agenda for adopting AI and managing the uncertainty inherent in any rapidly evolving sector. As President Donald Trump outlined at the AI Action Plan’s launch, “This technology brings the potential for bad as well as for good, for peril as well as for progress. . . . We want to have rules, but they have to be smart.”⁹

The key to smart rules lies in developing evidence-based policies that can adapt to emerging capabilities without stifling innovation. Yet here lies a fundamental tension: AI is evolving far faster than the traditional policy cycle, and most early regulatory proposals inevitably will rely on projections rather than robust evidence. Policymakers must balance the imperative to ground decisions in data with the reality that waiting for comprehensive evidence risks leaving society vulnerable to rapidly emerging threats. For many AI-enabled risks, defaulting to a wait-and-see approach will be woefully inadequate, because effective mitigations will take time to develop. Moreover, waiting for threats to fully materialize before implementing safeguards could result in a catastrophic incident that triggers public backlash and undermines the future of American AI progress—much like how nuclear accidents at Three Mile Island and Chernobyl derailed nuclear energy development for decades.¹⁰ The stakes extend beyond domestic security and innovation. If the United States lags in shaping international AI standards and norms, it risks ceding strategic ground to competitors and allowing adversaries to shape the rules of the road for this critical technology.