The last few weeks should end any illusion that the United States can improvise its way through frontier AI policy. What we have witnessed was not serious governance. It was vibe policymaking: ad hoc, deal-by-deal reactions with no clear standard, public explanation, or predictable process. The result was not just confusion. It exposed a deeper weakness: the United States has no reliable way to measure frontier AI risk, no agreed process for acting on it, and no institution built to do either.
In early June, Anthropic released Mythos 5 and its restricted consumer version, Fable 5, models that write complex code and find software vulnerabilities with minimal prompting. Days later, the Administration ordered Anthropic to cut off access to all foreign nationals, effective immediately. Unable to verify nationality in real time, Anthropic pulled the models entirely. OpenAI, meanwhile, held back its own GPT-5.6 series at the government’s request.
Weeks later, we still have no official notice of what triggered the action or what led to the lifting of the restrictions, including GPT 5.6 a few days later. Anonymous officials and surrogates suggested it was an Amazon finding that bypassed Fable’s safeguards. But that same vulnerability was also in weaker models that had been publicly available since October 2025.
That is the danger of vibe policymaking. Without a shared understanding of risk, the government cannot tell a breakthrough risk from an old vulnerability in a more powerful wrapper. A government that cannot explain why one model is restricted while similar capabilities remain available elsewhere will struggle to sustain public trust, industry cooperation, or international credibility, and will make the next crisis harder to manage.
While Washington improvises, states are stepping into the void. Illinois, for example, became the first state last week to require a third-party audit of AI models. That is the hidden cost of federal incoherence. It does not produce light-touch national policy; it produces a fragmented fifty-state patchwork, precisely the outcome industry, policymakers, and states say they want to avoid.
Nor is this a one-time problem. Mythos-class models are already helping write the next generation. Anthropic has said Claude wrote more than 80 percent of it’s own code, up from low single digits a year earlier, and researchers believe it is plausible that within a few years we will see three years of progress compressed into one. Whether or not that exact timeline proves right, the direction is clear: The governance gap is not static; it compounds.
Every safety question we struggle to answer today gets harder as capabilities accelerate, and every delay in building institutional capacity gets more costly. Each ad hoc intervention sets a precedent that either builds toward a predictable process or makes the next one more arbitrary. The United States cannot wait until models are writing their successors at scale to decide how it wants to evaluate, classify, and govern frontier capabilities.
So what should we actually do?
First, the federal government needs real collaboration with frontier labs, especially the national security and intelligence communities. Agencies need genuine visibility into what is coming over both the near and far horizons. That does not mean seizing control of releases. It means structured, ongoing pre-release access so the government can assess risks honestly and prepare for capabilities adversaries will eventually field. Surprise restrictions are not collaboration. They are proof it failed.
Second, the country needs shared standards. The good news is that the technical core already exists in draft. Anthropic, with Amazon, Microsoft, and Google, has proposed scoring model risks in a manner analogous to how the security world scores software vulnerabilities. That scoring should feed a response ladder that maps each severity level to a predefined action, so responses are predictable rather than improvised. We need a national standard for independent third-party audits and some standardization of transparency through system and model cards. Continuous post-deployment monitoring is needed because risk does not end at release. Underneath all of it, the country needs clear lines of authority: who decides, on what evidence, with what notice, and with what recourse. The absence of any documented process is precisely what made the recent shutdown look arbitrary.
Third, the government needs deeper technical expertise. The uncomfortable truth beneath this episode is that the federal government may not yet have the in-house capacity to evaluate frontier AI risks at the speed and sophistication the moment requires. The Center for AI Standards and Innovation (CAISI) should be strengthened, adequately funded, and connected directly to the national security agencies that will have to make these judgments under pressure.
The ideas for governing this technology are maturing fast. The institution capable of holding them is not. Closing that gap, before the models write the next models, is the real work ahead.
Facts Only
* Anthropic released Mythos 5 and Fable 5 in early June.
* The Administration ordered Anthropic to cut off access to all foreign nationals immediately.
* Anthropic pulled the models following the order because real-time nationality verification was impossible.
* OpenAI held back its GPT-5.6 series at the government’s request.
* Official notice regarding the trigger for action or lifting of restrictions is absent concerning GPT 5.6.
* Anonymous officials suggested an Amazon finding bypassed Fable’s safeguards.
* The vulnerability in Fable was also present in publicly available models since October 2025.
* Illinois became the first state to require a third-party audit of AI models.
* Anthropic claimed Claude wrote over 80 percent of its own code.
* Researchers believe future progress may see three years of development compressed into a few years.
Executive Summary
Recent events involving frontier AI models have been characterized by reactive policymaking rather than established governance. The situation stems from an observed gap in the United States' capacity to reliably measure frontier AI risk, establish agreed-upon response processes, or build necessary institutions. For example, Anthropic released powerful models, and the Administration immediately restricted access based on concerns that could not be verified instantly. This lack of clear process has led to fragmented state responses, such as Illinois requiring third-party audits, creating a patchwork regulatory environment instead of cohesive national policy.
The core tension highlighted is the compounding nature of this governance gap, especially as model capabilities accelerate rapidly. While governments improvise responses through ad hoc actions, frontier AI development continues at an accelerating pace, with models already assisting in writing subsequent code and advancing technical capability. The argument posits that without shared standards and institutional capacity, the ability to manage future crises based on risk is severely compromised, leading to potential challenges in public trust and international credibility.
Full Take
The narrative demonstrates a systemic failure where rapid technological advancement outpaces institutional and regulatory capacity, creating a feedback loop of instability. The dynamic observed is not merely about specific model restrictions but about the fundamental deficit in risk assessment infrastructure—the inability to distinguish between novel frontier risks and existing vulnerabilities within less advanced systems. This forces policy into reactive improvisation, which inherently sacrifices predictability, leading to fragmentation (state-level patchwork) instead of coordinated action.
The pattern suggests that when governance structures are absent, emergent power dynamics—where access to cutting-edge capabilities is managed by proprietary entities—are left to dictate the pace and direction of risk management rather than public safety or established legal frameworks. The shift from centralized concern to decentralized state action implies a loss of federal authority, which in turn amplifies the difficulty of managing cross-border or future systemic threats. The call for collaboration with labs and embedding technical expertise suggests that resilience is less about imposing external rules and more about building internal, verifiable mechanisms of assessment and response that can operate at the speed of innovation.
Bridge Questions: If a universally accepted risk scoring mechanism were implemented today, how would the authority structure shift between federal agencies, industry labs, and state regulators? What specific institutional reforms are necessary to ensure that pre-release access truly serves risk assessment rather than becoming an arbitrary point of political leverage? What alternatives exist to building credible technical consensus without relying solely on top-down mandates?
Sentinel — Human
The text is highly analytical and persuasive, structuring observations about AI governance into coherent arguments supported by specific examples, suggesting a human writer focused on systemic critique.
