Policy Pulse - Issue #19 | Week of June 13, 2026

Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.

Top Story

The White House signed an AI cyber order. It tells the government how to benchmark machine-found vulnerabilities, and says nothing about how those vulnerabilities reach defenders.

On June 2, President Trump signed Executive Order 14409, "Promoting Advanced Artificial Intelligence Innovation and Security" (White House, Federal Register, FR Doc 2026-11415). It is not a safety order in the 2023 mold. It is innovation-first, explicitly voluntary, and built around cyber defense, with Section 3(c) disclaiming any mandatory licensing, preclearance, or permitting regime. The mechanism: a classified benchmarking process (Section 3(a), run by Treasury, NSA, and CISA with NIST and CAISI advising) to set a cyber-capability threshold that designates a "covered frontier model," plus a voluntary framework (Section 3(b)) giving the government up to 30 days of pre-release access to those models.

Two provisions land squarely on the disclosure community. Section 2(d) directs Treasury, with NSA and CISA, to stand up an "AI cybersecurity clearinghouse" within 30 days to coordinate and deconflict software vulnerability scanning, discovery, validation, and prioritized patch distribution, in voluntary collaboration with AI companies and critical-infrastructure operators. Section 4 directs the Attorney General to prioritize enforcement against AI-enabled unauthorized computer access, which is CFAA-adjacent framing worth watching. The timing is not a coincidence: the order arrived the same week Anthropic expanded access to Claude Mythos, the model that autonomously found more than 10,000 high and critical vulnerabilities and that Anthropic judged too dangerous to release openly. This is a policy reaction to a capability disclosure.

The gap is the story. EO 14409 mandates how the government will assess AI cyber capability, but it specifies no disclosure pathway for what those models actually find. The clearinghouse is a coordination function for scanning and patch distribution, not a coordinated-vulnerability-disclosure standard, and the 30-day window normalizes lab-to-government advance notification, not lab-to-defender. The order assesses capability and leaves the AI-scale submission flood to the same VDP infrastructure that was built for human-paced research. That hole is exactly where disclose.io's work sits.

Why it matters for VDP: A federal "clearinghouse" for AI-discovered vulnerabilities could either complement existing coordinated-disclosure norms or quietly compete with them, depending on how Treasury and CISA scope it over the next 30 days. Program operators should track the Section 2(d) deliverable closely, because it is the first government structure that treats machine-scale vulnerability discovery as a public-private function.

Upcoming Deadlines & Events

• July 6, 2026: NIST IR 8323r2 (PNT/GPS resilience profile) public comment closes. (NIST CSRC)
• ~July 2, 2026 (EO +30 days): CISA Binding Operational Directives (Sec 2(c)) and the Treasury-led AI cybersecurity clearinghouse (Sec 2(d)) are due under EO 14409. (White House)
• July 25, 2026: NIST must submit a formal action plan responding to the Commerce OIG report on its management of the National Vulnerability Database. (Help Net Security)
• ~August 1, 2026 (EO +60 days): The classified covered-frontier-model benchmark and voluntary pre-release framework (Sec 3) are due. (White House)
• August 24, 2026: Petitions for new and renewal DMCA Section 1201 exemptions are due in the Copyright Office's tenth triennial rulemaking. The security-research exemption is in play for 2027 through 2030. (Copyright Office)
• September 11, 2026: EU Cyber Resilience Act reporting obligations go live, including a 24-hour early-warning clock for actively exploited vulnerabilities. ENISA's Single Reporting Platform opens onboarding this month. (ENISA)
• September 28, 2026: Written comments on Section 1201 renewal petitions due. (Copyright Office)

This Week in Policy

Federal Strategy & Regulation

• CISA opens KEV to outside researchers, and BOD 26-04 gives it teeth. CISA launched a public nomination form letting independent researchers, vendors, and the community submit actively-exploited vulnerabilities for Known Exploited Vulnerabilities catalog inclusion (CISA, The Record). Days earlier, BOD 26-04 made the KEV catalog the formal trigger for federal remediation timelines, with the most critical exploited flaws on a clock as short as 3 days (CISA). Getting a bug onto KEV now starts a binding federal patch timer.

CVE & Vulnerability Programs

• Commerce Inspector General finds the NVD's scoring of negligible value. Report OIG-26-020-I found NIST severity scores match independent assessors only 12% of the time, that roughly 80% of submissions already arrive scored, a backlog that grew from about 13,000 to over 27,000 entries and is projected to hit 60,000 in 2026, and warned that public trust in the database will continue to erode without change. NIST owes an action plan by July 25 (The Record, Help Net Security). Practitioners should stop treating NVD enrichment as authoritative for prioritization. The good news underneath: CVE program funding itself was secured as a protected budget line in January, so the identifier layer is stable even as the enrichment layer wobbles (CSO Online). Throwback: the 2025 fear was that CVE would die from underfunding. It survived. The failure moved one layer downstream, to enrichment.

AI & Emerging Tech Security

• Anthropic's Mythos: discovery has decoupled from remediation. Through Project Glasswing, Claude Mythos formally reported 530 high and critical bugs to maintainers, with only 75 patched as of the May 22 update, plus 1,129 additional unvetted disclosures (Anthropic, Cybersecurity Dive). Anthropic's own framing: progress used to be limited by how fast we could find vulnerabilities, and is now limited by how fast we can verify, disclose, and patch them. Maintainers have asked the lab to slow its disclosures. This is the AI-scale VDP-volume event the EO is reacting to, and the intake bottleneck is now the chokepoint.
• UK AISI publishes named cyber evals while the US classifies its own. UK AISI assessed OpenAI's GPT-5.5 as possibly the strongest cyber model it has tested, at a 71.4% expert-task pass rate (AISI). The contrast with EO 14409 is sharp: allies publish quantified public evaluations, while the US routes equivalent assessment into a classified benchmark. Defenders outside the partner circle can see neither.

Legal & Researcher Protections

• DMCA Section 1201 tenth triennial opens. The Copyright Office launched the proceeding that decides whether the security-research circumvention exemption survives into 2027 through 2030, with petitions due August 24 (Copyright Office, Federal Register). This is file-or-lose: the window to renew and expand the exemption closes in ten weeks.
• HackerOne and disclose.io tighten AI-era safe harbor. HackerOne's Good Faith AI Research Safe Harbor extends Gold Standard protections to AI testing (Help Net Security), and the disclose.io Gold Standard Safe Harbor was realigned effective January 1 to track DOJ and Netherlands NCSC guidance (disclose.io).

International Developments

• EU CRA's 24-hour clock starts September 11. ENISA's Single Reporting Platform opens onboarding this month, launching without an API and forcing manual web submissions under a 24-hour early-warning requirement for actively exploited vulnerabilities (ENISA). Any vendor selling into the EU now needs a state-facing disclosure pipeline running alongside the voluntary researcher-to-vendor track.
• UK Computer Misuse Act defence would protect almost no one. The statutory good-faith defence headed for the National Security Bill reportedly gates protection to British nationals holding active UK Cyber Security Council accreditation, roughly 300 people out of about 69,600 cyber professionals, or 0.4% (The Record, Computer Weekly). Critics call it pay-to-play. The CyberUp Campaign is pushing an act-based test (harm-benefit, proportionality, intent, competence) instead of a credential gate (CyberUp).

Worth Reading

• Wiley: New AI Executive Order Addresses Frontier Models and Cybersecurity Vulnerabilities: A clean legal read of EO 14409's frontier-model and clearinghouse provisions for anyone scoping compliance impact.
• The Record: Inspector General finds NIST mistakes made the vulnerability database ineffective: The reporting behind the OIG finding, with the numbers that should reshape how you weight NVD data.
• UK AISI: Our evaluation of OpenAI's GPT-5.5 cyber capabilities: A rare public, quantified government evaluation of a frontier model's offensive cyber capability, and a useful benchmark of what "covered frontier model" might mean in practice.

Friends of disclose.io

Anthropic: Project Glasswing and the disclosure bottleneck

Anthropic's Project Glasswing update is required reading for the VDP community, not because of the model but because of what it revealed about the pipeline. When Claude Mythos was pointed at real software, it surfaced vulnerabilities faster than the world could absorb them: 530 high and critical bugs formally reported, 75 patched, 1,129 further unvetted disclosures, and maintainers asking the lab to please slow down.

For thirty years, vulnerability discovery was the scarce resource, and every disclosure norm we built (coordinated disclosure, VDP, security.txt) was architected to manage that scarcity. Glasswing inverts the model. Discovery is now cheap, remediation is the constraint, and the intake-and-triage layer that VDP programs run is the new chokepoint. The frameworks built for human-paced submission are about to meet machine-paced volume with no triage layer in between.

Key findings:

• 530 high and critical vulnerabilities formally reported to maintainers; only 75 patched as of the May 22 update.
• Maintainers have explicitly asked Anthropic to slow the rate of disclosures.
• Anthropic's own framing names the shift: the bottleneck is no longer discovery, it is verify, disclose, and patch.

📄 Read the Glasswing update

This is the operational reality EO 14409 gestures at but does not solve. The order assesses AI cyber capability and leaves disclosure-at-scale to existing infrastructure, which is precisely the coordinated-disclosure problem space disclose.io exists to work on.

Policy Pulse is a weekly bulletin from disclose.io. Keeping the security research community informed on policy that affects our work.

Have a tip or want to contribute? Reply to this email, reach out on Twitter/X, or drop a comment here!