On June 2, 2026, the White House issued an Executive Order on “Promoting Advanced Artificial Intelligence Innovation and Security” directing federal agencies to strengthen federal systems, coordinate AI-enabled vulnerability discovery, and develop a voluntary framework for early review of cyber-capable frontier AI models. Much like previous orders that propelled federal agencies toward Zero Trust architectures and phishing-resistant MFA amid rising cyber threats, this new directive acts as a guiding principle that enables the use of AI while promoting safeguards as the technology evolves.
This EO signals clear market validation that federal cyber policy is moving toward stronger, more accountable trust foundations to match the potential that AI brings. It reinforces a simple point: AI raises the stakes for having strong, identity-based security frameworks. As AI systems become more capable, identity becomes the mechanism for authorization, trustworthiness and preserving accountability.
The order’s operational focus is to enable the technology while ensuring national security and cyber defense, including the following key areas:
- AI cybersecurity clearinghouse: The Treasury will lead a clearinghouse to coordinate AI-enabled vulnerability scanning, validate findings and distribute patches in collaboration with the private sector.
- Voluntary frontier model review: The order creates a voluntary framework for AI developers to provide the government early access to “covered frontier models” to evaluate advanced cyber capabilities before broader release.
- Protecting critical infrastructure: The Cybersecurity and Infrastructure Security Agency (CISA) is directed to facilitate access to AI-powered cybersecurity tools for critical infrastructure operators, specifically naming rural hospitals, community banks and local utilities.
Next, let’s break down what the Executive Order means, how it impacts cybersecurity and how organizations can safely approach the AI frontier.
AI is a powerful tool, but unauthorized access can be detrimental
As the new order aims to protect critical infrastructure, it’s important to connect this broader mission to cyber resilience, operational continuity and public trust – all of which rely on reducing credential theft and account takeover risks. AI will undoubtedly make teams more efficient, but weak authentication gives attackers their easiest entry points. Given the power of AI, the risk of unauthorized access can be exponential. Strong, hardware-backed passkey authentication, with security keys, can significantly reduce the paths for attackers. Organizations must position phishing-resistant authentication as foundational to secure AI adoption, not as a separate or siloed identity project.
The order also directs enforcement against the misuse of AI agents for unlawful access. In response, AI agent governance must be inextricably tied to identity governance. Securing the AI ecosystem requires strong human authentication, device trust, service identity, least privilege and rigorous auditability.
YubiKeys provide the hardware-backed, phishing-resistant authentication necessary to secure access to AI systems and prevent scalable automated credential theft attacks. Yubico recently announced the certifications of the next generation of the YubiKey 5 FIPS Series and YubiHSM 2 FIPS – both now FIPS 140-3 validated. As U.S. Government agencies and regulated enterprises accelerate Zero Trust adoption, the FIPS 140-3 validation strengthens a critical hardware-backed foundation for modern identity, data protection and AI security. NIST SP 800-207 defines Zero Trust around granular, least privilege, per request access decision in environments where the network is assumed compromised. CISA’s Zero Trust Maturity Model, and the NSA Zero Trust Implementation Guides translate those principles into maturity and implementation guidance across identity, devices, application and workloads, data, automation and analytics.
For organizations securing the cryptographic foundation behind AI infrastructure, YubiHSM 2 FIPS helps secure cryptographic operations and support compliance with the latest government and industry requirements. Together, YubiKeys and YubiHSM help organizations establish stronger identity assurance, trusted service authentication and verifiable accountability across human users, privileged workflows and AI driven systems.
Yubico is also working alongside industry leaders to ensure AI adoption is safer in real-world scenarios:
- Securing human access to AI: Yubico recently partnered with OpenAI to bring custom, phishing-resistant YubiKeys directly to ChatGPT users. This empowers users and developers with the gold standard of hardware-backed passkeys to protect their most sensitive AI accounts, models and conversations.
- Closing the agentic AI accountability gap: Through strategic partnerships with companies like Delinea and IBM and Auth0, Yubico is establishing human-in-the-loop oversight for autonomous AI. Utilizing Yubico’s Role Delegation Tokens (RDT), organizations can require a physical YubiKey tap to cryptographically prove that a verified human authorized an AI agent’s high-consequence actions, bridging the gap between runtime authorization and human intent.
Moving forward, organizations should closely watch for upcoming CISA “Binding Operational Directives” and guidance, which will likely translate the EO’s goals into concrete identity, access, logging and privileged operation requirements. Additionally, keep an eye on how the Treasury’s clearinghouse operates and how “trusted partners” are defined for frontier model access.
Whether you are a federal agency securing national systems or a private enterprise building the next generation of AI agents, Yubico is here to help ensure that your AI workflows operate securely, resiliently and with verified human accountability. Reach out to our team with any questions on how to get started with YubiKeys today.
