On June 4, 2026, the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection convened a hearing with an unwieldy title — "The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience" — and a sharp underlying question: as the government races to deploy frontier and agentic AI for cyber defense, what stops it from turning the same tools on its own citizens?
The most quotable answer came from Dr. Matthew Guariglia, Senior Policy Analyst at the Electronic Frontier Foundation. Pressed by Ranking Member Delia Ramirez on how to rein in AI, he reframed the problem entirely: "the question is not how do we rein in AI, it's how do we rein in the agencies that would unleash AI on the American public." That distinction deserves to anchor the policy debate, because it separates two things lawmakers keep conflating — the technology, and the institutions wielding it.
Steelman the case for moving fast
The pressure to adopt is real, and the other witnesses made the strongest version of it. Google Threat Intelligence VP Sandra Joyce told the panel her team found the first documented case of AI being used to develop a zero-day exploit in the wild. Corridor Security's Jack Cable described code being shipped faster than humans can review it, with a meaningful share of agent-generated changes carrying vulnerabilities. The Frontier Model Forum's Chris Meserole warned that foreign actors are stripping safety guardrails off U.S. models through adversarial distillation. If attackers are scaling vulnerability discovery with AI, defenders who refuse to do the same are simply choosing to lose. A government that cannot use frontier models to find and patch flaws in critical infrastructure is not protecting civil liberties — it is leaving the grid, the pipelines, and the hospitals exposed. That is the honest case for speed, and it is a good one.
The Trump EO is more proportionate than its critics expected
Two days before the hearing, on June 2, President Trump signed an executive order, "Promoting Advanced Artificial Intelligence Innovation and Security" (whitehouse.gov). It directs Treasury, the NSA, and CISA to build, within 60 days, a classified benchmarking process to decide when a model crosses into "covered frontier model" territory, and to design a voluntary framework letting developers give the government up to 30 days of pre-release access. A separate "AI cybersecurity clearinghouse" is due within 30 days to coordinate vulnerability scanning and patch distribution.
Crucially — and this is the part worth defending — the order explicitly "does not create any mandatory governmental licensing, pre-clearance, or permitting requirement for the development, publication, release, or distribution of new AI models" (Latham & Watkins analysis). That restraint matters. A licensing regime would have handed incumbents a regulatory moat and slowed the open research the U.S. depends on. A voluntary access framework that leaves model release unencumbered is the proportionate choice. On the innovation axis, the administration largely got this right.
Where the opacity problem bites
The defect Guariglia identified is not in the EO's voluntary design but in its secrecy. A benchmarking process that is classified end to end, applied to proprietary models whose internals are already opaque, produces a system where neither the public nor Congress can audit the government's AI judgments. He documented AI's real failure record — fabricated legal citations, and a Department of Homeland Security error that sent recruits into the field without proper training — and argued that classification and trade-secrecy together make it nearly impossible to account for AI mistakes affecting critical infrastructure (EFF testimony). When an agentic system misclassifies a network event as an attack and retaliates, or an AI triage tool deprioritizes a real vulnerability, opacity converts an ordinary engineering error into an unreviewable one.
This is the genuine tension. We want the government to use the best models fast; we cannot let "best" and "classified" become a shield against oversight. The fix is not to ban government AI — it is targeted transparency: incident reporting when government AI errs against critical infrastructure, audit access for inspectors general and cleared congressional staff, and a clear line between using AI for defense and using generative AI to "supercharge," in Guariglia's words, mass surveillance.
Surveillance reform is the load-bearing piece
Guariglia's most concrete asks were not about AI at all. He linked the hearing to Section 702 of FISA, the data-broker loophole, and limits on government use of general-purpose AI (EFF). The logic is sound: AI is a force multiplier laid over whatever authorities already exist. If agencies can buy location data without a warrant today, frontier models simply let them exploit that data at unprecedented scale tomorrow. Closing the data-broker loophole and imposing a warrant requirement under Section 702 constrain the capability regardless of which model is plugged in — exactly the "rein in the agencies" approach.
The proportionate path
The subcommittee, chaired by Andy Ogles, heard a rare convergence (hearing advisory): industry wants speed, and the civil-liberties witness did not dispute it. The disagreement is narrow and tractable. Keep the EO's light-touch, no-licensing posture. Use frontier AI aggressively for defense. But pair adoption with statutory surveillance limits and break the seal on a benchmarking regime that is, for now, classified to the point of being unaccountable. Innovation and oversight are not opposing dials here — and pretending they are is how lawmakers end up with neither.