A 30-day voluntary review meets the eroding-oversight problem

Trump's June 2 executive order asks frontier labs to hand models to the government for a 30-day pre-release look. UK AISI's late-May warning is that the chain-of-thought monitoring such reviews implicitly depend on is already degrading — and that frontier cyber-offence capability is now doubling every four months.

Two pieces from the last ten days have to be read together. On June 2 the White House signed an executive order asking frontier labs to voluntarily submit their most powerful models to the government for up to 30 days of cybersecurity review before public release. On May 22 the UK AI Security Institute published findings that the oversight tools that pre-release review programs implicitly rely on are losing their grip — chain-of-thought monitoring works only while frontier models reason in human-readable text, and the frontier cyber-offence doubling time has compressed from seven months at end-of-2025 to four months in mid-2026. The EO is a procedural answer to a problem AISI just told us is outrunning procedural answers.

The political compromise inside the EO is visible in the number that changed. The version the White House was preparing to sign in early May gave the government up to 90 days to review advanced models; the version that actually shipped cut that to 30 days. The cut wasn't a technical judgment about how long evaluations take — pre-deployment red-teaming for the recent frontier-class models routinely runs longer than that — it was a concession to the lab-side complaint that 90 days would interfere with release cadence and cede ground to Chinese frontier programs. What's left after the cut is a window short enough to fit between a model's training-complete date and its planned launch, but probably too short for the kind of evaluation that would catch the failure modes the AISI report flags.

The voluntariness is the second compromise. Both the new EO and the CAISI pre-deployment MOUs signed with Google DeepMind, Microsoft, and xAI in early May are framed as opt-in national-security cooperation rather than as binding pre-market approval. That framing matters: it preserves the legal posture the administration has held since the January 2025 EO repealing earlier Biden-era safeguards, and it sits inside the broader US deregulatory direction (per the EO 14365 AI Litigation Task Force challenging state AI laws). The voluntary frame keeps the relationship cooperative — but it also means a lab that decides the 30-day window costs too much in time-to-market can simply opt out, with no consequence beyond reputational.

AISI's specific technical claim is the part the procedural debate hasn't absorbed. The current generation of safety evaluations leans heavily on chain-of-thought transparency: the model writes its reasoning in English (or another natural language), red-teamers read the trace, and dangerous-capability evaluations score the behavior. That works because the reasoning surface is legible. Latent reasoning architectures — already in research at multiple frontier labs — move the computation entirely into the model's internal state, with no human-readable intermediate. AISI's framing is unusually direct: deploying latent-reasoning systems would eliminate one of the strongest monitoring signals safety teams currently rely on, and there is no published replacement methodology that scales.

The cyber-offence doubling number is the second piece of the AISI finding and it changes what a 30-day window is actually evaluating. If frontier cyber-offence capability is doubling every four months, the model that's reviewed at month T-30-days is materially less capable than the model that ships at month T (because of post-review fine-tuning, RAG additions, and tool integrations that aren't part of the base eval), and dramatically less capable than the model that the same lab will ship four months later under presumably the same procedural review. The review measures a moving target on the slow side of the curve. The 90-day version of the EO would have measured an even slower-side snapshot, which is part of why labs were willing to live with 30 days.

The structurally honest reading is that the US is now running two parallel alignment regimes that aren't engineered to interlock. The procedural regime — voluntary EO, CAISI MOUs, NIST-housed measurement science — assumes the frontier is legible and evaluable on a fixed-month timeline. The empirical regime — AISI evaluations, the joint Anthropic-OpenAI scheming-rate eval published earlier this month, Anthropic's expanded Fellows Program — keeps documenting that the legibility window is closing. Until one regime updates to acknowledge what the other has measured, the EO's 30-day review is best understood as a political artifact: it satisfies the political demand to be seen doing something about frontier risk, without committing to a methodology that AISI has already told us won't scale past the next generation of architectures.

NPR — Trump's new AI safety order seeks voluntary review of new models → · The White House — Promoting Advanced Artificial Intelligence Innovation and Security → · UK AI Security Institute — AISI research and publications — oversight erosion findings →