Does the new AI executive order require federal agencies to change their security testing programs?

The order directs CISA to establish or expand programs enhancing AI-enabled defensive tools and facilitate access to cybersecurity services including frontier models for agencies and critical infrastructure operators. It doesn’t set hard compliance deadlines for testing programs specifically, but the direction is clear: AI-powered defensive capabilities need to scale.

Can Synack help our agency meet these new White House mandates immediately?

Yes. Synack’s AI-powered Penetration Testing as a Service (PTaaS) is purpose-built for continuous security validation and human-machine teaming. In fact, Synack is already helping the majority of cabinet-level agencies fulfill complex federal compliance requirements and proactively defend against advanced zero-day threats.

How should organizations respond to faster AI capability development?

Test more frequently and with AI-augmented methods. The threat is moving faster than annual or quarterly assessment cycles can track. Continuous security validation, combining AI coverage with human expertise, is the only way to realistically keep pace.

Jun 11, 2026

What the New AI Executive Order Means for Federal Security Testing

AI models can now exploit vulnerabilities they couldn't a year ago—adversaries have access to the same improvements.
The new White House AI executive order directs CISA to expand AI-enabled defensive tools and facilitate access to frontier models for agencies and critical infrastructure operators.
AI agents generate broad, high-volume findings; human researchers still find the most complex, high-severity vulnerabilities. Both are needed.

On June 2, the White House signed a new executive order (EO), “Promoting Advanced Artificial Intelligence Innovation and Security.” While most coverage has focused on the voluntary framework for frontier model access, there’s language around defensive cybersecurity that also deserves attention from security leaders.The order directs CISA to establish or expand federal programs and cybersecurity services that enhance AI-enabled defensive tools. That’s a meaningful signal—and it aligns with how Synack is already working with the public sector. Currently, Synack is supporting the majority of cabinet-level federal departments to meet many of these security requirements. We’ve tested sensitive assets from F-15’s Trusted Aircraft Information Download Station (TADS) to remote elections technology for Democracy Live.

The Capability Gap Is Real, and It’s Moving Fast

The EO’s direction toward AI-enabled defensive tools reflects a reality that’s been true in the field for a while: periodic assessments aren’t enough anymore. Testing needs to match the cadence at which your environment changes and the cadence at which offensive capabilities evolve.

The EO demonstrates that the federal government understands AI-powered offensive capabilities are a real and growing threat. However, it doesn’t solve the testing gap most organizations are sitting with right now.

Nearly every day we see AI models get more capable at offensive tasks. And it’s happening faster than most organizations are adjusting their security posture. Things AI couldn’t reliably exploit 12 months ago are now within reach. The attack surface didn’t change. The tooling available to adversaries did. Now the challenge is operationally keeping pace.

How Synack Supports Federal Agencies

By providing continuous testing with a combination of Sara AI Pentesting and Synack Red Team, Synack provides more opportunities for surfacing zero-days than traditional periodic testing. As governments seek to match the speed and scale of threats from AI-powered nation-state threat actors, they can test more frequently and cover more of their attack surface by combining human and AI-led pentesting. Synack’s AI-powered PTaaS is an offensive technique used to achieve a stronger defensive posture. It is a critical piece of a proactive security strategy.

What Security Teams Should Do

The practical response is straightforward: test more frequently, use AI-augmented approaches, and make sure you’re working with partners who have access to the latest models and the research expertise to know what to do with them. If you’re not sure where your program stands, the Glasswing Readiness Assessment is a good place to start or you can try out Sara AI Pentesting as a free trial.