US–China AI Safety Protocol Announcement
What's new in v8
CyberScoop reports researchers found AI systems including Mythos and GPT-5 broke every benchmark for autonomous cyber capability [20266] — the most significant development this pass, partially resolving the empirical dispute about threat severity in favor of the alarm-raising camp while expanding the governance question beyond Mythos to include GPT-5 and OpenAI systems. The Cloud Security Alliance published additional research specifically on Mythos's autonomous offensive threshold [3745], further deepening the technical documentation base. Americans for Responsible Innovation publicly welcomed the US-China AI safety talks [21016], adding a named civil society voice previously absent from this thread; Reddit discussion of AISI findings [6924] signals the capability debate spreading to mainstream public forums.
What
At the Trump-Xi Beijing summit in May 2026, the US and China established a bilateral AI safety protocol covering frontier model governance and nonstate-actor proliferation [1][2]. The acute threat driving the diplomacy is Anthropic's Mythos model — characterized by Anthropic as 'a cybersecurity reckoning' [11] and now the subject of CyberScoop reporting that researchers found AI systems including Mythos and GPT-5 broke every benchmark for autonomous cyber capability [13]. Governance responses are running simultaneously across Japan [18], the UK [24], the G7 [30], and a fractured US executive branch [28][27], while civil society organizations including Americans for Responsible Innovation have publicly welcomed the bilateral talks [33].
Why it matters
The CyberScoop report [13] marks the first major technical outlet confirmation that autonomous cyber thresholds have been crossed — shifting the central question from 'are these capabilities real' to 'is the governance response commensurate.' With that empirical baseline now established across multiple independent assessments, governance coherence becomes the decisive variable: the executive branch may be running parallel AI security tracks without a unified mandate, Congress is pushing active legislative decoupling, and the bilateral protocol's scope remains undefined against a domestic 'covered frontier model' definition still being drafted.
Open questions
CyberScoop reports AI including Mythos and GPT-5 broke every autonomous cyber benchmark [13] — do these findings align specifically with the AISI formal evaluation's conclusions [12], and does GPT-5 crossing the same threshold put OpenAI systems within the scope of the bilateral protocol's frontier model governance obligations?
Bessent faces White House-level complications on AI policy [28][29] while the ONCD runs a separate AI security framework track [27] — has either executive branch track been designated as the official lead for implementing US obligations under the bilateral protocol?
The draft EO proposes a formal definitional process for 'covered frontier model' [31][32] — with GPT-5 now reportedly crossing autonomous cyber thresholds alongside Mythos [13], does this definition expand which systems fall under bilateral protocol scope without Beijing's input?
Americans for Responsible Innovation has welcomed the US-China AI safety talks [33] — what specific protocol provisions does civil society want strengthened, and do civil society or policy organizations participate in the Glasswing Partner Program's evaluation-sharing structure [16][17]?
Narrative
At the Trump-Xi summit held in Beijing in May 2026, the United States and China agreed to establish a bilateral AI safety protocol, with a stated focus on governing frontier models and preventing highly capable AI from reaching nonstate actors [1][2]. Treasury Secretary Scott Bessent publicly framed US willingness to engage as negotiation from technological advantage — Washington can hold AI talks with China 'because we're still in the lead' [3][4] — and the Wall Street Journal confirmed the guardrail-building logic as the operative rationale behind US engagement [5]. The summit agreement built on a 2024 precedent restricting AI applications in conflict contexts, which MIRI has cited as the predecessor accord the new protocol extends [6][7]. But the summit was reactive as much as proactive: the threat animating the bilateral talks had already reached emergency status months earlier.
In April 2026, Bessent and Federal Reserve Chair Jerome Powell jointly convened an emergency meeting with US bank CEOs to warn them about cybersecurity risks posed by Anthropic's Mythos model [8][9][10]. The New York Times had reported Anthropic characterizing Mythos as 'a cybersecurity reckoning' [11], and the UK's AI Safety Institute published a formal evaluation of Mythos Preview's cyber capabilities [12]. CyberScoop subsequently reported that researchers found AI systems — including Mythos and GPT-5 — had broken every benchmark for autonomous cyber capability [13], and the Cloud Security Alliance published research specifically on Mythos's autonomous offensive threshold [14]. Together these assessments shift the central empirical question from whether Mythos capabilities are real toward whether the governance response is commensurate with documented thresholds. Anthropic's official system card [15] and the Glasswing Partner Program for vetted evaluation-sharing [16][17] provide controlled disclosure infrastructure alongside the independent assessments.
The governance response spans multiple jurisdictions and executive tracks simultaneously. Japan Prime Minister Sanae Takaichi ordered a formal national cybersecurity review specifically targeting Mythos [18][19], described the situation as a 'race against time' [20], and demanded Big Tech be formally included in any governmental response [21]; Japan's national cyberdefense guidelines are in active development [22][23]. HM Treasury, the Bank of England, and the FCA issued formal joint requirements — not advisories — obligating UK financial firms to embed model governance for frontier AI cyber risk [24][25][26]. Within the US, the White House cybersecurity office was crafting an AI security policy framework as early as February 2026 [27], even as Politico reports Bessent faces complications at the White House level on AI policy [28][29], suggesting the executive branch may be running parallel AI security tracks without a unified mandate. The G7 has begun separate frontier-model governance discussions [30], and a draft US Executive Order proposes a formal definitional process for 'covered frontier model' [31][32] — a threshold with direct implications for bilateral protocol scope, made more urgent by the reported finding that GPT-5 may also have crossed autonomous cyber thresholds [13].
Civil society organizations including Americans for Responsible Innovation have publicly welcomed the US-China AI safety talks [33], while public discourse spans a wide register. A cybersecurity insider has publicly questioned Mythos's claimed capabilities [34], and social media commentators have characterized the surrounding coverage as 'scary hype' [35] — though CyberScoop's benchmark findings [13] add authoritative technical media weight to the threat-severity side of that dispute. Senator Josh Hawley's S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act [36], stands in direct tension with the executive branch's cooperative bilateral engagement, with Congress pushing toward hard AI separation from China while the White House pursues shared safety governance with Beijing [37][38].
Timeline
- 2024: US and China reach an agreement restricting AI applications in conflict contexts — cited by MIRI as the predecessor accord the 2026 protocol builds upon [6][7][54][55][56]
- 2025-02: Senator Josh Hawley introduces S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 [44][37][38][36]
- 2026-02: White House cybersecurity office (ONCD) is crafting an AI security policy framework, per a top official's public remarks [27]
- 2026-04-07: New York Times reports Anthropic characterizes Mythos as 'a cybersecurity reckoning'; Anthropic releases the Mythos Preview System Card [11][15]
- 2026-04-10: Treasury Secretary Bessent and Fed Chair Powell jointly convene an emergency meeting with US bank CEOs to warn about Mythos cybersecurity risks; confirmed by Bloomberg, Bloomberg Law, CoinDesk, and Claims Journal [8][9][10][40]
- 2026-04: UK AI Safety Institute publishes formal evaluation of Claude Mythos Preview's cyber capabilities; Cloud Security Alliance publishes research on Mythos vulnerability discovery and autonomous offensive threshold; cybersecurity insider publicly questions Mythos capability claims [12][57][14][34]
- 2026-05-12: Japan PM Takaichi orders a national cybersecurity review targeting Mythos, describes it as a 'race against time'; The Register independently confirms the order [18][19][20]
- 2026-05-14: Trump-Xi Beijing summit; US and China agree to build a bilateral AI safety protocol covering frontier model governance and nonstate-actor proliferation [58][1][2]
- 2026-05-15: Bessent tells CNBC the US holds AI talks with China 'because we're still in the lead,' framing engagement as negotiation from technological advantage [3][39][4]
- 2026-05-15: HM Treasury, Bank of England, and FCA issue formal joint statement requiring UK financial firms to embed model governance for frontier AI cyber risk [47][26][24][25][48][51]
- 2026-05-19: Japan PM Takaichi demands Big Tech inclusion in government AI response; Nikkei and Asahi confirm Japan is drafting national cyberdefense guidelines; Anthropic's Glasswing Partner Program for Mythos evaluation-sharing is reported [41][42][22][23][21][16][17]
- 2026-05-21: G7 begins frontier-model governance discussions; draft US Executive Order proposes formal process for defining 'covered frontier model' [30][31][32]
- 2026-05-21: Politico reports Bessent faces White House-level complications in his AI policy alarm-raising, signaling internal executive branch friction [28][29]
- 2026-05: CyberScoop reports researchers found AI systems including Mythos and GPT-5 broke every benchmark for autonomous cyber capability [13]
- 2026-05: Americans for Responsible Innovation publicly welcomes the US-China AI safety talks [33]
- 2026-05: Baker McKenzie confirms UK FCA reinforced supervisory expectations for frontier AI; IAPS publishes policy research on Mythos cyber implications; Lowenstein Sandler issues legal alert on Mythos cyber risk stakes; BBC publishes Mythos explainer [52][59][60][61]
Perspectives
Treasury Secretary Scott Bessent (& Fed Chair Powell)
Frames US engagement with China as negotiating from technological strength ('we're in the lead'); jointly convened with Powell a pre-summit emergency meeting with bank CEOs to warn about Mythos risks. Politico reports Bessent faces White House-level complications in his AI policy alarm-raising.
Evolution: Politico Pro confirms the internal friction story; no shift in stance, but the internal resistance is multiply confirmed.
Japan PM Sanae Takaichi
Frames the Mythos situation as a 'race against time,' ordered a formal national cybersecurity review targeting Mythos, demanded Big Tech be formally included in any governmental response, and is leading Japan toward drafting national cyberdefense guidelines.
Evolution: The Register independently confirms the May 12 review order; consistent stance throughout.
Anthropic
Characterized Mythos as 'a cybersecurity reckoning' at launch; manages controlled disclosure through the Glasswing Partner Program and published an official system card as primary capability documentation.
Evolution: Consistent positioning as managing risk disclosure rather than suppressing it; no new items this pass.
UK AI Safety Institute (AISI)
Published a formal government evaluation of Claude Mythos Preview's cyber capabilities — the first official government body to produce a primary-source assessment — establishing an institutional baseline for governance decisions.
Evolution: CyberScoop's benchmark-breaking report independently corroborates the direction of AISI's capability findings.
Senator Josh Hawley
Sponsors S.321 proposing sweeping decoupling of American AI development from China — directly opposed to the executive branch's cooperative bilateral engagement with Beijing.
Evolution: Consistent; no new items this pass.
UK financial regulators (HM Treasury, Bank of England, FCA)
Issued formal — not advisory — requirements obligating UK financial firms to embed frontier AI model governance for cyber resilience; Baker McKenzie confirms FCA reinforced supervisory expectations specifically for frontier AI.
Evolution: Consistent; no new items this pass.
White House cyber shop (ONCD)
Was crafting an AI security policy framework as early as February 2026, indicating a separate executive branch cybersecurity track that may not be coordinated with Bessent's Treasury-led alarm-raising.
Evolution: Consistent; no new items this pass.
Cybersecurity researchers / public skeptics
CyberScoop reports researchers found AI broke every autonomous cyber benchmark, corroborating threat-severity framing; an unnamed cybersecurity insider and social media commentators continue to contest Mythos capability claims as 'scary hype.'
Evolution: CyberScoop benchmark findings significantly strengthen the empirical case against skeptics, narrowing but not eliminating the contested terrain.
Tensions
- CyberScoop's report that AI including Mythos and GPT-5 broke every autonomous cyber benchmark [13] vs. a cybersecurity insider and public commentators characterizing the Mythos narrative as 'scary hype' [34][35] — technical media now backs the threat-severity framing, but specialist skeptics persist [13][34][35][12]
- Bessent's internal alarm-raising facing White House complications [28][29] vs. the ONCD's separate AI security framework track [27] — two executive branch AI security efforts that may not be unified under a single mandate [28][29][27]
- Bessent's 'negotiating from strength' public framing [3][4] vs. the mutual-interest logic inherent in a shared safety protocol — US dominance framing risks undermining Beijing's willingness to treat protocol obligations as genuinely reciprocal [3][4][53]
- Senator Hawley's S.321 legislative decoupling push [36] vs. the Trump administration's executive cooperative bilateral engagement [1][2] — Congress moving toward hard AI separation from China while the executive branch pursues shared governance with Beijing [37][38][36][1][2]
- Japan PM Takaichi's demand for mandatory Big Tech inclusion in governance [21] vs. the state-centric framing of the US-China bilateral protocol [1] — whether governments alone can implement effective frontier AI governance [21][1][18]
- Draft EO's domestic 'covered frontier model' definition process [31][32] vs. the bilateral protocol's implicit scope [1] — now more urgent with GPT-5 reportedly joining Mythos in breaking autonomous cyber benchmarks [13], potentially expanding what must be governed without Beijing's input [31][32][1][13]
Status: active and growing
Sources
- [1] At the Trump-Xi summit, the US and China reportedly agreed to start building an AI safety protocol for frontier models. — reactive:us-china-ai-safety-protocol (2026-05-15)
- [2] The US and China agreed to build an AI safety protocol at the Trump-Xi summit in Beijing. The aim: keep frontier models ... — reactive:us-china-ai-safety-protocol (2026-05-14)
- [3] #US can hold #AI talks with #China because ‘we are in the lead,’ Bessent tells CNBC as nations plan #safety #protocol ht... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [4] @MarioNawfal @SecScottBessent > “We can hold AI talks with China because we’re still in the lead.” — reactive:us-china-ai-safety-protocol (2026-05-14)
- [5] U.S. and China Pursue Guardrails to Stop AI Rivalry From Spiraling ... — reactive:us-china-ai-safety-protocol
- [6] The two countries also issue a joint common-sense commitment that either builds on the 2024 agreement restricting AI con... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [7] An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — MIRI Technical Governance Team — reactive:us-china-ai-safety-protocol
- [8] Mythos AI threat prompts Bessent, Powell to convene bank CEOs for ... — reactive:us-china-ai-safety-protocol
- [9] Bessent Urgently Summons Bank CEOs Over Anthropic’s New AI (2) — reactive:us-china-ai-safety-protocol
- [10] Anthropic Model Scare Sparks Urgent Bessent, Powell Warning to ... — reactive:us-china-ai-safety-protocol
- [11] Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ... — reactive:frontier-ai-cyber-capabilities
- [12] Our evaluation of Claude Mythos Preview's cyber capabilities — reactive:frontier-ai-cyber-capabilities
- [13] Researchers say AI just broke every benchmark for autonomous cyber capability — reactive:us-china-ai-safety-protocol
- [14] Claude Mythos and the AI Autonomous Offensive Threshold — reactive:frontier-ai-cyber-capabilities
- [15] [PDF] Claude Mythos Preview System Card - Anthropic — reactive:frontier-ai-cyber-capabilities
- [16] Anthropic frees Mythos partners to share cyber findings — reactive:us-china-ai-safety-protocol
- [17] Inside Anthropic's Glasswing Partner Program for Claude Mythos | MindStudio — reactive:us-china-ai-safety-protocol
- [18] Japan's Takaichi Urges Govt to Take Cybersecurity Measures | Nippon.com — reactive:us-china-ai-safety-protocol
- [19] Japan’s PM orders cybersecurity review to defend against Anthropic Mythos — reactive:us-china-ai-safety-protocol
- [20] Responding to Mythos Race Against Time: Japan's Takaichi | Nippon.com — reactive:us-china-ai-safety-protocol
- [21] Prime Minister Sanae Takaichi said that the government is rushing ... — reactive:us-china-ai-safety-protocol
- [22] Japan to craft cyberdefense guidelines in response to Anthropic's Mythos - Nikkei Asia — reactive:us-china-ai-safety-protocol
- [23] Japan rushing to counter threat of cyberattack from Mythos AI model | The Asahi Shimbun: Breaking News, Japan News and Analysis — reactive:us-china-ai-safety-protocol
- [24] Bank, FCA and Treasury set out AI resilience rules — reactive:us-china-ai-safety-protocol
- [25] United Kingdom: Bank of England, Financial Conduct Authority and HM Treasury published joint statement on frontier AI models and cyber resilience - Digital Policy Alert — reactive:us-china-ai-safety-protocol
- [26] The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience | Bank of England — reactive:us-china-ai-safety-protocol
- [27] White House cyber shop is crafting AI security policy framework, top official says - Nextgov/FCW — reactive:us-china-ai-safety-protocol
- [28] Scott Bessent has been raising the alarm on AI policy. But ... - Politico — reactive:us-china-ai-safety-protocol
- [29] Scott Bessent has been raising the alarm on AI policy. But the delays ... — reactive:us-china-ai-safety-protocol
- [30] (2) G7 begins discussions on frontier-model governance — reactive:us-china-ai-safety-protocol (2026-05-21)
- [31] The most interesting policy idea in this draft EO, IMO, is the proposed process for defining "covered frontier model." — reactive:us-china-ai-safety-protocol (2026-05-22)
- [32] The new AI Release Gatekeeper: The U.S. Government — reactive:us-china-ai-safety-protocol (2026-05-21)
- [33] Americans for Responsible Innovation Welcomes U.S.-China AI Safety Talks - Americans for Responsible Innovation — reactive:us-china-ai-safety-protocol
- [34] Anthropic's Mythos Claims Questioned by Cybersecurity Insider — reactive:frontier-ai-cyber-capabilities
- [35] Let's talk about Mythos! Lot of scary hype about Anthropic's latest AI ... — reactive:us-china-ai-safety-protocol
- [36] [PDF] Decoupling America's Artificial Intelligence Capabilities from China Act — reactive:us-china-ai-safety-protocol
- [37] Senator Hawley Introduces Sweeping U.S.-China AI Decoupling Bill | Global Policy Watch — reactive:us-china-ai-safety-protocol
- [38] Hawley Introduces Legislation to Decouple American AI Development from Communist China - Josh Hawley — reactive:us-china-ai-safety-protocol
- [39] 11/ Treasury Secretary Bessent said the US can hold AI talks with China because it is in the lead, as nations plan a sha... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [40] Bessent, Powell Warned Bank CEOs About Anthropic Model Risks, Sources Say — reactive:us-china-ai-safety-protocol
- [41] Japan’s Mythos response ’must involve Big Tech,’ says LDP cybersecurity chief - The Japan Times — reactive:us-china-ai-safety-protocol
- [42] INTERVIEW: Japan's Mythos Response "Must Involve Big Tech" - JIJI PRESS — reactive:us-china-ai-safety-protocol
- [43] AI Security Institute Findings on Claude Mythos Preview : r/singularity — reactive:frontier-ai-cyber-capabilities
- [44] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 — reactive:us-china-ai-safety-protocol
- [45] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial ... — reactive:us-china-ai-safety-protocol
- [46] S. 321 (IS) - Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 - BILLS-119s321is | Content Details | GovInfo — reactive:us-china-ai-safety-protocol
- [47] HM Treasury, BoE, and FCA just issued formal expectations—not guidance—for frontier AI risk. UK firms must embed model g... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [48] BoE, FCA and HM Treasury joint statement on Frontier AI models ... — reactive:us-china-ai-safety-protocol
- [49] BoE, FCA and HM Treasury statement on frontier AI models and ... — reactive:us-china-ai-safety-protocol
- [50] UK authorities warn on frontier AI models and cyber resilience – Finadium — reactive:us-china-ai-safety-protocol
- [51] BoE, FCA and HM Treasury statement on frontier AI models and cyber resilience — reactive:us-china-ai-safety-protocol
- [52] United Kingdom: FCA Reinforces Supervisory Expectations for Frontier AI | Insight | Baker McKenzie — reactive:us-china-ai-safety-protocol
- [53] 😸 The AI Cold War got a protocol — The Neuron (2026-05-15)
- [54] An International Agreement to Prevent the Premature Creation of ... — reactive:us-china-ai-safety-protocol
- [55] Preventing covert ASI development in countries within our agreement | MIRI TGT — reactive:us-china-ai-safety-protocol
- [56] New Report: An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — LessWrong — reactive:us-china-ai-safety-protocol
- [57] Claude Mythos: AI Vulnerability Discovery and Containment Failures — reactive:frontier-ai-cyber-capabilities
- [58] 🚀 US and China Agree on AI Emergency Protocol at Beijing Summit — reactive:us-china-ai-safety-protocol (2026-05-18)
- [59] Mythos and the Evolving Cyber Landscape: Implications and Policy Priorities — Institute for AI Policy and Strategy — reactive:us-china-ai-safety-protocol
- [60] Claude Mythos Preview Raises the Stakes for Cyber Risk and Security Vulnerabilities (Data Privacy) | Lowenstein Sandler LLP — reactive:us-china-ai-safety-protocol
- [61] What is Anthopic's Claude Mythos and what risks does it pose? - BBC — reactive:us-china-ai-safety-protocol