US–China AI Safety Protocol Announcement · history
Version 4
2026-05-23 02:19 UTC · 115 items
What
At the Trump-Xi Beijing summit in May 2026, the US and China agreed to a bilateral AI safety protocol covering frontier model governance and preventing highly capable AI from reaching nonstate actors [1][2]. The protocol's diplomatic context has since expanded substantially: Treasury Secretary Bessent and Federal Reserve Chair Powell had already convened a joint emergency meeting with US bank CEOs in April 2026 — before the summit — to warn them directly about Anthropic's Mythos model's cybersecurity risks [6][8], establishing Mythos as the acute threat driving both domestic financial regulation and diplomacy simultaneously. Japan's Prime Minister Sanae Takaichi (previously identified as LDP cybersecurity chief) is personally leading her government's emergency response, describing the situation as a 'race against time' and demanding Big Tech inclusion in any credible governance response [15][16]. The G7 has separately begun frontier-model governance discussions [22], and a draft US Executive Order is circulating with a proposed formal process for defining 'covered frontier model' [23][24].
Why it matters
The Bessent-Powell bank CEO meetings in April reveal that the Mythos threat was already driving parallel financial regulatory action and diplomatic preparation before the summit — the bilateral protocol was not an early, deliberate governance architecture but a response to an acute, already-active crisis. With Japan's executive branch now personally engaged, the G7 beginning its own track, and a domestic US EO in circulation, the bilateral frame is under pressure from multiple directions at once, raising the question of whether the US-China agreement anchors a multilateral floor or becomes one instrument among several competing governance regimes.
Open questions
Bessent and Powell jointly warned US bank CEOs about Mythos in April 2026 [6][8] — what specific threat scenarios did they describe, and do those scenarios align with or exceed what the bilateral protocol's nonstate-actor provisions actually cover?
Japan's Prime Minister Takaichi is now personally leading the Mythos response [16] — will Japan's national cyberdefense guidelines [19][20] be formally coordinated with the US-China protocol, or will they develop into a separate, potentially incompatible national framework?
The draft US Executive Order proposes a formal government process for defining 'covered frontier model' [23][24] — will that definition align with the bilateral protocol's scope, or create domestic criteria that diverge from what Washington agreed with Beijing?
G7 frontier-model governance discussions have begun [22] — will that forum produce obligations that supersede, complement, or conflict with the bilateral US-China protocol?
Narrative
At the Trump-Xi summit held in Beijing in May 2026, the United States and China agreed to establish a bilateral AI safety protocol, with a stated focus on governing frontier models and preventing highly capable AI from reaching nonstate actors [1][2]. The agreement was among the higher-profile deliverables of a summit that also addressed trade, semiconductors, and strategic competition broadly. Treasury Secretary Scott Bessent has been the clearest public voice for Washington's posture: the US can engage China on AI 'because we're still in the lead,' positioning the protocol as negotiation from technological advantage rather than partnership between equals [3][4]. The Wall Street Journal has confirmed the guardrail-building framing as the operative logic behind US engagement [5].
What the summit narrative obscures is that the acute threat driving both diplomacy and domestic regulatory action was already active months before the agreement. In April 2026, Bessent and Federal Reserve Chair Jerome Powell jointly convened a meeting with US bank CEOs specifically to warn them about the cybersecurity risks posed by Anthropic's Mythos model [6][7][8]. Sullivan & Cromwell's legal memo on the meeting confirms both principals were present and that the cybersecurity risk framing was explicit [6]. Anthropic subsequently published a system card and alignment risk update for the Mythos Preview release [9][10], and independent assessments have analyzed Mythos's offensive cyber capabilities and vulnerability discovery functions [11][12][13][14]. The pre-summit bank CEO meetings establish that Mythos's threat profile was already acute enough to convene the Treasury Secretary and Fed Chair simultaneously — the bilateral protocol, in this light, is as much a reactive diplomatic instrument as a proactive governance architecture.
Japan's response has escalated to the executive level. Prime Minister Sanae Takaichi — previously reported in some outlets as LDP cybersecurity chief — is personally leading Japan's government response to Mythos, describing the situation as a 'race against time' and publicly insisting that any credible governmental response must formally involve Big Tech [15][16][17][18]. Japan Times and multiple major Japanese outlets confirm Japan is actively drafting national cyberdefense guidelines specifically in response to Mythos [19][20], and Japan's broader Active Cyber Defense Law framework provides the legal scaffolding for those guidelines [21]. Takaichi's elevation to Prime Minister means this is no longer a portfolio-level policy response — it carries executive authority at the highest level of the Japanese government, making Japan's emerging framework the most significant third-party governance output triggered by the Mythos disclosure.
The wider governance environment is converging from multiple directions. The G7 has begun separate discussions on frontier-model governance [22], and a draft US Executive Order circulating in late May 2026 proposes a formal government process for defining what constitutes a 'covered frontier model' — a threshold determination that would have direct implications for which systems fall under the bilateral protocol's scope [23][24]. UK financial regulators have independently issued formal — not advisory — requirements obligating financial firms to embed model governance for frontier AI cyber risk [25][26][27], confirmed by multiple regulatory reporting outlets [28][29][30]. The Machine Intelligence Research Institute has published research on international frameworks for preventing premature artificial superintelligence creation, positioning the 2026 protocol within a traceable lineage of international AI governance instruments [31][32][33][34]. A US Senate bill — S.321, the Decoupling America's Artificial Intelligence Act — is also in circulation in the 119th Congress [35], signaling legislative interest in a harder separation from Chinese AI development that runs directly against the cooperative spirit of the bilateral protocol. Across US, EU, Chinese, and now G7 frameworks, the emergent pattern is convergence on pre-deployment review requirements for cyber and biological risks plus targeted application bans — an implicit shared floor forming without formal multilateral coordination [36].
Timeline
- 2024: US and China reach an agreement restricting AI applications in conflict contexts — cited by MIRI as the predecessor accord the 2026 protocol may build upon [41][33][34][31][32]
- 2026-04-10: Treasury Secretary Bessent and Federal Reserve Chair Powell jointly meet with US bank CEOs to warn them about cybersecurity risks posed by Anthropic's Mythos model [6][7][8]
- 2026-04: Independent assessment of Claude Mythos Preview's cybersecurity capabilities published on Medium; Cloud Security Alliance publishes research on Mythos vulnerability discovery and containment [11][12]
- 2026-05-10: The Neuron reports US, EU, and China independently converging on AI oversight architectures centered on pre-deployment cyber/bio review and targeted application bans [36]
- 2026-05-14: Trump-Xi Beijing summit; US and China agree to build a bilateral AI safety protocol covering frontier model governance and nonstate-actor proliferation [45][1][2]
- 2026-05-14: Japan Prime Minister Takaichi describes Japan's Mythos response as a 'race against time,' per Nippon.com [18][15]
- 2026-05-15: Treasury Secretary Bessent tells CNBC the US can hold AI talks with China 'because we're still in the lead,' framing engagement as negotiation from technological advantage [3][37][4]
- 2026-05-15: HM Treasury, Bank of England, and FCA issue formal (not advisory) joint statement requiring UK financial firms to embed model governance for frontier AI cyber risk [42][25][26][27][28]
- 2026-05-19: Japan Times, JIJI Press, Nikkei Asia, and Asahi Shimbun cover Prime Minister Takaichi's call for Big Tech inclusion; Nikkei and Asahi confirm Japan is actively drafting national cyberdefense guidelines in response to Mythos [17][39][19][20][46][16]
- 2026-05-21: G7 begins discussions on frontier-model governance [22]
- 2026-05-21: Draft US Executive Order circulates proposing formal government process for defining 'covered frontier model'; commentary notes US government emerging as 'AI release gatekeeper' [23][24]
Perspectives
Treasury Secretary Scott Bessent
Frames US willingness to engage China on AI as a concession from technological strength ('we're in the lead'), not mutual risk management; cited Mythos as a concrete capability concern driving diplomatic urgency; jointly convened April bank CEO meetings with Powell to warn of Mythos cyber risks before the summit
Evolution: Expanded: the April Bessent-Powell bank CEO meetings [6][8] show his posture predates the summit and was already driving domestic financial regulatory action, not just diplomatic framing
Federal Reserve Chair Jerome Powell
Jointly convened with Bessent a pre-summit meeting with US bank CEOs specifically to warn about Mythos cybersecurity risks, signaling Fed-level alarm about frontier AI's financial system threat
Evolution: New voice in this thread: previously untracked; the April Bessent-Powell meetings establish Powell as an active participant in pre-summit Mythos threat assessment, not merely a bystander to the diplomatic track
Japan Prime Minister Sanae Takaichi
Frames the Mythos situation as a 'race against time,' demands Big Tech be formally included in any governmental response, and is personally leading Japan toward drafting national cyberdefense guidelines at the executive level
Evolution: Substantially elevated: now confirmed as Prime Minister [16], not merely LDP cybersecurity chief — Japan's response carries executive authority at the highest level of government, not portfolio-level
MIRI (Machine Intelligence Research Institute)
Frames the new protocol as building on a 2024 AI-in-conflict precedent; has published research proposing international frameworks for preventing premature ASI creation, suggesting the current bilateral deal fits within a broader governance architecture MIRI is actively theorizing
Evolution: Consistent; additional MIRI content on preventing covert ASI development within agreement countries [31] deepens but does not shift the stance
UK financial regulators (HM Treasury, Bank of England, FCA)
Issued formal — not advisory — requirements obligating UK financial firms to embed frontier AI model governance for cyber resilience, framing this as a regulatory obligation, not a recommendation
Evolution: Consistent; confirmed by multiple regulatory reporting outlets
Grant Harvey / The Neuron
Cautiously optimistic that the protocol matters even though it is narrow; confirmed the summit as the specific occasion for the agreement
Evolution: Consistent across all items in this thread
G7 (as emerging governance forum)
Has begun separate frontier-model governance discussions, signaling that the bilateral US-China frame is not the only multilateral track in play
Evolution: New voice: G7 discussions beginning [22] represent a formally multilateral alternative to the bilateral protocol — not yet a competing framework, but a distinct track
US Congress (S.321 sponsors)
Senate bill proposing to decouple American AI from Chinese AI development — a posture that directly contradicts the cooperative spirit of the bilateral safety protocol
Evolution: New voice: S.321 [35] introduces a legislative counterweight to the executive-branch bilateral engagement; extent of support and likelihood of passage unknown
Tensions
- Bessent's 'position of strength' framing ('we're in the lead') vs. the mutual-interest logic implicit in a shared safety protocol: if Washington publicly frames the deal as a concession granted from technological dominance, China may resist treating protocol obligations as genuinely reciprocal [3][4][38]
- State-centric bilateral framing of the US-China protocol vs. Prime Minister Takaichi's demand for mandatory Big Tech involvement — a direct challenge to whether governments alone can or should govern frontier AI risks like Mythos [17][39][18][16][1]
- Executive-branch bilateral engagement (the Trump-Xi protocol) vs. legislative decoupling push (S.321) — Congress moving toward hard AI separation from China while the executive branch pursues cooperative safety governance [35][1][2]
- Draft EO's proposed formal process for defining 'covered frontier model' [23] vs. the bilateral protocol's implicit scope — domestic definitional criteria could expand or narrow which systems fall under US-China obligations without Beijing's input [23][24][1]
- MIRI's framing of the new deal as building on a 2024 AI-in-conflict precedent (implying legal continuity and incremental obligation) vs. the absence of any official confirmation that such a link exists or was intended [41][33][34][31][32]
Sources
- [1] At the Trump-Xi summit, the US and China reportedly agreed to start building an AI safety protocol for frontier models. — reactive:us-china-ai-safety-protocol (2026-05-15)
- [2] The US and China agreed to build an AI safety protocol at the Trump-Xi summit in Beijing. The aim: keep frontier models ... — reactive:us-china-ai-safety-protocol (2026-05-14)
- [3] #US can hold #AI talks with #China because ‘we are in the lead,’ Bessent tells CNBC as nations plan #safety #protocol ht... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [4] @MarioNawfal @SecScottBessent > “We can hold AI talks with China because we’re still in the lead.” — reactive:us-china-ai-safety-protocol (2026-05-14)
- [5] U.S. and China Pursue Guardrails to Stop AI Rivalry From Spiraling ... — reactive:us-china-ai-safety-protocol
- [6] Treasury Secretary and Federal Reserve Chair Warn Bank CEOs About Cybersecurity Risks Posed by Anthropic’s New AI Model | Sullivan & Cromwell LLP — reactive:us-china-ai-safety-protocol
- [7] Bessent, Powell warned bank CEOs about Anthropic risks: sources — reactive:us-china-ai-safety-protocol
- [8] Powell, Bessent met with U.S. Bank CEOs over Anthropic's Mythos threat — reactive:us-china-ai-safety-protocol
- [9] [PDF] Alignment Risk Update: Claude Mythos Preview - Anthropic — reactive:ai-deployment-misalignment-risk
- [10] [PDF] Claude Mythos Preview System Card - Anthropic — reactive:ai-deployment-misalignment-risk
- [11] Assessing Anthropic Claude Mythos Preview’s Cybersecurity Capabilities | by Tahir | Apr, 2026 | Medium — reactive:frontier-ai-cyber-capabilities
- [12] Claude Mythos: AI Vulnerability Discovery and Containment Failures — reactive:frontier-ai-cyber-capabilities
- [13] Claude Mythos: Analyzing Anthropic’s new frontier model for AI security — reactive:us-china-ai-safety-protocol
- [14] What Is Inside Claude Mythos Preview? Dissecting the System Card ... — reactive:us-china-ai-safety-protocol
- [15] Takaichi says responding to Mythos is a 'race against time' — reactive:us-china-ai-safety-protocol
- [16] Prime Minister Sanae Takaichi said that the government is rushing ... — reactive:us-china-ai-safety-protocol
- [17] Japan’s Mythos response ’must involve Big Tech,’ says LDP cybersecurity chief - The Japan Times — reactive:us-china-ai-safety-protocol
- [18] Responding to Mythos Race Against Time: Japan's Takaichi | Nippon.com — reactive:us-china-ai-safety-protocol
- [19] Japan to craft cyberdefense guidelines in response to Anthropic's Mythos - Nikkei Asia — reactive:us-china-ai-safety-protocol
- [20] Japan rushing to counter threat of cyberattack from Mythos AI model | The Asahi Shimbun: Breaking News, Japan News and Analysis — reactive:us-china-ai-safety-protocol
- [21] Japan's Active Cyber Defense Law: AEV & Resilience - SafeBreach — reactive:us-china-ai-safety-protocol
- [22] (2) G7 begins discussions on frontier-model governance — reactive:us-china-ai-safety-protocol (2026-05-21)
- [23] The most interesting policy idea in this draft EO, IMO, is the proposed process for defining "covered frontier model." — reactive:us-china-ai-safety-protocol (2026-05-22)
- [24] The new AI Release Gatekeeper: The U.S. Government — reactive:us-china-ai-safety-protocol (2026-05-21)
- [25] The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience | Bank of England — reactive:us-china-ai-safety-protocol
- [26] Bank, FCA and Treasury set out AI resilience rules — reactive:us-china-ai-safety-protocol
- [27] United Kingdom: Bank of England, Financial Conduct Authority and HM Treasury published joint statement on frontier AI models and cyber resilience - Digital Policy Alert — reactive:us-china-ai-safety-protocol
- [28] BoE, FCA and HM Treasury joint statement on Frontier AI models ... — reactive:us-china-ai-safety-protocol
- [29] BoE, FCA and HM Treasury statement on frontier AI models and ... — reactive:us-china-ai-safety-protocol
- [30] UK authorities warn on frontier AI models and cyber resilience – Finadium — reactive:us-china-ai-safety-protocol
- [31] Preventing covert ASI development in countries within our agreement | MIRI TGT — reactive:us-china-ai-safety-protocol
- [32] New Report: An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — LessWrong — reactive:us-china-ai-safety-protocol
- [33] An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — MIRI Technical Governance Team — reactive:us-china-ai-safety-protocol
- [34] An International Agreement to Prevent the Premature Creation of ... — reactive:us-china-ai-safety-protocol
- [35] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial ... — reactive:us-china-ai-safety-protocol
- [36] 😺 Hermes is eating OpenClaw's lunch — The Neuron (2026-05-10)
- [37] 11/ Treasury Secretary Bessent said the US can hold AI talks with China because it is in the lead, as nations plan a sha... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [38] 😸 The AI Cold War got a protocol — The Neuron (2026-05-15)
- [39] INTERVIEW: Japan's Mythos Response "Must Involve Big Tech" - JIJI PRESS — reactive:us-china-ai-safety-protocol
- [40] 🇯🇵 Japan's LDP cybersecurity chief: response to Mythos AI 'must involve Big Tech' — reactive:us-china-ai-safety-protocol (2026-05-19)
- [41] The two countries also issue a joint common-sense commitment that either builds on the 2024 agreement restricting AI con... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [42] HM Treasury, BoE, and FCA just issued formal expectations—not guidance—for frontier AI risk. UK firms must embed model g... — reactive:us-china-ai-safety-protocol (2026-05-15)
- [43] The honest read: — reactive:us-china-ai-safety-protocol (2026-05-17)
- [44] The US and China just agreed to set up an AI safety protocol. — reactive:us-china-ai-safety-protocol (2026-05-17)
- [45] 🚀 US and China Agree on AI Emergency Protocol at Beijing Summit — reactive:us-china-ai-safety-protocol (2026-05-18)
- [46] Japan scrambles to boost defenses against threats from ... - Reddit — reactive:us-china-ai-safety-protocol