The Information Machine

US–China AI Safety Protocol Announcement · history

Version 5

2026-05-24 09:45 UTC · 132 items

What

At the Trump-Xi Beijing summit in May 2026, the US and China established a bilateral AI safety protocol covering frontier model governance and preventing highly capable AI from reaching nonstate actors [1][2]. The acute threat driving both the diplomacy and parallel domestic regulation is Anthropic's Mythos model: in April 2026, Treasury Secretary Bessent and Federal Reserve Chair Powell jointly convened an emergency meeting with US bank CEOs specifically to warn them about Mythos's cybersecurity risks — an event now confirmed by Bloomberg, Bloomberg Law, and CoinDesk [6][7][8]. Senator Josh Hawley introduced S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act, a legislative posture that runs directly against the cooperative spirit of the executive-branch bilateral protocol [32][33]. Japan's Prime Minister Sanae Takaichi is personally leading her country's emergency response to Mythos, demanding Big Tech inclusion in any governmental framework [21][19], while the G7 has begun its own separate frontier-model governance discussions [25] and a draft US Executive Order proposes a formal definitional process for 'covered frontier model' [26][27].

Why it matters

The bilateral protocol is as much a reactive instrument as a proactive architecture: the Mythos threat was already driving the Treasury Secretary, the Fed Chair, and Japan's head of government into emergency postures before the Beijing summit. With Hawley's decoupling bill, a draft domestic EO, G7 discussions, and Japan's national guidelines all advancing on separate tracks, the central question is whether the US-China agreement anchors a coherent multilateral floor or becomes one instrument among several competing and potentially incompatible governance regimes.

Open questions

  • Bloomberg and Bloomberg Law confirm Bessent and Powell warned bank CEOs about Mythos cybersecurity risks in April [6][7][8] — what specific threat scenarios did they describe, and do those scenarios align with or exceed what the bilateral protocol's nonstate-actor provisions actually cover?

  • Anthropic reportedly allows partners to share findings from Mythos evaluations [18] — does that transparency apply to the governmental partners involved in the US-China protocol, and could it provide a verification mechanism the agreement currently lacks?

  • Senator Hawley's S.321 proposes sweeping US-China AI decoupling [32][33] — how much Senate support does it have, and does its existence constrain how far the executive branch can operationalize the bilateral protocol?

  • The draft US Executive Order's proposed 'covered frontier model' definition [26][27] would determine which systems fall under domestic obligations — will that definition align with the bilateral protocol's scope, or diverge from what Washington agreed with Beijing?

Narrative

At the Trump-Xi summit held in Beijing in May 2026, the United States and China agreed to establish a bilateral AI safety protocol, with a stated focus on governing frontier models and preventing highly capable AI from reaching nonstate actors [1][2]. The agreement was among the higher-profile deliverables of a summit that also addressed trade, semiconductors, and strategic competition broadly. Treasury Secretary Scott Bessent framed US willingness to engage as negotiation from technological advantage: Washington can hold AI talks with China 'because we're still in the lead' [3][4], and the Wall Street Journal confirmed that guardrail-building logic as the operative rationale behind US engagement [5].

What the summit narrative obscures is that the acute threat driving both diplomacy and domestic regulatory action was already active months before the agreement. In April 2026, Bessent and Federal Reserve Chair Jerome Powell jointly convened an emergency meeting with US bank CEOs specifically to warn them about cybersecurity risks posed by Anthropic's Mythos model — an event now confirmed by Bloomberg, Bloomberg Law, and CoinDesk [6][7][8][9][10][11]. Sullivan & Cromwell's legal memo on the meeting confirms both principals were present and that cybersecurity risk framing was explicit [9]. Anthropic subsequently published a system card and alignment risk update for the Mythos Preview release [12][13], and independent assessments have analyzed Mythos's offensive cyber capabilities and vulnerability discovery functions [14][15][16][17]. A report also indicates Anthropic is allowing partners to share findings from Mythos evaluations [18], a transparency move that could affect how the governance community assesses and verifies the model's risk profile. The pre-summit bank CEO meetings establish that Mythos's threat was already acute enough to convene the Treasury Secretary and Fed Chair simultaneously — the bilateral protocol, in this light, is as much a reactive diplomatic instrument as a proactive governance architecture.

Japan's response has escalated to the executive level. Prime Minister Sanae Takaichi is personally leading Japan's government response to Mythos, describing the situation as a 'race against time,' urging the government to take urgent cybersecurity measures [19], and publicly insisting that any credible governmental response must formally involve Big Tech [20][21][18]. Japan Times, JIJI Press, Nikkei Asia, and Asahi Shimbun confirm Japan is actively drafting national cyberdefense guidelines specifically in response to Mythos [22][23], and Japan's broader Active Cyber Defense Law framework provides the legal scaffolding for those guidelines [24]. Japan's response carries executive authority at the highest level of government, making it the most significant third-party governance output triggered by the Mythos disclosure.

The wider governance environment is converging from multiple directions simultaneously. The G7 has begun separate discussions on frontier-model governance [25], and a draft US Executive Order circulating in late May 2026 proposes a formal government process for defining what constitutes a 'covered frontier model' — a threshold determination with direct implications for which systems fall under the bilateral protocol's scope [26][27]. UK financial regulators (HM Treasury, Bank of England, and FCA) have issued formal requirements — not advisory guidance — obligating UK financial firms to embed model governance for frontier AI cyber risk [28][29][30][31]. On the legislative side, Senator Josh Hawley introduced S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act, a bill proposing sweeping separation of American AI development from China [32][33][34] — a posture in direct tension with the executive branch's cooperative bilateral engagement. MIRI has published research on international frameworks for preventing premature artificial superintelligence creation and continues to discuss its proposed framework publicly [35], positioning the 2026 protocol within a traceable lineage of international AI governance instruments [36][37][38][39]. Across US, EU, Chinese, and G7 frameworks, the emergent pattern is convergence on pre-deployment review requirements for cyber and biological risks plus targeted application bans — an implicit shared floor forming without formal multilateral coordination [40].

Timeline

  • 2024: US and China reach an agreement restricting AI applications in conflict contexts — cited by MIRI as the predecessor accord the 2026 protocol may build upon [49][38][39][36][37]
  • 2025-02: Senator Josh Hawley introduces S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act of 2025, in the 119th Congress [34][32][33]
  • 2026-04-10: Treasury Secretary Bessent and Federal Reserve Chair Powell jointly convene an emergency meeting with US bank CEOs to warn them about cybersecurity risks posed by Anthropic's Mythos model; confirmed by Bloomberg, Bloomberg Law, and CoinDesk [9][10][11][6][7][8]
  • 2026-04: Independent assessment of Claude Mythos Preview's cybersecurity capabilities published on Medium; Cloud Security Alliance publishes research on Mythos vulnerability discovery and containment [14][15]
  • 2026-05-10: The Neuron reports US, EU, and China independently converging on AI oversight architectures centered on pre-deployment cyber/bio review and targeted application bans [40]
  • 2026-05-12: Japan Prime Minister Takaichi urges government to take urgent cybersecurity measures, per Nippon.com [19]
  • 2026-05-14: Trump-Xi Beijing summit; US and China agree to build a bilateral AI safety protocol covering frontier model governance and nonstate-actor proliferation [56][1][2]
  • 2026-05-14: Japan Prime Minister Takaichi describes Japan's Mythos response as a 'race against time,' per Nippon.com [46][20]
  • 2026-05-15: Treasury Secretary Bessent tells CNBC the US can hold AI talks with China 'because we're still in the lead,' framing engagement as negotiation from technological advantage [3][41][4]
  • 2026-05-15: HM Treasury, Bank of England, and FCA issue formal joint statement requiring UK financial firms to embed model governance for frontier AI cyber risk [50][28][29][30][51][31]
  • 2026-05-19: Japan Times, JIJI Press, Nikkei Asia, and Asahi Shimbun cover Prime Minister Takaichi's call for Big Tech inclusion; Nikkei and Asahi confirm Japan is actively drafting national cyberdefense guidelines in response to Mythos; report notes Anthropic allows partners to share Mythos evaluation findings [44][45][22][23][57][21][18]
  • 2026-05-21: G7 begins discussions on frontier-model governance [25]
  • 2026-05-21: Draft US Executive Order circulates proposing formal government process for defining 'covered frontier model'; commentary notes US government emerging as 'AI release gatekeeper' [26][27]

Perspectives

Treasury Secretary Scott Bessent

Frames US willingness to engage China on AI as a concession from technological strength ('we're in the lead'), not mutual risk management; jointly convened April emergency meetings with Powell to warn bank CEOs of Mythos cyber risks before the summit, establishing that his posture was already driving domestic financial regulatory action

Evolution: Consistent; the Bloomberg and Bloomberg Law confirmations [6][7][8] strengthen the evidentiary base for his April bank CEO meetings but do not shift his stated position

Federal Reserve Chair Jerome Powell

Jointly convened with Bessent a pre-summit emergency meeting with US bank CEOs specifically to warn about Mythos cybersecurity risks, signaling Fed-level alarm about frontier AI's financial system threat

Evolution: Confirmed by Bloomberg and Bloomberg Law [6][7][8] in addition to Sullivan & Cromwell; evidentiary base substantially strengthened

Japan Prime Minister Sanae Takaichi

Frames the Mythos situation as a 'race against time,' urges government to take urgent cybersecurity measures, demands Big Tech be formally included in any governmental response, and is personally leading Japan toward drafting national cyberdefense guidelines at the executive level

Evolution: Consistent; Nippon.com coverage [19] and LinkedIn analysis [43] add additional sourcing but do not shift the stance

Senator Josh Hawley

Sponsors S.321, proposing sweeping decoupling of American AI development from China — a posture directly opposed to the executive branch's cooperative bilateral engagement with Beijing

Evolution: Newly identified as S.321's sponsor [32][33]; previously this voice was tracked only as 'US Congress (S.321 sponsors)' without identification

MIRI (Machine Intelligence Research Institute)

Frames the new protocol as building on a 2024 AI-in-conflict precedent; has published research and continues public discussion proposing international frameworks for preventing premature ASI creation, suggesting the current bilateral deal fits within a broader governance architecture MIRI is actively theorizing

Evolution: Consistent; MIRI's public Twitter discussion [35] of their proposed framework adds a public-engagement dimension but does not shift the stance

UK financial regulators (HM Treasury, Bank of England, FCA)

Issued formal — not advisory — requirements obligating UK financial firms to embed frontier AI model governance for cyber resilience, framing this as a regulatory obligation

Evolution: Consistent; Thomson Reuters Practical Law documentation [31] provides additional primary-source confirmation

Grant Harvey / The Neuron

Cautiously optimistic that the protocol matters even though it is narrow; confirmed the summit as the specific occasion for the agreement

Evolution: Consistent across all items in this thread

G7 (as emerging governance forum)

Has begun separate frontier-model governance discussions, signaling that the bilateral US-China frame is not the only multilateral track in play

Evolution: Consistent; no new items this pass

Be_wAIry

Reported the protocol factually, then signaled a skeptical 'honest read' — though specific objections are not captured in available claim data

Evolution: No new items; stance unchanged

Tensions

  • Bessent's 'position of strength' framing ('we're in the lead') vs. the mutual-interest logic implicit in a shared safety protocol: if Washington publicly frames the deal as a concession granted from technological dominance, China may resist treating protocol obligations as genuinely reciprocal [3][4][42]
  • State-centric bilateral framing of the US-China protocol vs. Prime Minister Takaichi's demand for mandatory Big Tech involvement — a direct challenge to whether governments alone can or should govern frontier AI risks like Mythos [44][45][46][21][1][19]
  • Senator Hawley's S.321 legislative decoupling push vs. the Trump administration's executive-branch cooperative bilateral engagement — Congress moving toward hard AI separation from China while the executive branch pursues shared safety governance with Beijing [34][32][33][1][2]
  • Draft EO's proposed formal process for defining 'covered frontier model' vs. the bilateral protocol's implicit scope — domestic definitional criteria could expand or narrow which systems fall under US-China obligations without Beijing's input [26][27][1]
  • MIRI's framing of the new deal as building on a 2024 AI-in-conflict precedent (implying legal continuity and incremental obligation) vs. the absence of any official confirmation that such a link exists or was intended [49][38][39][36][37][35]

Sources

  1. [1] At the Trump-Xi summit, the US and China reportedly agreed to start building an AI safety protocol for frontier models. — reactive:us-china-ai-safety-protocol (2026-05-15)
  2. [2] The US and China agreed to build an AI safety protocol at the Trump-Xi summit in Beijing. The aim: keep frontier models ... — reactive:us-china-ai-safety-protocol (2026-05-14)
  3. [3] #US can hold #AI talks with #China because ‘we are in the lead,’ Bessent tells CNBC as nations plan #safety #protocol ht... — reactive:us-china-ai-safety-protocol (2026-05-15)
  4. [4] @MarioNawfal @SecScottBessent > “We can hold AI talks with China because we’re still in the lead.” — reactive:us-china-ai-safety-protocol (2026-05-14)
  5. [5] U.S. and China Pursue Guardrails to Stop AI Rivalry From Spiraling ... — reactive:us-china-ai-safety-protocol
  6. [6] Mythos AI threat prompts Bessent, Powell to convene bank CEOs for ... — reactive:us-china-ai-safety-protocol
  7. [7] Bessent Urgently Summons Bank CEOs Over Anthropic’s New AI (2) — reactive:us-china-ai-safety-protocol
  8. [8] Anthropic Model Scare Sparks Urgent Bessent, Powell Warning to ... — reactive:us-china-ai-safety-protocol
  9. [9] Treasury Secretary and Federal Reserve Chair Warn Bank CEOs About Cybersecurity Risks Posed by Anthropic’s New AI Model | Sullivan & Cromwell LLP — reactive:us-china-ai-safety-protocol
  10. [10] Bessent, Powell warned bank CEOs about Anthropic risks: sources — reactive:us-china-ai-safety-protocol
  11. [11] Powell, Bessent met with U.S. Bank CEOs over Anthropic's Mythos threat — reactive:us-china-ai-safety-protocol
  12. [12] [PDF] Alignment Risk Update: Claude Mythos Preview - Anthropic — reactive:ai-deployment-misalignment-risk
  13. [13] [PDF] Claude Mythos Preview System Card - Anthropic — reactive:ai-deployment-misalignment-risk
  14. [14] Assessing Anthropic Claude Mythos Preview’s Cybersecurity Capabilities | by Tahir | Apr, 2026 | Medium — reactive:frontier-ai-cyber-capabilities
  15. [15] Claude Mythos: AI Vulnerability Discovery and Containment Failures — reactive:frontier-ai-cyber-capabilities
  16. [16] Claude Mythos: Analyzing Anthropic’s new frontier model for AI security — reactive:us-china-ai-safety-protocol
  17. [17] What Is Inside Claude Mythos Preview? Dissecting the System Card ... — reactive:us-china-ai-safety-protocol
  18. [18] Japan's Mythos Response 'Must Involve Big Tech,' Says LDP ... — reactive:us-china-ai-safety-protocol
  19. [19] Japan's Takaichi Urges Govt to Take Cybersecurity Measures | Nippon.com — reactive:us-china-ai-safety-protocol
  20. [20] Takaichi says responding to Mythos is a 'race against time' — reactive:us-china-ai-safety-protocol
  21. [21] Prime Minister Sanae Takaichi said that the government is rushing ... — reactive:us-china-ai-safety-protocol
  22. [22] Japan to craft cyberdefense guidelines in response to Anthropic's Mythos - Nikkei Asia — reactive:us-china-ai-safety-protocol
  23. [23] Japan rushing to counter threat of cyberattack from Mythos AI model | The Asahi Shimbun: Breaking News, Japan News and Analysis — reactive:us-china-ai-safety-protocol
  24. [24] Japan's Active Cyber Defense Law: AEV & Resilience - SafeBreach — reactive:us-china-ai-safety-protocol
  25. [25] (2) G7 begins discussions on frontier-model governance — reactive:us-china-ai-safety-protocol (2026-05-21)
  26. [26] The most interesting policy idea in this draft EO, IMO, is the proposed process for defining "covered frontier model." — reactive:us-china-ai-safety-protocol (2026-05-22)
  27. [27] The new AI Release Gatekeeper: The U.S. Government — reactive:us-china-ai-safety-protocol (2026-05-21)
  28. [28] The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience | Bank of England — reactive:us-china-ai-safety-protocol
  29. [29] Bank, FCA and Treasury set out AI resilience rules — reactive:us-china-ai-safety-protocol
  30. [30] United Kingdom: Bank of England, Financial Conduct Authority and HM Treasury published joint statement on frontier AI models and cyber resilience - Digital Policy Alert — reactive:us-china-ai-safety-protocol
  31. [31] BoE, FCA and HM Treasury statement on frontier AI models and cyber resilience — reactive:us-china-ai-safety-protocol
  32. [32] Senator Hawley Introduces Sweeping U.S.-China AI Decoupling Bill | Global Policy Watch — reactive:us-china-ai-safety-protocol
  33. [33] Hawley Introduces Legislation to Decouple American AI Development from Communist China - Josh Hawley — reactive:us-china-ai-safety-protocol
  34. [34] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 — reactive:us-china-ai-safety-protocol
  35. [35] A good discussion that gets into some details of MIRI's proposed ... — reactive:us-china-ai-safety-protocol
  36. [36] Preventing covert ASI development in countries within our agreement | MIRI TGT — reactive:us-china-ai-safety-protocol
  37. [37] New Report: An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — LessWrong — reactive:us-china-ai-safety-protocol
  38. [38] An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — MIRI Technical Governance Team — reactive:us-china-ai-safety-protocol
  39. [39] An International Agreement to Prevent the Premature Creation of ... — reactive:us-china-ai-safety-protocol
  40. [40] 😺 Hermes is eating OpenClaw's lunch — The Neuron (2026-05-10)
  41. [41] 11/ Treasury Secretary Bessent said the US can hold AI talks with China because it is in the lead, as nations plan a sha... — reactive:us-china-ai-safety-protocol (2026-05-15)
  42. [42] 😸 The AI Cold War got a protocol — The Neuron (2026-05-15)
  43. [43] Why Japan Is Reacting So Strongly to Claude Mythos - LinkedIn — reactive:us-china-ai-safety-protocol
  44. [44] Japan’s Mythos response ’must involve Big Tech,’ says LDP cybersecurity chief - The Japan Times — reactive:us-china-ai-safety-protocol
  45. [45] INTERVIEW: Japan's Mythos Response "Must Involve Big Tech" - JIJI PRESS — reactive:us-china-ai-safety-protocol
  46. [46] Responding to Mythos Race Against Time: Japan's Takaichi | Nippon.com — reactive:us-china-ai-safety-protocol
  47. [47] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial ... — reactive:us-china-ai-safety-protocol
  48. [48] S. 321 (IS) - Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 - BILLS-119s321is | Content Details | GovInfo — reactive:us-china-ai-safety-protocol
  49. [49] The two countries also issue a joint common-sense commitment that either builds on the 2024 agreement restricting AI con... — reactive:us-china-ai-safety-protocol (2026-05-15)
  50. [50] HM Treasury, BoE, and FCA just issued formal expectations—not guidance—for frontier AI risk. UK firms must embed model g... — reactive:us-china-ai-safety-protocol (2026-05-15)
  51. [51] BoE, FCA and HM Treasury joint statement on Frontier AI models ... — reactive:us-china-ai-safety-protocol
  52. [52] BoE, FCA and HM Treasury statement on frontier AI models and ... — reactive:us-china-ai-safety-protocol
  53. [53] UK authorities warn on frontier AI models and cyber resilience – Finadium — reactive:us-china-ai-safety-protocol
  54. [54] The honest read: — reactive:us-china-ai-safety-protocol (2026-05-17)
  55. [55] The US and China just agreed to set up an AI safety protocol. — reactive:us-china-ai-safety-protocol (2026-05-17)
  56. [56] 🚀 US and China Agree on AI Emergency Protocol at Beijing Summit — reactive:us-china-ai-safety-protocol (2026-05-18)
  57. [57] Japan scrambles to boost defenses against threats from ... - Reddit — reactive:us-china-ai-safety-protocol