The Information Machine

US–China AI Safety Protocol Announcement · history

Version 6

2026-05-25 03:02 UTC · 159 items

What

At the Trump-Xi Beijing summit in May 2026, the US and China established a bilateral AI safety protocol covering frontier model governance and preventing highly capable AI from reaching nonstate actors [1][2]. The acute threat animating both the diplomacy and parallel domestic regulation is Anthropic's Mythos model — in April 2026, Treasury Secretary Bessent and Federal Reserve Chair Powell jointly convened an emergency meeting with US bank CEOs to warn about its cybersecurity risks, a claim now confirmed by Bloomberg, Bloomberg Law, CoinDesk, and Claims Journal [6][7][8][9]. Anthropic's mechanism for managing Mythos disclosure is now named: the Glasswing Partner Program, which allows vetted partners to share evaluation findings [10][11]. Politico reports that Bessent has been raising the alarm on AI policy but faces complications at the White House level [13], while a cybersecurity insider has publicly questioned Mythos's claimed capabilities [12] — together introducing internal executive friction and external skepticism into a story previously defined by regulator-level consensus on threat severity.

Why it matters

The bilateral protocol is a reactive instrument as much as a proactive architecture: the Mythos threat was already driving the Treasury Secretary, the Fed Chair, and Japan's head of government into emergency postures before the Beijing summit. With internal executive branch friction now surfacing around Bessent's AI alarm-raising [13], Hawley's decoupling legislation pressing from Congress [31], and China's own domestic AI compliance framework evolving in parallel [27][28], the central question is whether any single framework — bilateral, domestic, or multilateral — can become an authoritative anchor, or whether the governance response fragments before it coheres.

Open questions

  • Politico reports Bessent has been raising AI alarms 'but' faces complications at the White House level [13] — what specifically constrains his AI policy work, and does that internal friction limit how far the executive branch can operationalize the bilateral protocol?

  • The Glasswing Partner Program allows vetted partners to share Mythos evaluation findings [10][11] — does its membership include any governmental parties to the US-China bilateral protocol, and could it serve as a verification mechanism the agreement currently lacks?

  • A cybersecurity insider has publicly questioned Mythos's claimed capabilities [12] — do those challenges affect the threat-severity framing that drove the Bessent-Powell bank CEO emergency meetings, and how does the governance community adjudicate contested capability claims on which regulatory action is premised?

  • China has introduced a domestic AI compliance framework for digital platforms [27][28] — does Beijing's internal regulatory posture align with or diverge from its bilateral commitments, and does Carnegie Endowment's finding that China's AI safety views are changing rapidly [29] represent alignment or a moving target?

Narrative

At the Trump-Xi summit held in Beijing in May 2026, the United States and China agreed to establish a bilateral AI safety protocol, with a stated focus on governing frontier models and preventing highly capable AI from reaching nonstate actors [1][2]. The agreement was among the higher-profile deliverables of a summit that also addressed trade, semiconductors, and strategic competition broadly. Treasury Secretary Scott Bessent framed US willingness to engage as negotiation from technological advantage: Washington can hold AI talks with China 'because we're still in the lead' [3][4], and the Wall Street Journal confirmed that guardrail-building logic as the operative rationale behind US engagement [5].

What the summit narrative obscures is that the acute threat driving both diplomacy and domestic regulatory action was already active months before the agreement. In April 2026, Bessent and Federal Reserve Chair Jerome Powell jointly convened an emergency meeting with US bank CEOs specifically to warn them about cybersecurity risks posed by Anthropic's Mythos model — an event confirmed by Bloomberg, Bloomberg Law, CoinDesk, and Claims Journal [6][7][8][9]. Anthropic's mechanism for managing this disclosure is now publicly identified: the Glasswing Partner Program, a structured arrangement allowing vetted partners to share Mythos evaluation findings with one another [10][11]. That transparency structure could in principle serve as a verification layer for bilateral or multilateral commitments, though whether governmental parties to the US-China protocol participate in Glasswing is not publicly confirmed. A cybersecurity insider has separately and publicly questioned Mythos's claimed capabilities [12], introducing the first skeptical voice into what had otherwise been a regulator-level threat-severity consensus. Most significantly, Politico reports that Bessent has been raising the alarm on AI policy but faces complications at the White House level [13] — suggesting that the executive branch's most prominent AI threat communicator is operating under internal friction, not with a unified mandate.

Japan's response has escalated to the executive level. Prime Minister Sanae Takaichi is personally leading Japan's government response to Mythos, describing the situation as a 'race against time,' urging urgent cybersecurity measures [14], and publicly insisting that any credible governmental response must formally involve Big Tech [15][16]. Japan Times, JIJI Press, Nikkei Asia, and Asahi Shimbun confirm Japan is actively drafting national cyberdefense guidelines specifically in response to Mythos [17][18], and Japan's Active Cyber Defense Law framework provides the legal scaffolding for those guidelines [19]. In the UK, HM Treasury, the Bank of England, and the FCA have issued formal — not advisory — requirements obligating financial firms to embed model governance for frontier AI cyber risk [20][21][22], with Baker McKenzie legal analysis confirming the FCA has specifically reinforced its supervisory expectations for frontier AI [23].

The wider governance environment is converging from multiple directions simultaneously. The G7 has begun separate discussions on frontier-model governance [24], and a draft US Executive Order proposes a formal definitional process for 'covered frontier model' [25][26] — a threshold determination with direct implications for which systems fall under the bilateral protocol's scope. China has introduced its own domestic AI compliance framework for digital platforms [27][28], and Carnegie Endowment research documents that China's views on AI safety have been evolving rapidly [29], making Beijing's domestic posture a live variable in assessing whether bilateral commitments will be matched by internal enforcement. Pacific Forum analysis directly addresses the bilateral protocol's stated nonstate-actor proliferation concern, examining how AI-enabled technology in the hands of nonstate actors reshapes the threat landscape the agreement is designed to manage [30]. Senator Josh Hawley's S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act — now with its full legislative text publicly available [31] — stands in direct tension with the executive branch's cooperative engagement, with Congress pushing toward hard AI separation from China while the executive branch pursues shared safety governance with Beijing [32][33].

Timeline

  • 2024: US and China reach an agreement restricting AI applications in conflict contexts — cited by MIRI as the predecessor accord the 2026 protocol may build upon [45][46][47][48][49]
  • 2025-02: Senator Josh Hawley introduces S.321, the Decoupling America's Artificial Intelligence Capabilities from China Act of 2025, in the 119th Congress; bill text publicly available via hawley.senate.gov [42][32][33][31]
  • 2026-04-10: Treasury Secretary Bessent and Federal Reserve Chair Powell jointly convene an emergency meeting with US bank CEOs to warn about cybersecurity risks posed by Anthropic's Mythos model; confirmed by Bloomberg, Bloomberg Law, CoinDesk, and Claims Journal [35][36][37][6][7][8][9]
  • 2026-04: Independent assessment of Claude Mythos Preview's cybersecurity capabilities published on Medium; Cloud Security Alliance publishes research on Mythos vulnerability discovery; cybersecurity insider publicly questions Mythos capability claims [60][61][12]
  • 2026-05-10: The Neuron reports US, EU, and China independently converging on AI oversight architectures centered on pre-deployment cyber/bio review and targeted application bans [56]
  • 2026-05-12: Japan Prime Minister Takaichi urges government to take urgent cybersecurity measures, per Nippon.com [14]
  • 2026-05-14: Trump-Xi Beijing summit; US and China agree to build a bilateral AI safety protocol covering frontier model governance and nonstate-actor proliferation [62][1][2]
  • 2026-05-14: Japan Prime Minister Takaichi describes Japan's Mythos response as a 'race against time,' per Nippon.com [40][15]
  • 2026-05-15: Treasury Secretary Bessent tells CNBC the US can hold AI talks with China 'because we're still in the lead,' framing engagement as negotiation from technological advantage [3][34][4]
  • 2026-05-15: HM Treasury, Bank of England, and FCA issue formal joint statement requiring UK financial firms to embed model governance for frontier AI cyber risk [51][22][20][21][52][55]
  • 2026-05-19: Japan Times, JIJI Press, Nikkei Asia, and Asahi Shimbun cover Prime Minister Takaichi's call for Big Tech inclusion; Nikkei and Asahi confirm Japan is drafting national cyberdefense guidelines in response to Mythos; Anthropic's Glasswing Partner Program for sharing Mythos findings reported by American Banker and MindStudio [38][39][17][18][63][16][41][10][11]
  • 2026-05-21: G7 begins discussions on frontier-model governance; draft US Executive Order circulates proposing formal process for defining 'covered frontier model' [24][25][26]
  • 2026-05-21: Politico reports Bessent has been raising the alarm on AI policy but faces complications at the White House level, signaling internal executive branch friction [13]
  • 2026-05: Baker McKenzie legal analysis confirms UK FCA has reinforced supervisory expectations for frontier AI; China introduces AI compliance framework for digital platforms [23][27][28]

Perspectives

Treasury Secretary Scott Bessent

Frames US willingness to engage China on AI as a concession from technological strength ('we're in the lead'), not mutual risk management; jointly convened April emergency meetings with Powell to warn bank CEOs of Mythos cyber risks before the summit. Politico now reports he has been raising the alarm on AI policy but faces complications at the White House level, suggesting internal executive branch friction around his threat-framing posture.

Evolution: Substantially developed: Politico coverage [13] adds an internal-resistance dimension not previously tracked, and Claims Journal [9] further confirms the April bank CEO meetings.

Federal Reserve Chair Jerome Powell

Jointly convened with Bessent a pre-summit emergency meeting with US bank CEOs specifically to warn about Mythos cybersecurity risks, signaling Fed-level alarm about frontier AI's financial system threat

Evolution: Claims Journal [9] adds to the confirmation base from Bloomberg and Bloomberg Law; evidentiary footing further strengthened

Japan Prime Minister Sanae Takaichi

Frames the Mythos situation as a 'race against time,' urges urgent cybersecurity measures, demands Big Tech be formally included in any governmental response, and is personally leading Japan toward drafting national cyberdefense guidelines at the executive level

Evolution: Consistent; no new items this pass

Senator Josh Hawley

Sponsors S.321, proposing sweeping decoupling of American AI development from China — a posture directly opposed to the executive branch's cooperative bilateral engagement with Beijing

Evolution: Bill text now publicly available via hawley.senate.gov [31], adding primary-source dimension to previously tracked secondary coverage

Cybersecurity Insider (unnamed)

Publicly questions Anthropic's claimed Mythos capabilities, introducing a skeptical voice into what has otherwise been a threat-severity consensus among regulators and officials

Evolution: New voice this pass [12]; not previously tracked

Anthropic (via Glasswing Partner Program)

Has structured controlled disclosure of Mythos evaluation findings through a named program — 'Glasswing' — allowing vetted partners to share findings with one another, positioning the company as managing risk disclosure rather than suppressing it

Evolution: Previously tracked only as an unnamed transparency move; now identified as the 'Glasswing Partner Program' [10][11]

MIRI (Machine Intelligence Research Institute)

Frames the new protocol as building on a 2024 AI-in-conflict precedent; has published research and continues public discussion proposing international frameworks for preventing premature ASI creation

Evolution: Consistent; no new items this pass

UK financial regulators (HM Treasury, Bank of England, FCA)

Issued formal — not advisory — requirements obligating UK financial firms to embed frontier AI model governance for cyber resilience; Baker McKenzie confirms the FCA has specifically reinforced supervisory expectations for frontier AI

Evolution: Baker McKenzie legal analysis [23] adds professional legal confirmation beyond prior primary-source and Thomson Reuters documentation

G7 (as emerging governance forum)

Has begun separate frontier-model governance discussions, signaling that the bilateral US-China frame is not the only multilateral track in play

Evolution: Consistent; no new items this pass

Grant Harvey / The Neuron

Cautiously optimistic that the protocol matters even though it is narrow; confirmed the summit as the specific occasion for the agreement

Evolution: Consistent across all items in this thread

Be_wAIry

Reported the protocol factually, then signaled a skeptical 'honest read' — though specific objections are not captured in available claim data

Evolution: No new items; stance unchanged

Tensions

  • Bessent's internal alarm-raising on AI policy vs. apparent White House-level complications constraining that effort — the executive branch's senior financial regulator is not operating with a unified mandate even as he publicly champions the bilateral protocol and Mythos risk framing [13][3][4][6][7][8]
  • Official regulatory consensus treating Mythos as an acute cybersecurity threat vs. a cybersecurity insider publicly questioning those capability claims — the governance response may be calibrated to a threat profile that is itself contested [12][6][7][8][9]
  • Bessent's 'position of strength' framing ('we're in the lead') vs. the mutual-interest logic implicit in a shared safety protocol: if Washington publicly frames the deal as a concession granted from technological dominance, China may resist treating protocol obligations as genuinely reciprocal [3][4][57]
  • State-centric bilateral framing of the US-China protocol vs. Prime Minister Takaichi's demand for mandatory Big Tech involvement — a direct challenge to whether governments alone can or should govern frontier AI risks like Mythos [38][39][40][16][1][14]
  • Senator Hawley's S.321 legislative decoupling push vs. the Trump administration's executive-branch cooperative bilateral engagement — Congress moving toward hard AI separation from China while the executive branch pursues shared safety governance with Beijing [42][32][33][31][1][2]
  • Draft EO's proposed formal process for defining 'covered frontier model' vs. the bilateral protocol's implicit scope — domestic definitional criteria could expand or narrow which systems fall under US-China obligations without Beijing's input [25][26][1]
  • MIRI's framing of the new deal as building on a 2024 AI-in-conflict precedent (implying legal continuity and incremental obligation) vs. the absence of any official confirmation that such a link exists or was intended [45][46][47][48][49][50]

Sources

  1. [1] At the Trump-Xi summit, the US and China reportedly agreed to start building an AI safety protocol for frontier models. — reactive:us-china-ai-safety-protocol (2026-05-15)
  2. [2] The US and China agreed to build an AI safety protocol at the Trump-Xi summit in Beijing. The aim: keep frontier models ... — reactive:us-china-ai-safety-protocol (2026-05-14)
  3. [3] #US can hold #AI talks with #China because ‘we are in the lead,’ Bessent tells CNBC as nations plan #safety #protocol ht... — reactive:us-china-ai-safety-protocol (2026-05-15)
  4. [4] @MarioNawfal @SecScottBessent > “We can hold AI talks with China because we’re still in the lead.” — reactive:us-china-ai-safety-protocol (2026-05-14)
  5. [5] U.S. and China Pursue Guardrails to Stop AI Rivalry From Spiraling ... — reactive:us-china-ai-safety-protocol
  6. [6] Mythos AI threat prompts Bessent, Powell to convene bank CEOs for ... — reactive:us-china-ai-safety-protocol
  7. [7] Bessent Urgently Summons Bank CEOs Over Anthropic’s New AI (2) — reactive:us-china-ai-safety-protocol
  8. [8] Anthropic Model Scare Sparks Urgent Bessent, Powell Warning to ... — reactive:us-china-ai-safety-protocol
  9. [9] Bessent, Powell Warned Bank CEOs About Anthropic Model Risks, Sources Say — reactive:us-china-ai-safety-protocol
  10. [10] Anthropic frees Mythos partners to share cyber findings — reactive:us-china-ai-safety-protocol
  11. [11] Inside Anthropic's Glasswing Partner Program for Claude Mythos | MindStudio — reactive:us-china-ai-safety-protocol
  12. [12] Anthropic's Mythos Claims Questioned by Cybersecurity Insider — reactive:frontier-ai-cyber-capabilities
  13. [13] Scott Bessent has been raising the alarm on AI policy. But ... - Politico — reactive:us-china-ai-safety-protocol
  14. [14] Japan's Takaichi Urges Govt to Take Cybersecurity Measures | Nippon.com — reactive:us-china-ai-safety-protocol
  15. [15] Takaichi says responding to Mythos is a 'race against time' — reactive:us-china-ai-safety-protocol
  16. [16] Prime Minister Sanae Takaichi said that the government is rushing ... — reactive:us-china-ai-safety-protocol
  17. [17] Japan to craft cyberdefense guidelines in response to Anthropic's Mythos - Nikkei Asia — reactive:us-china-ai-safety-protocol
  18. [18] Japan rushing to counter threat of cyberattack from Mythos AI model | The Asahi Shimbun: Breaking News, Japan News and Analysis — reactive:us-china-ai-safety-protocol
  19. [19] Japan's Active Cyber Defense Law: AEV & Resilience - SafeBreach — reactive:us-china-ai-safety-protocol
  20. [20] Bank, FCA and Treasury set out AI resilience rules — reactive:us-china-ai-safety-protocol
  21. [21] United Kingdom: Bank of England, Financial Conduct Authority and HM Treasury published joint statement on frontier AI models and cyber resilience - Digital Policy Alert — reactive:us-china-ai-safety-protocol
  22. [22] The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience | Bank of England — reactive:us-china-ai-safety-protocol
  23. [23] United Kingdom: FCA Reinforces Supervisory Expectations for Frontier AI | Insight | Baker McKenzie — reactive:us-china-ai-safety-protocol
  24. [24] (2) G7 begins discussions on frontier-model governance — reactive:us-china-ai-safety-protocol (2026-05-21)
  25. [25] The most interesting policy idea in this draft EO, IMO, is the proposed process for defining "covered frontier model." — reactive:us-china-ai-safety-protocol (2026-05-22)
  26. [26] The new AI Release Gatekeeper: The U.S. Government — reactive:us-china-ai-safety-protocol (2026-05-21)
  27. [27] China introduces AI compliance framework for digital platforms — reactive:us-china-ai-safety-protocol
  28. [28] MoFo Tech — reactive:us-ai-policy-regulation
  29. [29] China’s Views on AI Safety Are Changing—Quickly | Carnegie Endowment for International Peace — reactive:us-china-ai-safety-protocol
  30. [30] Explore Pacific Forum's Insightful Indo-Pacific Analysis — reactive:us-china-ai-safety-protocol
  31. [31] [PDF] Decoupling America's Artificial Intelligence Capabilities from China Act — reactive:us-china-ai-safety-protocol
  32. [32] Senator Hawley Introduces Sweeping U.S.-China AI Decoupling Bill | Global Policy Watch — reactive:us-china-ai-safety-protocol
  33. [33] Hawley Introduces Legislation to Decouple American AI Development from Communist China - Josh Hawley — reactive:us-china-ai-safety-protocol
  34. [34] 11/ Treasury Secretary Bessent said the US can hold AI talks with China because it is in the lead, as nations plan a sha... — reactive:us-china-ai-safety-protocol (2026-05-15)
  35. [35] Treasury Secretary and Federal Reserve Chair Warn Bank CEOs About Cybersecurity Risks Posed by Anthropic’s New AI Model | Sullivan & Cromwell LLP — reactive:us-china-ai-safety-protocol
  36. [36] Bessent, Powell warned bank CEOs about Anthropic risks: sources — reactive:us-china-ai-safety-protocol
  37. [37] Powell, Bessent met with U.S. Bank CEOs over Anthropic's Mythos threat — reactive:us-china-ai-safety-protocol
  38. [38] Japan’s Mythos response ’must involve Big Tech,’ says LDP cybersecurity chief - The Japan Times — reactive:us-china-ai-safety-protocol
  39. [39] INTERVIEW: Japan's Mythos Response "Must Involve Big Tech" - JIJI PRESS — reactive:us-china-ai-safety-protocol
  40. [40] Responding to Mythos Race Against Time: Japan's Takaichi | Nippon.com — reactive:us-china-ai-safety-protocol
  41. [41] Japan's Mythos Response 'Must Involve Big Tech,' Says LDP ... — reactive:us-china-ai-safety-protocol
  42. [42] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 — reactive:us-china-ai-safety-protocol
  43. [43] S.321 - 119th Congress (2025-2026): Decoupling America's Artificial ... — reactive:us-china-ai-safety-protocol
  44. [44] S. 321 (IS) - Decoupling America's Artificial Intelligence Capabilities from China Act of 2025 - BILLS-119s321is | Content Details | GovInfo — reactive:us-china-ai-safety-protocol
  45. [45] The two countries also issue a joint common-sense commitment that either builds on the 2024 agreement restricting AI con... — reactive:us-china-ai-safety-protocol (2026-05-15)
  46. [46] An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — MIRI Technical Governance Team — reactive:us-china-ai-safety-protocol
  47. [47] An International Agreement to Prevent the Premature Creation of ... — reactive:us-china-ai-safety-protocol
  48. [48] Preventing covert ASI development in countries within our agreement | MIRI TGT — reactive:us-china-ai-safety-protocol
  49. [49] New Report: An International Agreement to Prevent the Premature Creation of Artificial Superintelligence — LessWrong — reactive:us-china-ai-safety-protocol
  50. [50] A good discussion that gets into some details of MIRI's proposed ... — reactive:us-china-ai-safety-protocol
  51. [51] HM Treasury, BoE, and FCA just issued formal expectations—not guidance—for frontier AI risk. UK firms must embed model g... — reactive:us-china-ai-safety-protocol (2026-05-15)
  52. [52] BoE, FCA and HM Treasury joint statement on Frontier AI models ... — reactive:us-china-ai-safety-protocol
  53. [53] BoE, FCA and HM Treasury statement on frontier AI models and ... — reactive:us-china-ai-safety-protocol
  54. [54] UK authorities warn on frontier AI models and cyber resilience – Finadium — reactive:us-china-ai-safety-protocol
  55. [55] BoE, FCA and HM Treasury statement on frontier AI models and cyber resilience — reactive:us-china-ai-safety-protocol
  56. [56] 😺 Hermes is eating OpenClaw's lunch — The Neuron (2026-05-10)
  57. [57] 😸 The AI Cold War got a protocol — The Neuron (2026-05-15)
  58. [58] The honest read: — reactive:us-china-ai-safety-protocol (2026-05-17)
  59. [59] The US and China just agreed to set up an AI safety protocol. — reactive:us-china-ai-safety-protocol (2026-05-17)
  60. [60] Assessing Anthropic Claude Mythos Preview’s Cybersecurity Capabilities | by Tahir | Apr, 2026 | Medium — reactive:frontier-ai-cyber-capabilities
  61. [61] Claude Mythos: AI Vulnerability Discovery and Containment Failures — reactive:frontier-ai-cyber-capabilities
  62. [62] 🚀 US and China Agree on AI Emergency Protocol at Beijing Summit — reactive:us-china-ai-safety-protocol (2026-05-18)
  63. [63] Japan scrambles to boost defenses against threats from ... - Reddit — reactive:us-china-ai-safety-protocol