How Is This Bill Enforced
Verbatim statutory text on the left; plain-language analysis and a per-section checklist on the right. Numbered markers cross-link to the matching checklist row.
This Act may be cited as the ''Advanced Artificial Intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) Security Readiness Act of 2025''.
Establishes the short title of the Act as the Advanced Artificial Intelligence Security Readiness Act of 2025. No operative obligations are created.
(a) 1 The Director of the National Security Agency, acting through the Artificial Intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) Security Center (or successor office), shall develop and disseminate security guidance that identifies potential vulnerabilities in covered artificial intelligence technologiescovered artificial intelligence technologiesThe term "covered artificial intelligence technologies" means advanced artificial intelligence (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actors, such as artificial intelligence systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.Section 2(f)(4) and artificial intelligence supply chainsartificial intelligence supply chainThe term "artificial intelligence supply chain" means artificial intelligence models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligence system.Section 2(f)(2), with a focus on cybersecurity risks and security challenges that are unique to protecting artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) systems, associated computing environments, or the wider artificial intelligence supply chainartificial intelligence supply chainThe term "artificial intelligence supply chain" means artificial intelligence models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligence system.Section 2(f)(2) from theft or sabotage by foreign threat actorsthreat actorsThe term "threat actors" means nation-state actors and other highly resourced actors capable of technology theft or sabotage.Section 2(f)(6).
This subsection imposes the bill's core directive: the Director of the NSA, acting through the Artificial Intelligence Security Center, must develop and disseminate security guidance focused on vulnerabilities in covered AI technologies and AI supply chains. The guidance must address cybersecurity risks and security challenges unique to AI systems — distinguishing them from conventional IT security concerns — and focus specifically on threats of theft or sabotage by foreign threat actors.
(b)(1) 2 Identification of potential vulnerabilities and cybersecurity challenges that are unique to protecting covered artificial intelligence technologiescovered artificial intelligence technologiesThe term "covered artificial intelligence technologies" means advanced artificial intelligence (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actors, such as artificial intelligence systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.Section 2(f)(4) and the artificial intelligence supply chainartificial intelligence supply chainThe term "artificial intelligence supply chain" means artificial intelligence models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligence system.Section 2(f)(2), such as threat vectors that are less common or severe in conventional information technology systems.
(b)(2) 2 Identification of elements of the artificial intelligence supply chainartificial intelligence supply chainThe term "artificial intelligence supply chain" means artificial intelligence models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligence system.Section 2(f)(2) that, if accessed by threat actorsthreat actorsThe term "threat actors" means nation-state actors and other highly resourced actors capable of technology theft or sabotage.Section 2(f)(6), would meaningfully contribute to the actor's ability to develop covered artificial intelligence technologiescovered artificial intelligence technologiesThe term "covered artificial intelligence technologies" means advanced artificial intelligence (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actors, such as artificial intelligence systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.Section 2(f)(4) or compromise the confidentiality, integrity, or availability of artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) systems or associated artificial intelligence supply chainsartificial intelligence supply chainThe term "artificial intelligence supply chain" means artificial intelligence models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligence system.Section 2(f)(2).
(b)(3) 2 Strategies to identify, protect, detect, respond to, and recover from cyber threats posed by threat actorsthreat actorsThe term "threat actors" means nation-state actors and other highly resourced actors capable of technology theft or sabotage.Section 2(f)(6) targeting covered artificial intelligence technologiescovered artificial intelligence technologiesThe term "covered artificial intelligence technologies" means advanced artificial intelligence (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actors, such as artificial intelligence systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.Section 2(f)(4), including— (A) procedures to protect model weights or other competitively sensitive model artifacts; (B) ways to mitigate insider threats, including personnel vetting processes; (C) network access control procedures; (D) counterintelligence and anti-espionage measures; and (E) other measures that can be used to reduce threats of technology thefttechnology theftThe term "technology theft" means any unauthorized acquisition, replication, or appropriation of covered artificial intelligence technologies or components of such technologies, including models, model weights, architectures, or core algorithmic insights, through any means, such as cyber attacks, insider threats, and side-channel attacks, or exploitation of public interfaces.Section 2(f)(5) or sabotage by foreign threat actorsthreat actorsThe term "threat actors" means nation-state actors and other highly resourced actors capable of technology theft or sabotage.Section 2(f)(6).
This subsection prescribes the substantive content the NSA's security guidance must include. It requires three categories of content: identification of AI-unique vulnerabilities and cybersecurity challenges distinct from conventional IT; identification of AI supply chain elements whose compromise would meaningfully enable adversaries; and strategies for identifying, protecting, detecting, responding to, and recovering from cyber threats targeting covered AI technologies — including specific measures for model weight protection, insider threat mitigation, network access controls, counterintelligence, and anti-espionage.
Specifies the format requirements for the guidance: it must include detailed best practices, principles, and guidelines in unclassified form (with an optional classified annex) and classified materials suitable for conducting security briefings for service providers. This ensures the guidance is accessible to private-sector AI developers while preserving classified threat intelligence.
(d)(1) 4 engage with prominent artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) developers and researchers, as determined by the Director, to assess and anticipate the capabilities of highly advanced artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) systems relevant to national security, including by— (A) conducting a comprehensive review of publicly available industry documents pertaining to the security of artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) systems with respect to preparedness frameworks, scaling policies, risk management frameworks, and other matters; (B) conducting interviews with subject matter experts; (C) hosting roundtable discussions and expert panels; and (D) visiting facilities used to develop artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1);
(d)(2) 4 leverage existing expertise and research, collaborate with relevant National Laboratories, university affiliated research centers, and any federally funded research and development center that has conducted research on strategies to secure artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) models from nation-state actors and other highly resourced actors; and
(d)(3) 4 consult, as appropriate, with other departments and agencies of the Federal Government as the Director determines relevant, including the Bureau of Industry and Security of the Department of Commerce, the Center for Artificial Intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) Standards and Innovation of the National Institute of Standards and Technology, the Department of Homeland Security, and the Department of Defense.
Requires the NSA Director to engage with three categories of stakeholders when developing the AI security guidance: prominent AI developers and researchers (through document review, expert interviews, roundtables, and facility visits); National Laboratories, university-affiliated research centers, and federally funded R&D centers with relevant expertise; and other federal agencies including the Bureau of Industry and Security, NIST's Center for Artificial Intelligence Standards and Innovation, DHS, and DoD.
(e)(1) 5 Not later than 180 days after the date of the enactment of this Act, the Director shall submit to the congressional intelligence committeescongressional intelligence committeesThe term "congressional intelligence committees" means the Select Committee on Intelligence of the Senate and the Permanent Select Committee on Intelligence of the House of Representatives.Section 2(f)(3) a report on the guidance required by subsection (a), including a summary of progress on the development of the guidance, an outline of remaining sections, and any relevant insights about artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) security.
(e)(2) 5 Not later than 365 days after the date of enactment of this Act, the Director shall submit to the congressional intelligence committeescongressional intelligence committeesThe term "congressional intelligence committees" means the Select Committee on Intelligence of the Senate and the Permanent Select Committee on Intelligence of the House of Representatives.Section 2(f)(3) a report on the guidance required by subsection (a).
(e)(3) 5 The report submitted under paragraph (2)— (A) shall include— (i) an unclassified version suitable for dissemination to relevant individuals, including in the private sector; and (ii) a publicly available version; and (B) may include a classified annex.
Establishes two reporting deadlines: an initial progress report within 180 days of enactment, covering development progress, remaining sections, and relevant AI security insights; and a final report within 365 days. The final report must include an unclassified version suitable for private-sector dissemination, a publicly available version, and may include a classified annex. These reporting obligations run exclusively to the congressional intelligence committees.
(f)(1) The term ''artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1)'' has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).
(f)(2) The term ''artificial intelligence supply chainartificial intelligence supply chainThe term "artificial intelligence supply chain" means artificial intelligence models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligence system.Section 2(f)(2)'' means artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) models computing environments for performing model training or inference tasks, training or test data, frameworks, or other components or model artifacts necessary for the training, management, or maintenance of any artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) system.
(f)(3) The term ''congressional intelligence committeescongressional intelligence committeesThe term "congressional intelligence committees" means the Select Committee on Intelligence of the Senate and the Permanent Select Committee on Intelligence of the House of Representatives.Section 2(f)(3)'' means the Select Committee on Intelligence of the Senate and the Permanent Select Committee on Intelligence of the House of Representatives.
(f)(4) The term ''covered artificial intelligence technologiescovered artificial intelligence technologiesThe term "covered artificial intelligence technologies" means advanced artificial intelligence (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actors, such as artificial intelligence systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.Section 2(f)(4)'' means advanced artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actorsthreat actorsThe term "threat actors" means nation-state actors and other highly resourced actors capable of technology theft or sabotage.Section 2(f)(6), such as artificial intelligenceartificial intelligenceThe term "artificial intelligence" has the meaning given such term in section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. note prec. 4061).Section 2(f)(1) systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.
(f)(5) The term ''technology thefttechnology theftThe term "technology theft" means any unauthorized acquisition, replication, or appropriation of covered artificial intelligence technologies or components of such technologies, including models, model weights, architectures, or core algorithmic insights, through any means, such as cyber attacks, insider threats, and side-channel attacks, or exploitation of public interfaces.Section 2(f)(5)'' means any unauthorized acquisition, replication, or appropriation of covered artificial intelligence technologiescovered artificial intelligence technologiesThe term "covered artificial intelligence technologies" means advanced artificial intelligence (whether developed by the private sector, the United States Government, or a public-private partnership) with critical capabilities that the Director determines would pose a grave national security threat if acquired or stolen by threat actors, such as artificial intelligence systems that match or exceed human expert performance in chemical, biological, radiological, and nuclear matters, cyber offense, model autonomy, persuasion, research and development, and self-improvement.Section 2(f)(4) or components of such technologies, including models, model weights, architectures, or core algorithmic insights, through any means, such as cyber attacks, insider threats, and side-channel attacks, or exploitation of public interfaces.
(f)(6) The term ''threat actorsthreat actorsThe term "threat actors" means nation-state actors and other highly resourced actors capable of technology theft or sabotage.Section 2(f)(6)'' means nation-state actors and other highly resourced actors capable of technology thefttechnology theftThe term "technology theft" means any unauthorized acquisition, replication, or appropriation of covered artificial intelligence technologies or components of such technologies, including models, model weights, architectures, or core algorithmic insights, through any means, such as cyber attacks, insider threats, and side-channel attacks, or exploitation of public interfaces.Section 2(f)(5) or sabotage.
Defines six terms used throughout the bill: artificial intelligence (by cross-reference to the FY2019 NDAA), artificial intelligence supply chain, congressional intelligence committees, covered artificial intelligence technologies, technology theft, and threat actors. The definition of covered artificial intelligence technologies is notably broad — it encompasses any advanced AI with critical capabilities that the NSA Director determines would pose a grave national security threat if stolen, with enumerated examples including CBRN-capable, cyber offense, autonomous, persuasion, R&D, and self-improvement systems.