Regulation / Jun 28, 2026 / 5 min
Treasury Has Until July 2 to Stand Up an AI Clearinghouse
President Trump's June 2 executive order gives Treasury until July 2 to stand up an AI cybersecurity clearinghouse — but Secretary Bessent is defending voluntary bank-led standards while Senator Warner warns Mythos-class models leave the financial system "totally unprotected."
President Trump ordered Treasury to build an AI cybersecurity clearinghouse by July 2 — and Secretary Scott Bessent is betting voluntary bank standards can patch a hole Senator Mark Warner says leaves Mythos-class models entirely ungoverned.
What's new: Executive Order 14409, signed June 2, gives Treasury until July 2 to form an "AI cybersecurity clearinghouse" with NSA, CISA, and the National Cyber Director. The hub must coordinate vulnerability scanning, validation, and patch distribution — in "voluntary collaboration" with AI labs and critical infrastructure operators.
Why July 2 matters: This is not the guest-list fight over Mythos or GPT-5.6. It's the infrastructure layer underneath — and agencies face a hard deadline while industry participation stays optional.
The jurisdictional fight:
- Treasury leads. Section 2(d) puts Bessent in charge, not CISA.
- McCaul wanted CISA. Rep. Michael McCaul asked Mullin why CISA wasn't running the clearinghouse — arguing cyber coordination belongs at DHS.
- Mullin said financial gain. Mullin: "When we started looking at the biggest threats that AI is used for, it is through financial gain." Bessent, he added, is "very capable."
Bessent's bet:
- He met LLM lab leaders in San Francisco the weekend before his June 4 Senate hearing.
- Treasury convened the largest banks to write their own AI cyber standards.
- Bessent and former Fed Chair Jerome Powell met bank leaders in April to discuss Anthropic's Mythos rollout.
- Bessent on the EO: it "strikes a very good balance between innovation and safety."
Warner's counter:
- In a June 2 letter, Warner wrote that agentic AI in finance should owe a fiduciary "duty of loyalty to the principal on whose behalf they are acting."
- At the June 4 hearing: banks think "with Mythos, they are totally unprotected."
- On voluntary participation: "I believe will put our banking system at risk, clearly our national security at risk."
- Warner called the final order a "watered-down" version of a stronger draft he'd seen. Bessent insisted the only change was shortening the deadline from 90 to 30 days.
The parallel tracks:
- July 2: Clearinghouse formation (Treasury mandate).
- August 1: Classified benchmarking for "covered frontier models" (Section 3).
- Right now: Commerce guest lists for Mythos and GPT-5.6 Sol — improvised policy running ahead of every formal deadline.
Who's exposed:
- Community banks, rural hospitals, and local utilities named in the EO.
- LLM labs asked to share scan data voluntarily.
- CISA, which Mullin said has shrunk from roughly 3,400 staff to 2,200, supporting Treasury from a thinner bench.
Convina's view: Treasury got the clearinghouse because Washington thinks AI's first casualties will be financial, not diplomatic. That's probably right — but a voluntary patch pipeline doesn't answer what happens when a frontier model finds critical vulnerabilities at machine speed and only a Commerce guest list gets the fix. Bessent is asking banks to write standards while Warner is asking who pays when an agent buys the wrong things. July 2 forces an agency to show up. It doesn't force Silicon Valley to share.