New AI executive order puts urgency on hardening systems before adversaries catch up

A week after the White House issued a new executive order on artificial intelligence and cybersecurity, Daniel Kroese says one of the central challenges is not simply building more powerful AI tools. It is getting those tools into the hands of the organizations that need them most.

Kroese, vice president of global policy at Palo Alto Networks and a senior fellow at the McCrary Institute, told Frank Cilluffo on the Cyber Focus podcast that the order reflects a growing recognition that frontier AI is becoming a practical cyber defense capability — but that access alone will not be enough for smaller, resource-constrained operators.

The executive order, released June 2, directs federal agencies to expand AI-enabled cyber defense tools and facilitate access for government agencies, state and local authorities, and critical infrastructure operators, including rural hospitals, community banks and local utilities. It also creates a voluntary framework for certain frontier models and calls for an AI cybersecurity clearinghouse to help coordinate vulnerability discovery, validation, remediation and patching.

Kroese said that focus on under-resourced infrastructure operators is critical because many of them cannot simply absorb frontier AI capability on their own.

“We also have to recognize that for your average electric utility or water treatment plant, if we were to give them Mythos or GPT-5.5 access tomorrow, due to the operational realities of how they are organized, they wouldn’t know what to do with it,” Kroese said. “So it’s not as simple as just flicking on access. It’s about how do we scale and democratize the cyber defense benefits of these models.”

That, Kroese said, is where managed services, prioritization and usable defensive tools become essential. The issue is not whether AI can find more vulnerabilities or process more data. It is whether those capabilities can be translated into practical risk reduction for hospitals, utilities, banks, water systems and local governments that already face serious capacity constraints.

The urgency comes from the speed at which frontier models are changing the cyber landscape. Kroese pointed to an internal Palo Alto Networks exercise using Anthropic’s Mythos model that dramatically sped up their red-teaming process.

“We’re not talking 5 percent better, 10 percent better, 15 percent better,” he said. “We’re talking about doing something in three weeks that would have taken us one, if not more, years previously. So that is an inflection point.”

For Kroese, that acceleration helps explain why policymakers are treating cybersecurity as a core AI issue. Frontier AI can help defenders discover flaws, prioritize risk and respond faster. But the test will be whether those capabilities reach the hospitals, utilities, banks, water systems and local governments that cannot defend at that speed on their own.

“We have a head start, but it is not an infinite head start,” Kroese said.

You can find the full conversation and other Cyber Focus episodes wherever you get podcasts or at McCraryInstitute.com.