Treasury to Launch AI Vulnerability Clearinghouse Within 30 Days

Treasury Secretary Scott Bessent will establish an AI cybersecurity clearinghouse within 30 days, following directives in a new artificial intelligence executive order released by the White House this week. The initiative aims to coordinate vulnerability scanning, discovery, and patch distribution across government and industry.

The clearinghouse will be developed in consultation with the national cyber director, the secretaries of Homeland Security and Defense, and directors of the National Security Agency and the Cybersecurity and Infrastructure Security Agency, according to details first reported by FedScoop.

The executive order calls for voluntary collaboration with AI companies and critical infrastructure operators rather than mandating participation—a decision that sparked immediate pushback during a Senate Finance Committee hearing Wednesday.

Voluntary approach draws Senate criticism

Senator Mark Warner (D-Va.) challenged Bessent on the voluntary framework, arguing it creates unacceptable risk. "The idea that we're going to have only a voluntary regime, I believe, will put our banking system at risk, [and] clearly our national security at risk," Warner said during the hearing.

Warner characterized the final order as a "watered-down" version of an earlier draft he had reviewed, suggesting previous versions contained stronger language around industry participation requirements.

Bessent disputed this characterization, stating the only substantive change between drafts was accelerating the clearinghouse timeline from 90 days to 30 days. He defended the order as striking "a very good balance between innovation and safety."

Agentic AI concerns surface

The hearing also addressed emerging questions around agentic AI systems in financial services. Warner sent a letter to Bessent ahead of the hearing requesting Treasury develop clear guidance on deploying AI agents that can act autonomously.

"Agentic AI is a rapidly evolving area of technology, and a lack of regulatory clarity stifles innovation, puts financial institutions and their customers at risk, and increases the potential of American financial institutions and technology companies from being at a global market disadvantage," Warner wrote.

Bessent noted he has engaged with major language model developers and convened meetings between AI executives and leaders from the country's largest banks. He said banks possess strong cybersecurity capabilities that other industries can learn from.

Bessent and former Federal Reserve Chair Jerome Powell met with major U.S. banks in April to discuss Anthropic's Mythos model, which can autonomously identify cyber vulnerabilities but has raised concerns about potential misuse of its hacking capabilities.

Why it matters

The voluntary nature of the AI vulnerability clearinghouse represents a fundamental policy choice between regulatory mandates and industry self-governance. With AI systems increasingly integrated into critical financial infrastructure and national security operations, the effectiveness of voluntary coordination mechanisms will directly impact how quickly vulnerabilities are discovered and patched across sectors. The debate reflects broader tensions between fostering AI innovation and ensuring adequate security controls as these systems gain autonomous capabilities.

Ilona Cohen, chief legal and policy officer at HackerOne, noted the clearinghouse concept mirrors recommendations in the White House's AI Action Plan to create an AI Information Sharing and Analysis Center, suggesting the administration is building lasting coordination infrastructure for AI-related cyber risks.

FedScoop first reported these details from the Senate Finance Committee hearing and the executive order provisions.