Wed 15 Jul 2026 / 20:41 ET
Kernel
Security 3 min read

White House opens AI vulnerability clearinghouse at Treasury

Gold Eagle is already taking in vulnerability reports and is meant to coordinate AI-assisted scanning, validation and patching across government and industry.

Dana Voss

By Dana Voss / Security Correspondent

White House opens AI vulnerability clearinghouse at Treasury
img: The Record

The Trump administration on Tuesday announced Gold Eagle, a federal clearinghouse meant to use artificial intelligence to find, rank and help fix cybersecurity vulnerabilities across government systems, industry networks and critical infrastructure.

The operation sits inside the Treasury Department, with support from the Pentagon, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, according to administration officials. Open-source software providers are also taking part.

Sean Cairncross, the national cyber director, told reporters that the clearinghouse is designed to coordinate AI-discovered vulnerabilities and patching at a speed and scale the government says it has not previously had. A senior White House official said Gold Eagle is already ingesting and validating vulnerability information.

How Gold Eagle is supposed to work

The basic job is coordination, which sounds dull until a dozen teams are burning time scanning for the same bug or pushing incompatible fixes. A senior White House official said the clearinghouse will reduce duplicate work, validate reported vulnerabilities and assign government and industry engineers to rank and address defects based on risk.

Gold Eagle came out of a White House executive order issued last month. Administration officials described it as a way to apply AI systems to vulnerability discovery in software and networks, then move validated findings toward patching without spraying sensitive details across the internet.

The distribution part is still being built. The senior official said Gold Eagle administrators are developing a process for sending vulnerability information to the right stakeholders while reducing the chance that the details leak before fixes are ready.

Carnegie Mellon University’s Software Engineering Institute helped the government build a platform that Cairncross described as the intake layer for the clearinghouse. Cairncross also said Gold Eagle includes a Vulnerability Information and Coordination Environment, or VINTS, to support internal coordination and sharing.

According to Cairncross, VINTS is intended to process and securely share vulnerability information while maintaining validation, prioritization and disclosure workflows so defects in software supporting essential services can be patched or otherwise remediated.

Anthropic models are back in the mix

The senior White House official said closed-source AI models, including Anthropic’s Mythos, will also be used to hunt for vulnerabilities. That detail comes with some awkward timing: last month, the administration ordered Anthropic to take its Claude Fable 5 and Mythos models offline over security concerns, then eased that order weeks later.

Officials did not provide technical performance data for the models or a public accounting of what changed between the earlier security action and the decision to use Mythos in Gold Eagle. For now, the administration is presenting the clearinghouse as an operational coordination system, not as proof that AI can replace the existing vulnerability disclosure machinery.

A senior White House official said Gold Eagle depends on the CISA 2015 Act, which expires in September, and urged Congress to reauthorize it. The official warned reporters that the effort would face serious problems without that renewal.

This story draws on original reporting from The Record.

More Security/

view all ↗