A Texas lawmaker on Thursday has proposed new AI incident reporting rules that would require AI companies such as Anthropic and OpenAI to report critical security incidents – as well as dangerous model behaviour – to Washington within seven days.

Why lawmakers want AI incident reporting

The draft legislation, introduced by Republican Congressman Nathaniel Moran of Texas, would give AI model developers just one week to report incidents to the US Commerce Department.

Furthermore, the “most serious incidents,” – including those that pose significant risks to national security or public safety – would have to be reported to Congress within 48 hours, according to the proposed bill.

“AI is a powerful engine of innovation, and I want to see it flourish, but not without accountability and not without human oversight,” the Congressman said, stressing that when high-capability AI systems go awry, the US Government needs to know about it, so they can respond quickly.

"It's a catch-it-early and sound-the-alarm bill," Moran said in an interview.

The proposal comes as policymakers and national security experts grapple with the risks posed by frontier AI models, which are becoming increasingly capable and have raised concerns about misuse, cyber threats, and public safety.

What companies would have to disclose

The move comes just one day after AI startup Anthropic accused Chinese tech giant Alibaba of illicitly extracting capabilities from its Claude Mythos AI model in what it called the largest known AI model distillation campaign.

The "industrial-scale" AI harvesting campaign found that the company’s AI lab, Qwen, created nearly 25,000 fake accounts and generated almost 30 million exchanges with Claude in its effort to siphon the model’s capabilities.

As part of the draft bill, required incident reporting would include the following:

• Attempts to evade human oversight or resist shutdown.
• Unauthorized access to or theft of model weights.
• Capabilities that could enable cyberattacks against critical infrastructure.
• Evidence that a model can autonomously accelerate the development of more powerful AI systems.
• Chemical, biological, radiological, nuclear, and explosive threats.

It was also revealed Tuesday that during a testing exercise carried out by US intelligence agencies, the Mythos frontier model essentially “broke into almost all of our classified systems, not in weeks, but in hours," according to congressional testimony by Senator Mark Warner of Virginia in June.

Earlier this month, Anthropic was pressured to disable global access to its powerful cybersecurity model, Claude Mythos, due to its ability to detect and exploit vulnerabilities at record speed.

Access to Mythos, including its recently launched, public-friendly version, Fable 5, has also been banned across US federal agencies by the Trump administration due to national security concerns.

Moran’s office says the bill is the latest AI regulation to be proposed in Congress, “which has struggled to pass legislation amid debate over whether federal law should preempt state laws" and whether guardrails could slow innovation and US competition with China.

---

Unlock more exclusive Cybernews content on YouTube.