Trump's new AI-powered Gold Eagle will find cyber flaws at unprecedented pace – but can defenders keep up?
The AI eagle has officially landed – rewriting how the industry will coordinate vulnerability discovery.

Image by Cybernews
- The White House launched Gold Eagle, an AI-powered initiative to accelerate vulnerability discovery and coordinated disclosure.
- Gold Eagle will use AI, CISA, and industry partners to identify, prioritize, and verify software vulnerabilities at unprecedented speed.
- The administration revealed little about how Gold Eagle will actually operate or which AI vendors will power it.
- As AI uncovers more flaws than ever, cyber defenders may struggle to validate, patch, and disclose them before attackers strike.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
The White House officially launches Gold Eagle – an AI-powered initiative designed to accelerate vulnerability discovery and coordinate disclosure across the public and private sectors. But as AI uncovers more flaws than ever, the bigger question is whether cyber defenders can keep up.
As frontier AI models upend the old cybersecurity playbook, uncovering software vulnerabilities faster than ever before, the Trump administration is putting those capabilities to work to protect US critical infrastructure.
The new AI-powered initiative – announced Tuesday in coordination with CISA, the US cybersecurity watchdog – aims to dramatically accelerate how software vulnerabilities are identified, prioritized, verified, and ultimately disclosed across government and the private sector.
Gold Eagle puts frontier AI on cyber defense
The White House describes Gold Eagle as a centralized clearinghouse that will leverage advanced AI models alongside open-source software partners and critical infrastructure companies to identify vulnerabilities, reduce duplicative scanning, coordinate exploit verification, and deliver prioritized remediation guidance at what it calls “unprecedented speed and scale.”
“We are bringing a wartime footing to the cyber domain to relentlessly patch vulnerabilities,” said Secretary of War Pete Hegseth.
“Gold Eagle serves as the vanguard of America’s cyber defense. We are leveraging frontier AI alongside top American innovators to safeguard our critical infrastructure and protect the homeland,” Hegseth said.
The new operational model for cyber defense comes on the heels of Anthropic’s recent release of Mythos 5, a security model so powerful that only a select group of government-approved organizations can access it.
The fear is that Mythos' extraordinary vulnerability hunting-capabilities could fall into the hands of nation-state adversaries and threaten national security.
Frontier AI is already uncovering more vulnerabilities
While coordinated vulnerability disclosure itself is nothing new, Gold Eagle represents the federal government's first major effort to apply frontier AI to discovering, prioritizing, and coordinating vulnerabilities at scale.
Frank Teruel, Chief Operating Officer at Arkose Labs, calls Gold Eagle “a major shift in cybersecurity.”
“We are entering a new era where the speed, scale, and sophistication of attacks are outpacing traditional security approaches,” he explains.
However, Teruel also points out that although
“AI can help defenders identify and prioritize risk faster, attackers are using the same technology to automate campaigns, discover weaknesses, and adapt their tactics in real time.”
“As AI agents become more embedded into digital experiences, the challenge will extend beyond finding vulnerabilities - it will be about understanding intent and determining what activity can be trusted,” he said.
Earlier this month, Reuters reported the US Cybersecurity and Infrastructure Security Agency (CISA) is already using Mythos to audit government code for vulnerabilities.
In late June, the US Commerce Department first restored access to the model for a limited number of trusted US organizations and government partners, and then ended broader export controls on Mythos 5 and its watered-down Fable 5 after Anthropic agreed to additional safeguards.
The timing is also notable as Microsoft this week released one of its largest Patch Tuesday updates on record – patching a whopping 622 flaws found through AI-assisted discovery.
Could disclosure become the next bottleneck?
The Trump Administration says Gold Eagle has already begun to intake and prioritize identified cybersecurity vulnerabilities across industries and sectors, coordinate scanning verifications - all to ultimately ensure the security of our nation’s software and networks.
But despite all the hurrah, the White House has disclosed little detail about how the initiative will actually operate.
The administration has not publicly identified which AI vendors are participating in which stages of the discovery lifecycle, or whether commercial frontier models such as Mythos or OpenAI’s rival Daybreak will power the platform.
The announcement also leaves unanswered questions as to how vulnerabilities will be prioritized, whether AI or human analysts will make those decisions, and how findings will ultimately move through existing coordinated vulnerability disclosure processes.
If AI continues accelerating vulnerability discovery, experts say the bigger challenge may no longer be finding software flaws – but processing them.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Security teams must still validate findings, determine exploitability, coordinate with affected vendors, develop patches, and responsibly disclose vulnerabilities before attackers can weaponize them.
The potential volume and scale of discovery could create a major remediation bottleneck, leaving IT teams scrambling to apply large volumes of patches long after critical vulnerabilities have been disclosed.
Has your password leaked?