the White House
Image: Margaret Giatras via Unsplash

Trump administration unveils AI-supported clearinghouse for cyber vulnerabilities

The Trump administration on Tuesday announced a new and already operative federal clearinghouse that allows industry, critical infrastructure operators and the government to use artificial intelligence to rapidly detect, prioritize and patch cybersecurity vulnerabilities.

The effort, dubbed Gold Eagle, is housed in the Treasury Department with support from the Pentagon, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency. 

Open-source software providers also are participating in the effort.

“By concept and design, this clearinghouse enables unprecedented cybersecurity AI discovered vulnerability and patching coordination at a speed and scale never seen before,” Sean Cairncross, the national cyber director, said on a press call.

Gold Eagle, the result of a White House executive order published last month, uses AI to detect and fix cyber vulnerabilities in software and networks. 

“These new capabilities make vulnerability discovery a reality at a scale that we have not seen before,” a senior White House official said. 

The clearinghouse will “deconflict and make sure resources are not being wasted fixing or scanning for the same vulnerabilities, that those vulnerabilities are validated, and then a team of industry and government engineers are working to triage, prioritize, and fix those vulnerabilities in a way that mitigates risk for industry absorbing them,” the official said.

The clearinghouse is now ingesting and validating vulnerabilities, the senior official said, and Gold Eagle administrators are creating a system to distribute the vulnerabilities to stakeholders without risking their leaking. 

Closed source models like Anthropic’s Mythos also will be used in the hunt for vulnerabilities, the official said. Last month, the administration forced Anthropic to take its Claude Fable 5 and Mythos models offline, citing security worries, but changed course weeks later and relaxed the order.

The government was supported by Carnegie Mellon University’s Software Engineering Institute in building a platform that Cairncross said would serve as the “intake portion” of the clearinghouse.

The clearinghouse also facilitates what Cairncross called a Vulnerability Information and Coordination Environment (VINTS) that will be a hub for coordination and dissemination inside the clearinghouse.

VINTS allows for “processing and secure sharing, maintaining validation, prioritization, and disclosure vulnerabilities to ultimately patch and remediate defects and software that underpin essential services,” said Cairncross.

Gold Eagle is made possible by the CISA 2015 Act, the senior official said, calling on Congress to reauthorize the law, which expires in September.

“Without that reauthorization, this effort is fundamentally challenged,” the official told reporters.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
Recorded Future
No previous article
No new articles
Suzanne Smalley

Suzanne Smalley

is a reporter covering digital privacy, surveillance technologies and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.