Requires the Secretary of Defense to develop a cybersecurity policy for AI/ML systems no later than 180 days after the act is passed. Develop a comprehensive review of the effectiveness of the AI/ML policies. Addresses potential security risks, implements methods to mitigate those risks, and establishes standard policy. Requires a comprehensive report of the threats and cybersecurity measures by August 31, 2026.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding legislative instrument enacted by the United States Congress as part of the National Defense Authorization Act, containing mandatory requirements with specific deadlines and enforcement through the Department of Defense's authority structure.
The document has good coverage of approximately 5-6 subdomains, with strong focus on AI system security vulnerabilities (2.2), malicious actors and cyberattacks (4.2), governance failure (6.5), and AI system safety/robustness (7.3). Coverage is concentrated in security, threat mitigation, and governance domains specific to Department of Defense AI/ML systems.
This document exclusively governs AI/ML use within the National Security sector, specifically within the Department of Defense. It establishes comprehensive cybersecurity and governance requirements for AI systems used in national defense applications, with no coverage of other economic sectors.
The document explicitly covers multiple AI lifecycle stages with particular emphasis on deployment, operation and monitoring. It addresses security measures throughout the entire lifecycle, from development through operational use, with detailed requirements for testing, auditing, monitoring, and governance of AI/ML systems in national defense applications.
The document explicitly mentions both AI systems and machine learning throughout, with specific focus on models for AI and ML. It addresses AI/ML used in national defense applications but does not explicitly distinguish between frontier AI, general purpose AI, task-specific AI, foundation models, generative AI, or predictive AI. There is no mention of compute thresholds or open-weight/open-source models.
United States Congress
The document is Section 1512 of the National Defense Authorization Act for Fiscal Year 2026, which is proposed and enacted by the United States Congress as indicated by the title and legislative format.
Secretary of Defense; Committees on Armed Services of the House of Representatives and the Senate
The Secretary of Defense is designated as the primary enforcer responsible for developing, implementing, and reviewing the policy. Congressional oversight is provided through the Committees on Armed Services, which receive mandatory reports.
Secretary of Defense; Committees on Armed Services of the House of Representatives and the Senate
The Secretary of Defense is required to conduct a comprehensive review to assess the effectiveness of AI/ML cybersecurity practices and report findings to Congressional committees, establishing both executive and legislative monitoring mechanisms.
Department of Defense; personnel of the Department of Defense
The policy explicitly targets the Department of Defense and its workforce, requiring them to implement cybersecurity measures for AI/ML systems used in national defense applications and to ensure personnel are trained to identify and mitigate AI-specific vulnerabilities.
8 subdomains (4 Good, 4 Minimal)