Requires National Security Agency Director to develop AI security guidance defending against nation-state theft or sabotage, identify vulnerabilities, and collaborate with external entities. Requires publishing and updating the guidance at classified or unclassified levels.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding legislative act from the United States Congress with mandatory language requiring the NSA Director to develop AI security guidance, using 'shall' throughout to establish legal obligations.
The document has good coverage of approximately 5-6 subdomains, with strong focus on AI system security (2.2), cyberattacks and weapons (4.2), competitive dynamics (6.4), dangerous capabilities (7.2), and lack of robustness (7.3). Coverage is concentrated in security, nation-state threats, and AI system vulnerabilities.
This document primarily governs National Security operations by requiring the NSA to develop AI security guidance. It also has implications for Scientific Research and Development Services and Information sectors through voluntary collaboration with research entities and private sector entities developing AI technologies.
The document covers multiple AI lifecycle stages with primary focus on Build and Use Model (identifying vulnerabilities in AI technologies), Deploy (protecting AI supply chains and deployment), and Operate and Monitor (detecting and responding to nation-state cyber threats). It also addresses Plan and Design through security strategy identification.
The document explicitly mentions 'artificial intelligence technologies', 'artificial intelligence systems', and 'advanced artificial intelligence' multiple times. It focuses on AI model safety and security but does not specify particular types of AI (frontier, general purpose, task-specific, etc.) or compute thresholds.
United States Congress
The document is Section 6601 of the National Defense Authorization Act for Fiscal Year 2026, which is proposed and enacted by the United States Congress as federal legislation.
National Security Agency Director
The NSA Director is responsible for implementing the requirements of this section by developing, publishing, and updating the AI security guidance as mandated by the legislation.
National Security Agency Director
The NSA Director is implicitly responsible for monitoring through the requirement to update the guidance from time to time and through collaboration with various entities on AI model safety and security.
National Security Agency Director; departments and agencies of the United States Government; research entities; private sector entities
The primary target is the NSA Director who must develop the guidance. Secondary targets include government agencies, research entities, and private sector entities who will receive and potentially implement the security guidance on a voluntary basis.
5 subdomains (3 Good, 2 Minimal)