CAISI Bill Advances: NIST AI Testing Office Gets $20M Plan

The Center for AI Standards and Innovation is already testing frontier models and publishing security work, but Congress is now moving to give the NIST-based office a statutory foundation and up to $20 million annually through 2032. For Windows administrators and enterprise AI teams, the change matters because CAISI could become the federal body shaping how advanced models are evaluated before they reach productivity platforms, developer tools, cloud services and government procurement.
Transformer’s reporting this week argues that CAISI has been technically active yet politically sidelined during consequential disputes involving Anthropic and OpenAI models. The central problem is less whether the agency can conduct serious evaluations than whether its findings carry enough institutional weight when White House, Commerce, Treasury, defense and industry interests collide.
NIST’s own public record shows CAISI is hardly dormant. The center has published work on agent-evaluation failures, monitoring deployed systems, red-team competition findings and a May 2026 evaluation of DeepSeek V4 Pro. It also says it has worked with OpenAI and Anthropic on security improvements alongside the UK AI Security Institute.
What CAISI does not have is a clear legal power to require a frontier-model developer—or another federal office—to follow its conclusions.

A digital collage depicts AI, cybersecurity, cloud computing, and law balanced on scales before the U.S. Capitol.The testing office has a mandate, but not a final say​

CAISI sits inside the Department of Commerce’s National Institute of Standards and Technology, the federal agency best known to IT professionals for security publications, cryptographic standards and the NIST Cybersecurity Framework. Its stated role is broad: establish voluntary agreements with AI companies, evaluate U.S. and foreign models for national-security risks, study vulnerabilities including possible backdoors, coordinate with agencies such as DoD and DOE, and develop voluntary standards.
That produces an unusual mismatch. CAISI can evaluate a model’s cyber, biosecurity or chemical-weapons capabilities; it can identify weaknesses in safeguards; and it can work with labs on remediation. But the developer still determines whether and when to ship a system, while the ultimate policy response can be determined elsewhere in government.
Transformer characterizes that divide as a key factor in recent administration decisions involving Anthropic’s Mythos and Fable models and OpenAI’s GPT 5.6. The publication reports that CAISI leader Chris Fall was briefed on technical capabilities and that the office tested Anthropic’s model shortly before access was cut off, yet broader political and commercial considerations appeared to drive the resulting decisions.
That account should be understood as reporting about internal deliberations, not a formal public finding. But the structural issue is easy to see from CAISI’s official mandate: the operative words are “voluntary agreements,” “guidelines” and “collaborative research.” Those are valuable tools for a standards body, but they do not amount to a licensing regime or a mandatory release gate.
For IT departments, this is more than a Washington turf battle. An enterprise may see assurances in a model card, a vendor’s red-team summary or a cloud provider’s statement that government testing occurred. Those documents are useful inputs, but they are not equivalent to a regulator’s binding approval or an independently enforceable certification.

Congress has chosen the incremental route first​

On June 25, the House Science, Space and Technology Committee advanced H.R. 9363, a bipartisan bill sponsored by Rep. Jay Obernolte, R-Calif. The measure would establish the Center for AI Security and Innovation within NIST, slightly changing the current name while preserving the CAISI acronym.
According to Rep. Lori Trahan’s office, the bill would direct the center to evaluate frontier AI models for national-security risks and support voluntary standards. Roll Call reported that the bill authorizes $20 million per year for fiscal years 2027 through 2032, compared with up to $10 million appropriated for fiscal 2026.
That is a meaningful step in government terms, but it is not the $100 million expansion that Obernolte initially sought. During the committee’s markup, he offered and later withdrew an amendment to raise the authorization to $100 million annually, saying the lower figure would be inadequate for the responsibilities under discussion.
The House action does two important things even at the lower number. First, it would make CAISI harder to erase, rename away or repurpose by administrative decision. Second, it gives the office a clearer congressional identity at a time when its mission stretches from frontier-model evaluations to AI-agent security, international competition and interagency coordination.
The bill remains only one step in a long legislative process. Committee approval is not enactment, and Congress still has to reconcile competing AI priorities, appropriations limits and wider disagreements over federal versus state regulation.

The larger proposal reaches beyond a bigger budget​

The bill is also a stripped-down piece of a more ambitious discussion draft: the Great American Artificial Intelligence Act, developed by Obernolte and Trahan. That proposal would combine frontier-model policy, workforce issues, research infrastructure and other AI measures. It has generated controversy, particularly around proposed federal preemption of state AI laws, making a single comprehensive package difficult to move.
Transformer reports that the broader proposal contemplated relocating CAISI outside NIST—though still within Commerce—and creating a regulator-adjacent system for licensing independent verification organizations. Under that model, frontier developers would need to use an approved auditor, even if the companies would not necessarily be forced to implement every recommendation.
That distinction is crucial. A government can create a testing ecosystem without creating a traditional AI regulator. The former gives developers common measurement methods, disclosure expectations and a credible outside assessment. The latter creates legal obligations, enforcement mechanisms and potentially release restrictions.
Washington appears much closer to the first option. It is a politically easier path and fits NIST’s historical role. But it also leaves the hardest question unresolved: what happens when an evaluator identifies a dangerous capability, the developer disputes the finding, and the model is commercially or strategically important?

The UK comparison is useful—but not a blueprint​

Transformer contrasts CAISI with the UK AI Security Institute, arguing that the British body has more funding, more personnel and stronger cross-government influence despite lacking direct regulatory power. The UK institute has been cited in recent model documentation for vulnerabilities uncovered during evaluations, while CAISI’s work is less visible in public model cards.
The comparison should not be reduced to a headcount contest. The United States has a larger AI industry, a more fragmented federal system and powerful agencies with overlapping stakes in export controls, national security, economic competition, procurement and defense use. Simply moving CAISI to another department would not automatically solve those conflicts.
Still, the UK example supports a practical lesson: technical evaluations have greater effect when they are integrated into decisions made by cyber authorities, procurement officials, national-security agencies and political leadership. An evaluator that works in isolation can produce excellent research without changing deployment outcomes.
CAISI’s partnership with the UK institute and its own work with OpenAI and Anthropic show that cooperation is possible. The next test is whether Congress and the administration make that cooperation durable—and whether findings can influence policy before systems are widely deployed.

Enterprise teams should watch the standards, not wait for a seal of approval​

The immediate consequence for Windows and cloud administrators is not a new federal compliance checkbox. There is no CAISI certification that makes Copilot, Azure-hosted models, agent frameworks or third-party AI tools automatically safe for enterprise deployment.
Instead, CAISI’s most relevant near-term output will be methods: evaluation practices, security guidance, disclosure templates and AI-agent standards. NIST has already positioned the center as a hub for voluntary testing and collaboration, while its AI Agent Standards Initiative focuses on agents that can take actions across data, applications and external services.
That is the risk area where enterprises should stay conservative. A capable agent with access to Microsoft 365, Entra ID-connected applications, PowerShell, source repositories or ticketing systems is not merely a chatbot. It is a workload with identity, permissions, logging, data-loss and change-management implications.
CAISI’s future authority may remain unsettled, but its technical work is likely to filter into vendor documentation, federal procurement requirements and security expectations. The House bill could ensure that the office survives long enough to shape those norms. Whether it ever gains the leverage to decide what a frontier model should not be allowed to do remains the real policy fight.

References​

  1. Primary source: Transformer | Substack
    Published: 2026-07-16T15:34:07+00:00
 

Back
Top