Overview
Severity: MEDIUM | Affected: US Federal Government | Category: policy
The United States Congress has passed the landmark 'AI Security and Transparency Act of 2026,' establishing the first federal-level cybersecurity requirements for developers of 'critical AI systems.' The law, which will be enforced by CISA and the FTC, mandates that companies developing foundation models or AI systems used in critical infrastructure sectors must adhere to a new set of security standards. Key provisions include mandatory third-party red teaming to identify and mitigate potential harms like bias, misuse, and jailbreaking before public deployment. Furthermore, the act requires companies to maintain and provide a Software Bill of Materials (SBOM) for their AI models, detailing the datasets and libraries used in training. This is intended to increase transparency and help mitigate supply-chain risks. The bill has been met with mixed reactions, with safety advocates praising it as a vital step forward while some industry groups have raised concerns about the compliance burden.