The United States has no reliable way to measure frontier AI risk, no agreed process for acting on it, and no institution built to do either, according to a new analysis published July 13, 2026, by John Bailey, a nonresident senior fellow at the American Enterprise Institute. The report points to recent government-ordered restrictions on advanced AI models as evidence of what Bailey calls "vibe policymaking" — ad hoc, deal-by-deal reactions with no clear standard, public explanation, or predictable process. The analysis argues this improvisational approach can't keep pace with accelerating AI capabilities and is already driving states to create their own fragmented regulations.

In early June 2026, Anthropic released Mythos 5 and its restricted consumer version, Fable 5 — models that write complex code and find software vulnerabilities with minimal prompting. Days later, the Administration ordered Anthropic to cut off access to all foreign nationals, effective immediately. Unable to verify nationality in real time, Anthropic pulled the models entirely. OpenAI held back its own GPT-5.6 series at the government's request. Weeks later, there's still no official notice of what triggered the action or what led to the lifting of the restrictions, including GPT-5.6 a few days later. Anonymous officials suggested it was an Amazon finding that bypassed Fable's safeguards, but that same vulnerability was also in weaker models publicly available since October 2025. Illinois became the first state last week to require a third-party audit of AI models.

The report warns that "without a shared understanding of risk, the government cannot tell a breakthrough risk from an old vulnerability in a more powerful wrapper." Bailey writes that a government unable to explain why one model is restricted while similar capabilities remain available elsewhere "will struggle to sustain public trust, industry cooperation, or international credibility, and will make the next crisis harder to manage." According to the analysis, Anthropic has said Claude wrote more than 80 percent of its own code, up from low single digits a year earlier, and researchers believe it's plausible that within a few years we'll see three years of progress compressed into one. The report states that "the governance gap is not static; it compounds."

Bailey argues the federal incoherence is producing precisely what industry, policymakers, and states say they want to avoid: a fragmented fifty-state patchwork rather than light-touch national policy. The report traces the problem to a lack of institutional capacity — the federal government may not yet have the in-house expertise to evaluate frontier AI risks at the speed and sophistication the moment requires. Each ad hoc intervention sets a precedent that either builds toward a predictable process or makes the next one more arbitrary, the analysis notes. The underlying danger is timing: every safety question the U.S. struggles to answer today gets harder as capabilities accelerate, and every delay in building institutional capacity gets more costly.

The report lays out three recommendations. First, federal agencies need structured, ongoing pre-release access to frontier labs so government can assess risks honestly and prepare for capabilities adversaries will eventually field. Second, the country needs shared standards — including a scoring system for model risks analogous to how the security world scores software vulnerabilities, a response ladder that maps each severity level to a predefined action, national standards for independent third-party audits, and clear lines of authority defining who decides, on what evidence, with what notice, and with what recourse. Third, the government needs deeper technical expertise, with the Center for AI Standards and Innovation strengthened, adequately funded, and connected directly to national security agencies. Bailey concludes that "the ideas for governing this technology are maturing fast. The institution capable of holding them is not."