FY2026 NDAA, Section 6601 ("Artificial Intelligence security guidance")

Proposed 2025-03-14 | Enacted 2025-12-18 | Official source

Summary

Requires National Security Agency Director to develop AI security guidance defending against nation-state theft or sabotage, identify vulnerabilities, and collaborate with external entities. Requires publishing and updating the guidance at classified or unclassified levels.

This summary is awaiting validation (peer review by a second AGORA editor).

Key facts

🏛️ This document has been enacted by the United States Congress. For authoritative text and metadata, visit the official source.

🎯 This document primarily applies to the government, rather than the private sector.

📜 This document's name is National Defense Authorization Act for Fiscal Year 2026, Section 6601 ("Artificial Intelligence security guidance"). AGORA also tracks this document under the name FY2026 NDAA, Section 6601 ("Artificial Intelligence security guidance"). It is part of FY2026 NDAA.

↳ This document is part of a longer one: FY2026 NDAA. Some AGORA documents are "split off" from longer documents that mix AI and non-AI content, such as omnibus authorization or appropriations laws in the United States Congress. Read more >>

Themes AI risks, applications, governance strategies, and other themes addressed in AGORA documents.

Thematic tags for this document are awaiting validation (peer review by a second AGORA editor).

Risk factors (2)

Governance strategies (1)

Governance development This tag applies to documents that support, encourage, or require the development of, or impose conditions on, other, subsequent public or private governance instruments related to the development or deployment of AI systems.

Full text

This is an unofficial copy. The document has been archived and reformatted in plaintext for AGORA. Footnotes, tables, and similar material may be omitted. For the official text, visit the original source.
Thematic tags for this document are awaiting validation (peer review by a second AGORA editor).

SEC. 6601. ARTIFICIAL INTELLIGENCE SECURITY GUIDANCE. Section 6504 of the Intelligence Authorization Act for Fiscal Year 2025 (division F of Public Law 118-159) is amended-- (1) in subsection (c)-- (A) by redesignating paragraph (3) as paragraph (4); and (B) by inserting after paragraph (2) the following new paragraph (3): ``(3) In accordance with subsection (d), developing security guidance to defend artificial intelligence technologies from technology theft by nation-state adversaries.''; (2) by redesignating subsection (d) as subsection (e); and (3) by inserting after subsection (c) the following: ``(d) Artificial Intelligence Security Guidance.-- ``(1) Elements.--In developing the guidance pursuant to subsection (c)(3), the Director of the National Security Agency shall-- ``(A) identify vulnerabilities in advanced artificial intelligence technologies, with a focus on cybersecurity risks and security challenges unique to protecting such technologies from theft or sabotage by nation-state adversaries; ``(B) identify elements of the artificial intelligence supply chain or development or product lifecycle that, if accessed by nation-state adversaries, would contribute to progress made by nation-state adversaries on advanced artificial intelligence or would provide opportunities to adversaries to compromise the confidentiality, integrity, or availability of artificial intelligence systems or associated supply chains; and ``(C) identify strategies for artificial intelligence technologies to identify, protect, detect, respond, and recover from nation-state adversary cyber threats.

``(2) External collaboration.--In developing the guidance pursuant to subsection (c)(3), the Director of the National Security Agency may collaborate, on a voluntary basis, with other departments and agencies of the United States Government, research entities, and private sector entities, as determined appropriate by the Director, on artificial intelligence model safety and security, including through the provision of any computing resources the Director determines appropriate. ``(3) Security guidance form.--The Director of the National Security Agency shall publish, and may update from time to time, the security guidance developed under subsection (c)(3) to share with departments and agencies of the United States Government, research entities, and private sector entities, as determined appropriate by the Director, at unclassified or classified levels.''.