The House Science Committee advanced a bill on June 25 that would turn the Center for AI Standards and Innovation—the federal office that tests frontier models but has no say over their release—into a permanent, congressionally authorized agency with up to $20 million a year through 2032. For Windows admins and enterprise IT leaders, the move signals that a stronger, more stable federal AI evaluation framework is slowly taking shape, even as the office remains entangled in political battles over export controls and model approvals.
What CAISI actually does—and doesn’t do
CAISI sits inside the National Institute of Standards and Technology at the Department of Commerce. Its official mandate sounds sweeping: evaluate U.S. and foreign AI models for national-security risks, study vulnerabilities, coordinate with agencies like the Defense and Energy departments, and develop voluntary standards. In practice, the center has published detailed work on agent-evaluation failures, ran red-team competitions, and in May 2026 completed a security evaluation of DeepSeek V4 Pro.
But the operative word is “voluntary.” CAISI can test a model, find dangerous capabilities, and recommend fixes—yet the developer alone decides whether to ship the system. The office lacks any statutory authority to block a release or force a company to implement its findings. That gap became starkly visible earlier this year when the administration imposed export controls on Anthropic’s Mythos and Fable models and delayed then approved OpenAI’s GPT 5.6. According to a Transformer investigation published July 16, CAISI lead Chris Fall was briefed on technical capabilities and tested Anthropic’s model just before access was cut off, but the decision was driven by White House, Treasury, and Commerce officials with no binding input from the evaluators.
Sources told Transformer that Commerce Secretary Howard Lutnick—the department that houses CAISI—appeared to have less influence than Chief of Staff Susie Wiles, former AI czar David Sacks, or Treasury Secretary Scott Bessent. The office has been further undermined by administrative actions: in April, the White House removed Collin Burns, a respected former Anthropic researcher, as CAISI head after only four days. In May, Commerce scrubbed a webpage listing testing agreements with xAI, Google, and Microsoft, and in June it blocked publication of model assessment reports.
The contrast with the UK AI Security Institute is instructive. The British body has nearly six times the funding, three times the staff, and its evaluations have been cited in model cards for both GPT 5.6 and Anthropic’s Mythos. UK AISI also lacks direct regulatory powers, but its closer integration with cyber authorities and the prime minister’s office gives it more influence over deployment decisions. OpenAI’s model card for GPT 5.6 listed multiple vulnerabilities found by the UK institute; none from CAISI.
What Congress is proposing—and what it isn’t
H.R. 9363, the AI Security and Innovation Act, aims to fix one part of the problem. The bipartisan bill, sponsored by Rep. Jay Obernolte (R-Calif.) and supported by Rep. Lori Trahan (D-Mass.), would codify CAISI into law, making it harder for any administration to sideline or erase the office. It authorizes $20 million per year from fiscal 2027 through 2032, a step up from the roughly $15 million CAISI operated with this year (a mix of $10 million in appropriations and a Technology Modernization Fund loan split over two years).
But $20 million is far less than the $100 million Obernolte initially sought. During the markup, he offered and later withdrew an amendment to raise the authorization to that level, acknowledging the lower figure would be inadequate for the job. The ceiling was imposed by House appropriations rules, which cap the funding a new program can receive. The approved bill also directs CAISI to evaluate frontier models for national-security risks and support voluntary standards—essentially codifying what it already tries to do, now with a congressional stamp.
The legislation is a carve-out from the much larger Great American Artificial Intelligence Act discussion draft, which Obernolte and Trahan developed but haven’t introduced. That broader package would relocate CAISI outside NIST (though still within Commerce), authorize $100 million, and create a licensing regime for independent verification organizations that would audit frontier models. Under that model, companies would need to use an approved auditor, though they wouldn’t be forced to implement every recommendation. Such a system would edge closer to a regulatory apparatus, but the preemption of state AI laws in the draft has made it unpassable this session.
For now, lawmakers are taking the incremental path: give CAISI legal permanence and a modest budget increase, then study whether it should be moved elsewhere. The AI Security and Innovation Act also calls for an evaluation of moving CAISI out of NIST, potentially to the Department of Energy, State, or Defense—agencies where national-security missions might be better aligned with safety evaluations than Commerce’s economic-growth mandate.
What this means for Windows admins and enterprise IT
No one should expect a new federal compliance checkbox to appear in Azure or Microsoft 365 dashboards. There is no CAISI certification that makes Copilot, Azure-hosted models, or third-party AI tools automatically safe for enterprise use. The bill doesn’t create one.
Instead, the near-term payoff for IT teams will be in methods and standards. NIST has already positioned CAISI as a hub for voluntary testing, and its AI Agent Standards Initiative focuses on agents that can take action across data, applications, and external services—precisely the kind of autonomous workloads that Windows and cloud admins are beginning to deploy. An agent with access to PowerShell, Entra ID-connected apps, SharePoint, or source repositories isn’t a chatbot. It’s a workload with identity, permissions, and the ability to exfiltrate or alter data. CAISI’s work on agent-evaluation failures—where testing reveals that agents can break out of guardrails or carry out unintended sequences—provides concrete guidance for building safer agent systems.
CAISI’s evaluations of foreign models, such as the recent DeepSeek V4 Pro review, will also shape federal procurement rules. If a model is flagged for vulnerabilities or suspicious origins, agencies may be barred from using it, and vendors selling to the government will need to adapt. For enterprises, even those outside government contracting, these signals often trickle down into compliance frameworks and insurance requirements.
Model cards and system cards that cite CAISI evaluations could become more common if the center’s stability improves. Currently, as Transformer reported, Anthropic’s and OpenAI’s latest cards list vulnerabilities from the UK institute but not from CAISI. A codified, better-funded CAISI might start showing up in those transparency documents, giving enterprises a federal benchmark to compare against vendor claims.
What to do now
Monitor CAISI publications. Bookmark NIST’s AI standards pages and the CAISI GitHub repositories. The center’s agent-testing protocols and red-teaming guides are directly useful for internal security reviews.
Audit your AI agent permissions. If your organization uses Copilot, custom Azure AI agents, or third-party agent frameworks, map what identities they use, what they can access, and what actions they can take. Assume an agent that can write to a file share could also, under some prompt injection, delete it. Apply least privilege.
Push vendors for evaluation transparency. When a vendor says a model was “tested by NIST,” ask what that meant. Was it a full adversarial red team? Did the evaluation cover agentic behaviors, prompt injection, or data leakage? A voluntary discussion with a CAISI researcher doesn’t equal a passed audit.
Watch the standards, not the politics. The legislative path is noisy, and the appropriation fight will continue. But NIST’s technical output rarely depends on headline-grabbing funding levels. The agency has a track record of producing influential frameworks—think the Cybersecurity Framework—with modest resources. The same is likely true for AI.
Outlook
The House bill is only a committee vote; it still needs full House passage, Senate action, and the president’s signature. Even then, $20 million is a down payment, not a solution. The deeper question—whether the U.S. ever gives a testing agency the power to say “no” to a model release—remains politically radioactive. For now, the most likely path is the quiet one: CAISI publishes better evaluations, vendors adopt them because customers demand it, and federal procurement slowly tightens the screws. That won’t make headlines, but it’s the kind of infrastructure that actually influences what runs on Windows servers and endpoints.