This article is the second installment in our series on the White House’s AI Action Plan and America’s Evolving AI Posture (the Plan). Read the introduction to our series here and Part One on what the plan means for domestic AI governance. Here in Part Two, we turn to the Plan’s national security and export control dimensions, where the stakes are high and the trade-offs are especially sharp.

The White House’s AI Action Plan^[1] (the Plan) casts AI leadership as a global race for technological dominance, market share, and the ability to shape the rules and standards that will govern AI worldwide in the future. At the heart of the race lies an implicit tension: Yes, exporting AI technology expands US influence and provides capital to fuel further innovation investment. But each export presents an opportunity for exploitation by adversaries intent on accessing the US’s superior technology and displacing it in the future. AI is inherently a dual-use technology. It drives remarkable commercial innovation while also enabling critical national security capabilities, including offensive and defensive cyber operations, advanced command and control systems, and engineering and development of weapons of mass destruction.

US AI export policy has grappled with this paradox for the past decade. Restricting key technology exports can safeguard sensitive capabilities, deny access to adversaries, and buy time; but too much restriction risks pushing markets toward rival ecosystems, denying capital to fuel innovation, and eroding long-term US AI leadership. The Biden administration leaned toward regulatory restrictions, emphasizing technology security and capability denial. The Trump administration, by contrast, is pursuing an America First-based strategy^[2] that emphasizes “running faster” to export “full-stack” US AI technology, as reflected in the Plan and an accompanying July 23, 2025, executive order on Promoting the Export of the American Technology Stack (the AI Export EO).^[3] At the same time, the Plan and the AI Export EO underscore that protecting AI technology from adversary exploitation remains a critical priority, with continued focus on technology security and access controls, and increased focus on export control enforcement ahead.

This article explores the Plan’s most significant themes on national security and export controls and how they reflect this ongoing tension.

Control Creativity

Some viewed the Trump administration’s recission of the Biden-era AI Diffusion Rule earlier this year^[4] as a loosening of export restrictions. The reality is more complex. While the administration has struck deals such as allowing NVIDIA and AMD to sell H20 chips to China in exchange for 15% of revenue,^[5] the Plan also outlines several measures that would expand controls:

• Sub-System Controls: The Plan proposes expanding export control restrictions beyond major semiconductor manufacturing systems to include key components that are less visible but vital to scaling AI.
• Geo-Tracking: The Plan contemplates embedding location verification and telemetry features into AI technology, enabling regulators to track where sensitive technologies actually operate. This move comes in the wake of mounting concerns and reporting around large-scale chip smuggling.^[6]
• Broader Enforcement Through Intelligence Community Engagement: The Plan directs the Department of Commerce (DOC) to engage the US Intelligence community to monitor end-use compliance in countries with heightened diversion risk of US AI technology, acknowledging that DOC does not have sufficient in-country resources globally.
• Global Alignment: Recognizing that unilateral controls are porous, the Trump administration looks to engage allies in its export control agenda. The Plan warns that the administration will apply tools such as the Foreign Direct Product Rule and secondary tariffs if partners and allies fail to align with US controls.

These measures indicate that the administration is not retreating from security, compliance, and capability denial equities, but rather is seeking to integrate them into its approach to winning what it understands to be a global race for AI leadership.

“Full Stack” Emphasis

A defining feature of the Plan is consideration of the full AI technology stack as opposed to a narrow focus on chips. In July 2025 remarks, Office of Science and Technology director Michael Kratsios pointed to lessons from the “rip-and-replace” telecommunications initiative, noting that it is far easier to promote US technology abroad when it is packaged as a turnkey solution.^[7] The Plan acknowledges the reality that international buyers are more likely to adopt US AI technology if they can purchase an integrated package rather than negotiating with separate vendors.

To this end, the AI Export EO directs the Secretary of Commerce to solicit industry-led, full-stack export packages including:

• AI-optimized computer hardware (e.g., chips, servers, and accelerators), data center storage, cloud services, and networking, as well as a description of whether and to what extent such items are manufactured in the United States
• Data pipelines and labeling systems
• AI models and systems
• Measures to ensure the security and cybersecurity of AI models and system
• AI applications for specific-use cases (e.g., software engineering, education, healthcare, agriculture, or transportation)

By promoting full-stack packages, the US aims to strengthen its position in global AI, seeking both economic gains and national security advantages.

Cybersecurity Trifecta

The Plan places heavy emphasis on cybersecurity, highlighting three dimensions:

1. AI as a Threat Vector: Bad actors can use AI to automate cyberattacks, generate sophisticated disinformation, or accelerate weapons development.
2. AI as a Defensive Tool: AI can help detect intrusions, spot anomalies, and strengthen resilience at machine speed.
3. Cybersecurity to Protect AI Itself: Securing AI requires more than physically locking down GPUs or data centers. Organizations need continuous monitoring, least-privilege access, strong identity and key management, model and data lineage controls, anomaly detection, and active threat-hunting to ensure adversaries cannot access, repurpose, or exfiltrate data and models from systems. Notably, the AI Export EO requires export proposals to include planned AI model and system security measures.^[8]

To mitigate these risks, the Plan calls for “secure by design” standards. Systems and infrastructure must be designed with security integrated across the entire AI stack, not added as an afterthought. This includes hardened firmware, encrypted communications, comprehensive audit logging, runtime integrity monitoring, automated patch management, traceable hardware, and verified supply chain and data pipeline integrity. Exported AI systems are expected to meet baseline cybersecurity requirements, with federal procurements reinforcing those same standards. By integrating security into every layer of design, infrastructure, and operations, the goal is to seamlessly secure US full-stack AI systems against adversary access, exploitation, or exfiltration from Day One.

Conclusion: A New Balance

The Plan and AI Export EO reflect a US decision to pursue a more forward-leaning strategy to address the tension between technology protection and export promotion. But this shift does not indicate that security and export controls are no longer essential elements of US AI strategy and policy expectations. The technical specifications for compliance and security will adjust somewhat, but the underlying expectation that consumers of US sensitive technologies will be trusted partners for US policy objectives (and not vectors for adversary exploitation) remains pervasive. Indeed, precisely because the Plan and AI Export EO contemplate substantial increases in the volume and number of US full stack AI exports, security by design to address cybersecurity, unauthorized access, and export control risks will become a more salient consideration for global consumers of US AI technology.

For businesses, universities, organizations, and investors engaged in the AI ecosystem, the message is clear: The US intends to increase global availability of US AI full stack technology, but successful implementation must incorporate “security by design” principles and meet US expectations for policy trustworthiness.

How A&M Can Help

The A&M National Security, Trade, and Technology (NSTT) team helps clients navigate the dynamic AI technology security and export controls landscape with confidence. We have a proven track record helping global clients achieve success implementing trusted, operationally successful, “secure-by-design” high-performance computing (HPC) systems pursuant to US government-issued export authorizations. Our services integrate (among others):

• AI and critical technology export controls compliance assessments, investigations, and risk mitigation program design, enhancement, and implementation
• Physical security safeguards, such as tamper-evident casings, end-to-end custody tracking protocols, low-impact visibility controls, and facility access controls
• Logical access and use controls for advanced AI Models and HPC systems
• Diligence reviews and screening for prohibited end uses, end users (particularly affiliation with US-embargoed countries or Restricted Party List (RPL) persons and broader Know Your Customer/Know Your Supplier diligence and integrity controls
• Insider threat, social engineering, and malicious agent risk mitigation
• Robust information security controls and architecture, including verified compliance with security standards such as National Institute of Standards and Technology (NIST), the Cybersecurity Maturity Model Certification (CMMC), and FedRAMP.
• AI-specific security operations and continuous monitoring, including model access anomaly detection, training data integrity verification, adversarial attack prevention, model exfiltration monitoring, compute resource hijacking detection, and specialized threat hunting for ML/AI infrastructure with real-time alerting and incident response capabilities
• Project design, integration and management, use case and technology analysis, infrastructure and equipment design, budgetary and procurement planning and execution, stakeholder communications and coordination, and risk management services

We help clients remain forward-leaning on global growth while mitigating key risks—expanding responsibly and safeguarding their technology and trusted alignment with US policy objectives.