The Trump administration on Tuesday unveiled Gold Eagle, a newly operational federal clearinghouse designed to let government and industry use artificial intelligence to rapidly find, prioritize and patch cybersecurity vulnerabilities at scale. The initiative is based within the Treasury Department, with backing from the Pentagon, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.

National Cyber Director Sean Cairncross told reporters the program enables “unprecedented” coordination between AI-discovered vulnerabilities and patch deployment, at speed and scale not previously achieved. The effort stems from a White House executive order issued last month directing federal agencies to use AI for vulnerability discovery and remediation across software and networks.

According to a senior White House official, the clearinghouse’s core function is to eliminate duplicated effort. It will “deconflict” scanning activity so multiple parties are not independently searching for or fixing the same flaws, validate discovered vulnerabilities, and route them to a joint team of government and industry engineers for triage and prioritization before remediation.

How it works

Gold Eagle is currently ingesting and validating vulnerability data, the official said, while administrators build out a distribution system intended to share findings with stakeholders without exposing that information to leaks. Closed-source AI models, including Anthropic’s Mythos, are among the tools being used to hunt for flaws. Notably, the administration had ordered Anthropic to take its Claude Fable 5 and Mythos models offline last month over security concerns, before reversing course weeks later.

Carnegie Mellon University’s Software Engineering Institute supported the government in building the platform that serves as the clearinghouse’s intake mechanism, per Cairncross. The effort also includes a coordination hub Cairncross referred to as the Vulnerability Information and Coordination Environment (VINTS), which handles secure processing, validation, prioritization and disclosure of vulnerabilities to support patching of software underlying essential services.

Legal foundation at risk

Officials emphasized that Gold Eagle’s legal authority derives from the CISA 2015 Act, which is set to expire in September. The senior official urged Congress to reauthorize the law, warning that without it the entire initiative would be “fundamentally challenged.”

The announcement signals a significant expansion of AI’s role in federal vulnerability management, but leaves open questions about oversight, information-sharing safeguards, and the program’s continuity absent congressional action.