May 9th 2026

What Will It Cost for the US to Be Ready for the Next Big AI Breakthrough?

Estimating the resources CAISI needs to deliver on American AI readiness
May 9th 2026
By Jonah Weinbaum and Arthur Tellis

Executive summary

The release of Anthropic’s Claude Mythos and OpenAI’s GPT-5.5 marks a significant jump in AI models’ ability to autonomously carry out large-scale cyberattacks. But despite over a year of warning that AI capabilities were approaching this critical threshold, the federal government was largely unprepared. In the days after release, the White House hastily stood up an interagency task force, the Treasury Department and the Federal Reserve pulled bank CEOs into an impromptu meeting, and access across federal agencies remained uneven — the Cybersecurity and Infrastructure Security Agency, which is tasked with defending the country’s critical infrastructure, still didn’t have access to Mythos weeks after release.

AI capabilities will continue to increase in many domains, including biology, automated AI research and development, and robotics. Delivering on American AI readiness means preventing more moments of surprise by improving America’s ability to continuously anticipate, prepare for, and respond to these developments.

Readiness requires state capacity, and the Center for AI Standards and Innovation (CAISI) is well-positioned to provide it. CAISI is the US government’s primary hub for tracking and understanding developments in advanced AI, and is responsible for much of the AI readiness mandate defined in the Trump administration’s AI Action Plan: bringing frontier AI expertise into government, developing AI evaluations and standards, continuously monitoring the AI landscape, and distributing findings to shape international standards.

However, with its current operational budget of only $15 million, CAISI is not resourced to execute on these tasks to the degree that American AI readiness requires.1 We estimate CAISI would need at least $84 million annually to fulfill all AI Action Plan taskings related to AI readiness. This is an exceptional return on investment for US national security — for the cost of a single F-35A joint strike fighter, the US government can gain the capacity to properly anticipate and respond to new national security-relevant developments in perhaps the most strategically important technology of this century.

This funding gap can be closed.

Congress can:

  • Increase direct FY2027 CAISI appropriations; and
  • Create a NIST Foundation via the EPIC Act to fund talent pipelines and industry partnerships.

The Executive can:

  • Reallocate existing NIST funds;
  • Tap Commerce’s Non-Recurring Expenses Fund; and
  • Propose higher funding levels in the FY2028 Presidential Budget Request.

Introduction

AI governance is compromised when lawmakers lack the information necessary to make informed decisions. To craft sound policy that supports innovation without ignoring risk, the US government needs clarity on future model capabilities, what will be required to build them, and what threats they may pose. The US faces the immense challenge of governing a technology whose trajectory, risks, and trade-offs are still coming into view — all without overcorrecting or getting blindsided.

The current federal approach to achieving American AI readiness is laid out in the Trump administration’s AI Action Plan. Released in July 2025, the AI Action Plan presents a strategy to maintain American AI dominance in the service of human flourishing, economic competitiveness, and national security. These aims could require conflicting policy choices, and this may become increasingly true as AI begins to automate labor and replace a large share of human interactions, or if capability-enhancing techniques cut against public safety, or if economic interests diverge from national security priorities.

Steering AI development toward these goals will require sophisticated policy to grapple with trade-offs that need to be evaluated correctly, and soon. Sound governance must consider questions such as: At what capability threshold do open-weight models pose unacceptable biosecurity risks? How far ahead are US frontier labs from Chinese competitors, and what does this mean for export controls? Do foreign AI models contain backdoors that make them unsafe for use in critical infrastructure?

To stand a chance of adequately answering these questions, policymakers need an expert team in government that tracks AI progress and international competition, and provides sound analysis to inform policymaking with the requisite speed and technical sophistication. Right now, this function largely doesn’t exist. There is a significant information asymmetry between industry and government: much knowledge about frontier AI capabilities is kept secret due to competition, and what is publicly known tends to circulate among experts, not the interagency. Briefings to policymakers are infrequent due to a lack of expert capacity; when they do occur, they tend to be high-level and sanitized, and many critical questions (e.g., “Are there exploitable vulnerabilities in AI systems already deployed in government high-side infrastructure?”) go unaddressed because no one is resourced enough to produce the answer.

Filling this gap requires a dedicated team with the mandate, access, and technical skill to produce answers the market won’t. The AI Action Plan assigns this responsibility to the Center for AI Standards and Innovation (CAISI), a center within the National Institute of Standards and Technology (NIST).2 However, merely recognizing the need for CAISI is insufficient to equip it for its mandate to ensure American AI readiness.3 In the sections below, we catalog CAISI’s taskings under the AI Action Plan, estimate the resources required to fulfill them, and propose strategies for Congress and the executive branch to properly resource CAISI to deliver on its mission.

CAISI’s taskings and what they would cost

To estimate the cost for CAISI to deliver AI readiness, we grouped CAISI’s taskings from the AI Action Plan and Commerce Secretary Lutnick’s CAISI announcement into four main workstreams:

  1. Bring frontier AI expertise into government so policymakers can make — and execute on — informed decisions about a technology moving faster than government typically operates.
  2. Develop AI evaluations and standards so policymakers can reliably answer questions such as “Does this model provide meaningful uplift for bioweapons development?” and “Can agencies deploy this system internally, and with what safeguards?”
  3. Continuously monitor the AI landscape and run evaluations to inform policymakers on where the US stands relative to competitors and what’s to come.
  4. Distribute findings, shape international standards, and coordinate with industry to enable American companies to succeed and ensure that American standards become the global default.

As of FY2026, CAISI has approximately $15 million in funding: $10 million from FY2026 appropriations, and an additional $10 million loan from the Technology Modernization Fund (TMF) spread across FY2025–26.4 To produce an estimate of the budget CAISI will need, we translated its taskings into concrete personnel, compute, and programmatic costs under two scenarios:

  • Limited CAISI ($26M annual funding requirement): The minimal version of the center that would still contribute meaningfully to the broader AI Action Plan. A limited CAISI would run basic evaluations, create baseline standards, and give policymakers a clearer view of key AI risks. It would not cover many secondary taskings and would have limited ability to engage with industry and international partners.
  • Equipped CAISI ($84M annual funding requirement): With adequate funding, CAISI could execute on all of its taskings, positioning the US to track, prepare for, and respond to key AI developments.

To estimate the cost of each version, we spoke with members of leading AI evaluation organizations and compared our estimates to staffing levels at peer institutions, such as the UK’s AI Security Institute (UK AISI). To view our full methodology and results, see the Appendix.

Our estimated $84M budget for an equipped CAISI is on par with peer organizations, but still much less on a pound-for-pound basis. If the US were to spend, as a fraction of total government budget, as much as the UK does on its AI evaluation center, it would spend $850 million per year.

How to resource CAISI

Our estimated budget for an equipped CAISI is approximately the flyaway cost of one F-35 fighter jet, a medium-sized DARPA project, a little under one hour of the Department of War’s operating budget, and less than half the budget of just NIST’s Information Technology Laboratory’s (ITL).5

CAISI is the government’s primary strategy for proactively preparing for advanced AI. It cannot fulfill that mandate with the budget of a small pilot project. Below, we identify channels for Congress and the executive branch to provide CAISI with the requisite funding.

Congressional actions

The simplest and most straightforward path would be for Congress to increase CAISI’s direct appropriation. The FY2027 President’s Budget Request (PBR) specifies $27 million for CAISI — an $11 million base plus a $16 million expansion to support rapid testing of frontier AI systems, evaluations of Chinese models and vulnerabilities, and assessments of AI progress in the US and abroad. This request sits within the broader $173 million NIST request for critical and emerging technology measurement and standards, and closely tracks our limited CAISI estimate. This is a meaningful increase, but was prepared before the release of Mythos Preview and GPT-5.5, and does not adequately address the urgency and importance of fully equipping CAISI.

Outside of appropriations, Congress can help to resource CAISI by passing the EPIC Act. Originally introduced in the 118th Congress and reintroduced in the 119th, the EPIC Act would create a NIST Foundation — a nonprofit vehicle that allows industry, philanthropies, and other partners to support NIST sub-components like CAISI in activities they are not well-suited to execute on their own: ambitious public-private partnerships, large-scale talent fellowship programs, and other initiatives that benefit from flexible, non-governmental funding structures. CAISI would still need appropriations to fund its core work, but the NIST Foundation would expand its capacity in a wider range of dimensions. However, as with any bill, passage is uncertain.

If Congress fails to act, the administration has several other options to resource CAISI.

Executive actions

One potential source of funding is NIST’s Scientific and Technical Research and Services (STRS) account — the ~$1.1 billion discretionary pot that funds the core work of NIST’s six labs. Roughly 70% of STRS is flexible, and leadership has considerable discretion in how it’s allocated. A meaningful share of new CAISI funding could come from shifting internal priorities, especially given how much of CAISI’s remit now overlaps with NIST’s Information Technology Lab’s AI portfolio.

If that funding can’t provide complete coverage, Commerce leadership could tap the Department of Commerce’s Non-Recurring Expenses Fund — typically on the order of tens of millions of dollars annually — to support one-time investments or surge capacity for emerging priorities. This fund could help accelerate CAISI’s build-out, provide early runway for new capabilities, or bridge resource gaps until appropriations catch up.

There are also smaller stopgaps available for the remainder of FY2026 and early FY2027, such as having other agencies purchase evaluation work from CAISI under Economy Act authorities, or temporarily expanding staff through Intergovernmental Personnel Act (IPA) assignments and non-reimbursable details from partner agencies. But these are piecemeal solutions and wouldn’t be sufficient for even a limited CAISI.

Further out, the FY2028 PBR remains the most powerful lever the executive has to set expectations for future appropriations. The FY2027 PBR’s $27 million request marks a meaningful step up from CAISI’s $15 million baseline and establishes a trajectory of growing administration investment. The FY2028 PBR is an opportune way to extend that trajectory and fund the full scope of CAISI’s AI Action Plan taskings. Proposing funding for an equipped CAISI (~$84 million) would anchor congressional negotiations and set a baseline commensurate with the Trump administration’s mandate.

Appendix

In the sections below, we estimate the cost of CAISI taskings, including personnel costs for each category, net compute, contracting, and overhead. For those interested in reproducing or analyzing this data, a full summary of each cost and the underlying methodology can be found in a publicly accessible spreadsheet here.

Bring frontier AI expertise into government — $3.5M

Understanding the full spectrum of AI’s technological possibilities requires top technical talent inside the government. Without it, policymakers are blind to what is feasible, what is risky, and what is unknown. To monitor the technological frontier, CAISI must directly hire leading researchers, create pipelines — such as hackathons and targeted programs — to funnel novel ideas into federal decision-making, and actively collaborate with cutting-edge research efforts in areas such as AI interpretability, control, and adversarial robustness.

To attract and retain this talent, CAISI’s scientists and engineers will need compensation at or above the GS-15 level. Our cost model uses a $195.2K salary (all-in cost of ~$350K) as the midpoint per technical FTE.6 To compete with industry, senior researchers and team leads will need to pay above the GS-15 cap, available through NIST ST/SL authorities or Title 5 excepted service.

We estimate that a limited CAISI would lack the capacity to collaborate with DARPA or run AI hackathons; an equipped CAISI could contribute a small team to both.

Develop AI evaluations and standards – $24.6M

Evaluating the risk of AI capabilities requires knowing how to measure those capabilities. Key questions for AI readiness, such as whether open-source models introduce novel national security risks, whether foreign systems contain backdoors, and whether current models are robust to adversarial attacks, will remain hard to answer without evaluations that accurately model real-world outcomes. CAISI’s primary responsibility is to close that gap by developing national-security-relevant evaluation suites and leveraging the government’s data, expertise, and testing environments to give policymakers reliable information on AI risks.

But some uncertainties cannot be resolved solely through evaluations. Knowing how to design secure government data centers or structure incident response requires building shared standards that guide deployment and operations. CAISI is well-positioned to do this, drawing on the best capabilities of both the public and private sectors.

Most of CAISI’s early technical work will focus on building these evaluation suites. Once built, these tests can run for many years before needing major updates, so engineering headcount can be front-loaded. After the first wave of evaluations is complete, staff can be redirected to new priorities (such as running evaluations).

Some of the capacity needed to develop these evaluations may be shared across agencies, reducing the necessary CAISI FTEs. Certain evaluations, such as those requiring chemical, biological, radiological, nuclear, and high-yield explosives (CBRNE) expertise, will likely be developed in partnership with other agencies with relevant expertise, such as DHS or DOE.

Because building evaluations for backdoors and adversarial robustness is an open research problem, staff could scale much further before hitting diminishing returns. We offer conservative staffing estimates because much of this work can be done outside of the government. Similarly, industry already excels at general capability evaluations, so both the limited and equipped CAISI estimates do not dedicate much headcount to that function.7

Continuously monitor the AI landscape and run evaluations — $13.7M

Developing evaluations is only half the job — CAISI must also run them, continuously and at scale. To monitor real-time AI progress, the government must regularly assess all models: open-source, proprietary (with relevant agreements in place), domestic, and foreign. But running evaluations to extract insights demands more than merely executing a benchmark — since model performance increasingly depends on scaffolding, revealing a model’s highest capabilities requires experimentation to find the most effective setups. And results alone may obscure underlying capabilities: evaluators must comb through hundreds of pages of chain-of-thought outputs and analyze solutions to check whether a model brute-forced a solution or failed due to a flawed benchmark question.

To build a fuller picture of AI capabilities, including how AI is deployed abroad, CAISI must also collaborate with agencies such as the Department of Energy (DOE) and the Intelligence Community, and draw on classified and unclassified information to analyze how models are integrated into real systems, how their use is evolving, and what new risks are emerging.

A limited CAISI would have capacity to conduct basic research on foreign AI adoption and international competition and run its core evaluations on new American and foreign models for critical risks like CBRNE applications, cyber vulnerabilities, and CCP propaganda and backdoors. It would have limited capacity to actively inform intelligence collection priorities and minimal engagement with establishing the Artificial Intelligence Information Sharing and Analysis Center (AI-ISAC).8 An equipped CAISI could scale up these teams to run a much more comprehensive suite of evaluations more frequently and actively collaborate with the intelligence community to shape intelligence collection on foreign AI projects, and would have the resources to help establish and analyze threat reports from the AI-ISAC. This expanded scope would also allow it to produce state-of-the-art analysis on international AI competition.

Distribute findings, shape international standards, and coordinate with industry — $10.2M

Evaluations and analyses have limited impact if they remain siloed. To turn insight into effective policy and safer systems, CAISI must connect government, industry, and civil society to exchange findings, improve evaluation practices, and incorporate lessons learned into standards and shared protocols. It must also represent American interests internationally and serve as the primary interface for public-private collaboration on securing and deploying AI systems.

A limited CAISI could make meaningful but constrained progress on external engagement: convening bi-annual meetings, dedicating a small team to represent American interests in international standards bodies, and serving as a point of contact for industry collaborative research. However, it would lack capacity to incorporate AI-specific incident response into industry standards or to proactively protect AI IP from security threats. An equipped CAISI would be resourced to lead AI governance on the world stage and serve as a comprehensive hub for public-private coordination, with teams large enough to ensure American dominance in international AI standards.

Net cost, including compute, contracting, and other staff — up to $84M

In addition to its technical and policy teams, CAISI requires leadership, operations, briefing, and other support staff. We estimate these team sizes based on technical-to-support staff ratios of approximately 6:1 to 10:1, in line with comparable organizations like the UK’s AISI and METR.

Evaluation and standards development also carry significant non-personnel costs. We estimate an additional salary buffer of 10% for other overhead costs. Contracting and grants are then budgeted at 10% of the personnel-plus-overhead base to bring in specialized external expertise without building all capabilities in-house, and compute resources at 8% of the same base.

Jonah Weinbaum is a Technology Fellow at IFP focused on AI policy, def/acc, and leveraging existing state capacity.
Arthur Tellis is a Senior Technology Fellow at the Institute for Progress, where he focuses on cybersecurity policy.

  1. CAISI was appropriated up to $10M for FY2026, with an additional $10M loan from the Technological Modernization Fund, spread over FY2025-2026.

  2. CAISI was initially established as the AI Safety Institute in 2023. Its mandate was updated to be more focused on national security risks and foreign developments by Commerce Secretary Lutnick in June 2025.

  3. Though the AI Action Plan is a “should” and not a “shall.” Recommending agencies take certain actions, but not legally binding.

  4. Technically, the TMF funding predates both the Action Plan and CAISI rebrand, and was designated for a narrower purpose: "developing best practices for efficient risk-management and evaluating AI models to assess their dual-use capabilities and ensure the secure and effective adoption of AI across the federal government." More specifically, to "create evaluation tools, test AI models and safeguards, develop AI best practices, and conduct relevant technical research." Since this work aligns with CAISI's Action Plan taskings, we’re including it in CAISI’s budget baseline.

  5. DOW funding is currently proposed at $831 billion for FY2026. On a per-hour basis, this is approximately $94.7 million/hour; taking our Equipped CAISI estimate of $84 million, this is less than one hour.

  6. $195.2K is GS-15 Step 10 (2025 DC locality). We apply this rate flat across all staff in the broader cost model, which overstates operations and administrative roles and understates senior technical hires. Multiplier (1.8x) to get all-in cost is benchmarked to NIST FY2025 STRS internal-operations-to-salary ratio (1.78×, excluding extramural R&D contracts, grants, and federal/non-federal contracted services), per the FY2025 NIST Congressional Budget Submission

  7. Even so, it’s still useful for CAISI to run and peer-review these evaluations, both to act as an independent evaluator, and to build more precise general capability evaluations that might be more critical to government than to industry.

  8. This AI-ISAC would be run in collaboration with DHS and the Office of the National Cyber Director. Critical infrastructure providers (banks, utilities, etc.) would report AI-enabled attacks and vulnerabilities they encounter, and the ISAC would push the alert out to the rest of the network so others can patch.