Gottheimer and Moolenaar introduce bill directing NSA to build AI security playbook

A bipartisan group of US lawmakers wants the National Security Agency to write the rulebook on protecting America’s AI infrastructure from foreign adversaries. The Advanced AI Security Readiness Act, introduced as H.R. 3919, would direct the NSA’s Artificial Intelligence Security Center to create what legislators are calling an “AI Security Playbook.”

Representatives Josh Gottheimer (D-NJ), John Moolenaar (R-MI), Darin LaHood (R-IL), and Raja Krishnamoorthi (D-IL) introduced the bill on June 11, 2025.

What the bill actually does

The core mandate is straightforward. The NSA’s AI Security Center would be required to produce a comprehensive playbook identifying vulnerabilities within advanced AI data centers and among leading AI developers. The playbook would also outline methods to detect, prevent, and respond to technology theft, with a particular eye toward foreign adversaries.

The bill sets specific timelines. An initial report would be due within 90 days of the act being signed into law, with a final report due within 270 days.

One notable design choice: the legislation requires the NSA to deliver both classified and unclassified versions of the playbook. The unclassified version would include accessible materials specifically designed for industry experts.

The bill also emphasizes engagement with private-sector AI developers throughout the process, envisioning a collaborative approach where the companies actually building and operating these systems contribute to the playbook’s development.

The broader context of AI security legislation

The bill’s sponsors represent a cross-section of congressional national security hawks. Moolenaar chairs the House Select Committee on the Chinese Communist Party, while LaHood and Krishnamoorthi have both been vocal about technology competition with China.

A companion bill was introduced in the Senate on November 19, 2025, by Senators Todd Young and Mark Kelly. Young, a Republican from Indiana, and Kelly, a Democrat from Arizona, mirror the bipartisan pairing in the House.

The Advanced AI Security Readiness Act grants no new enforcement powers or regulatory authority. It focuses entirely on guidance and best practices, with no compliance requirements or penalties.

What this means for the AI and cloud industry

For cloud companies and AI developers, the bill’s most immediate implication is that the NSA will seek collaboration on the playbook. Companies like Amazon Web Services, Microsoft Azure, and Google Cloud, which host significant AI workloads, would likely be central to this consultation process.

As of mid-2025, the bill remains in the introduced stage with no reported committee action.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.