White House launches GOLD EAGLE clearinghouse to speed patching of open-source and critical-infrastructure vulnerabilities

·

The White House said Tuesday that it has launched GOLD EAGLE, a Treasury-led cybersecurity clearinghouse designed to speed the reporting, validation and patching of software vulnerabilities across open-source projects and U.S. critical-infrastructure companies.

The initiative was announced in a White House press release published July 14 and is framed as the implementation of Executive Order 14409, “Promoting Advanced Artificial Intelligence Innovation and Security,” which President Donald Trump signed June 2. That order directed the Treasury secretary, in consultation with the national cyber director, the Pentagon and the Department of Homeland Security through the Cybersecurity and Infrastructure Security Agency, to establish an AI cybersecurity clearinghouse “in voluntary collaboration with the AI industry and operators of critical infrastructure.”

According to the White House, GOLD EAGLE connects open-source software partners and American critical-infrastructure companies so they can identify and patch vulnerabilities more quickly. The administration said the principal federal participants are the White House, the Treasury Department, DHS through CISA and the Pentagon, which the release refers to as the “Department of War,” a secondary ceremonial title used by the administration under a 2025 executive order; Congress has not changed the Defense Department’s legal name.

The White House said GOLD EAGLE “has already begun to intake and prioritize identified cybersecurity vulnerabilities from across industries and sectors, coordinate scanning verifications” and support remediation. It also said the system will allow partners to “receive and patch cyber vulnerabilities at a speed and scale never seen before.” The release says those agencies worked with industry partners to enable faster exploit detection and prioritized response.

But the public announcement left out many of the details that would determine how the clearinghouse works in practice. The White House did not identify participating companies or open-source projects, publish a technical architecture or explain how data would flow through the system. It also did not describe a public onboarding process, privacy or data-sharing safeguards, or service-level expectations for validating flaws, distributing patches or disclosing vulnerabilities.

That leaves an important gap between the broad policy announcement and the mechanics needed by software maintainers and critical-infrastructure operators that might want to participate. The executive order set a 30-day implementation deadline for the clearinghouse, and the White House publicly announced GOLD EAGLE on July 14. As of Tuesday, the White House announcement appeared to be the first public use of the name GOLD EAGLE; the executive order created the mandate but did not name the program.

Vulnerability coordination is not new. Government and industry already rely on systems including the Common Vulnerabilities and Exposures program and the National Vulnerability Database to publicly track software flaws, while CISA’s Known Exploited Vulnerabilities catalog helps defenders prioritize bugs that are being actively abused. What is new here is a Treasury-led, interagency clearinghouse that the White House says will directly link open-source software partners with critical-infrastructure operators as part of the administration’s AI security agenda. If it operates as described, GOLD EAGLE could give those groups a single federal coordination channel for triaging and patching vulnerabilities faster.

Tags: #cybersecurity, #ai, #open-source, #whitehouse