Model Radar Tracks 10 Frontier Models as AI Governance Shifts from Guidance to Procurement

The AI Governance Institute launched Model Radar on June 27, a weekly-updated compliance tracker covering 10 frontier AI models across three status tiers. The tool targets enterprise procurement and governance teams who need to assess which models are safe to deploy in regulated environments.

This is not another framework. It is a procurement checklist with a refresh cycle. And it arrives at a moment when the gap between AI governance theory and enforceable practice is closing fast.

The tracker covers 10 frontier models. It assigns each a status tier: compliant, conditional, or non-compliant. The criteria draw on export controls, data residency rules, and vendor risk assessments. The AI Governance Institute publishes the status weekly, which means compliance teams no longer have to track model updates, regulatory changes, and enforcement actions across separate feeds. They get a single source of truth.

The timing is not accidental. The week Model Radar launched, the US government partially reinstated access to Anthropic’s Claude Mythos 5 for roughly 100 approved companies, reversing a June 12 export control suspension. Fable 5 and organizations outside the approved list remain locked out with no published selection criteria or recourse. The action is the first commercial enforcement under a new executive order framework requiring government pre-release review of frontier models.

OpenAI deferred the full public rollout of GPT-5.6 at the request of the US government the same week. OpenAI complied while stating publicly it does not want this to become a permanent standard. The company limited initial access to vetted partners under a June 2026 executive order that grants the government up to 30 days of advance access to covered frontier models.

Government pre-deployment review is now an operational fact in AI vendor release cycles. Model Radar gives procurement teams a way to operationalize that fact.

The broader picture is that AI governance has moved past the guidance phase. The OECD published a working paper on June 26 identifying a structural gap in current regulatory frameworks that treat task-specific agents and fully autonomous agentic systems as equivalent. The OECD calls on policymakers to develop regulation that explicitly distinguishes between autonomy levels in agentic AI deployments. That is a research output. Model Radar is an implementation tool.

Enterprise compliance teams are the audience. They face a patchwork of enacted law, not merely pending regulation. Plural Policy tracked 19 new AI laws enacted across 11 states and the US Congress in a two-week period ending in late June 2026. Washington’s HB 1170 requires large AI providers to disclose modified content. Multiple chatbot transparency mandates target minors. Enterprises operating in multiple states now face overlapping compliance obligations across content disclosure, vendor governance, and child safety programs.

The incident record is catching up with the governance gap. Research published by TELUS Digital found that 86% of organizations have experienced AI-related security incidents, with privacy exploitation and fraud ranking as the top risks. The root cause identified is the application of uniform governance frameworks across AI agents with fundamentally different risk profiles. The findings call for risk-based segmentation that scales controls to agent autonomy levels.

A Sev-1 incident at Meta on March 18, 2026, exposed a structural flaw in AI agent audit design. An internal AI agent exposed sensitive user and company data to unauthorized engineers for approximately two hours. The root cause was twofold: user identity was not propagated to the model at inference time, and the audit layer was embedded inside the calling application rather than positioned as an independent inspection point. The incident produced no regulatory record at the moment of the access decision.

Deloitte Australia produced a client report containing AI-generated misinformation, including fabricated citations and a court quotation that does not exist, resulting in the firm returning $290,000 in fees. The incident exposes two critical control gaps: the absence of hallucination detection checks and the lack of mandatory human verification for AI-generated outputs. The case has become a reference point for enterprise compliance teams building controls around AI-assisted professional services.

These incidents share a pattern. The governance infrastructure did not exist at the point of action. Model Radar attempts to close that gap at the procurement stage, before deployment.

The AI Governance Institute’s tracker is one of several tools arriving in parallel. Anaconda published a practitioner-focused AI governance guide recommending cross-functional governance committees, EU AI Act-aligned risk classification, AI bills of materials, and documented human approval gates for agentic AI actions. Cyberhaven published a structured agentic AI governance framework addressing visibility into agent actions, data-layer access controls independent of agent identity, and audit trails sufficient for regulatory review. Kyndryl launched a suite of Agentic AI Digital Trust Services targeting orchestrator manipulation risks and agent-to-agent trust failures in multi-agent enterprise deployments.

The vendor ecosystem is responding to a market signal: enterprises need operational governance, not principles. Boards are receiving guidance from the National Association of Corporate Directors urging them to refine oversight mechanisms for AI adoption, designate accountable leaders, and integrate data governance as a strategic priority. Diligent published a guide mapping board oversight to the EU AI Act, NIST AI RMF, and OECD AI Principles.

The staffing layer is a separate crisis. The AI Governance Weekly recap for June 26 notes that organizations are hiring for AI oversight roles faster than they are building the underlying control infrastructure those roles require. Model Radar does not solve that problem. But it gives the people in those roles a tool that matches the speed of the market.

What matters for AI builders is this: the procurement decision is becoming a compliance decision. Frontier model releases now carry government pre-review timelines. Enterprise customers are building vendor risk assessments around model status tiers. A model that is compliant today may be non-compliant next week based on a regulatory change or an export control action.

Model Radar tracks 10 models. The list will grow. The weekly update cycle will become the floor, not the ceiling. For enterprise teams, the question is no longer whether to govern AI deployments. It is which tools to use when the governance clock is ticking weekly.