NIST Develops Cyber AI Profile to Address AI Security Risks
The standards body is creating new guidance for organizations managing cybersecurity threats from artificial intelligence systems and AI-powered defense tools.

The National Institute of Standards and Technology is expanding its influential Cybersecurity Framework to address the security challenges posed by artificial intelligence, launching a new "Cyber AI Profile" that aims to guide organizations through the risks of both deploying AI systems and using AI for cybersecurity defense.
The initiative comes as AI capabilities advance rapidly, with recent models demonstrating the ability to identify software vulnerabilities and generate exploits faster than human researchers. According to Federal News Network, NIST's National Cybersecurity Center of Excellence now operates six distinct projects focused on the intersection of AI and cybersecurity.
Why it matters
Organizations face a dual challenge: securing AI systems from attack while leveraging AI tools for defense. Without consistent guidance, enterprises risk implementing AI without adequate security controls or missing opportunities to strengthen their cybersecurity posture. The Cyber AI Profile aims to provide that missing framework, particularly benefiting smaller organizations that lack dedicated AI security expertise.
Three focus areas for AI security
The Cyber AI Profile addresses cybersecurity risks across three domains: AI system development, AI deployment in production environments, and the use of AI tools for cybersecurity operations. NIST is building this guidance on top of its existing Cybersecurity Framework version 2.0, which has become the primary reference for federal, state, and local government cybersecurity programs.
Cherilyn Pascoe, director of the National Cybersecurity Center of Excellence, told Federal News Network that AI is becoming foundational to cybersecurity work. "I think AI is going to be part, if not a leading part, of every project going forward at the center," Pascoe said.
Industry feedback shapes development
At a recent NIST workshop, participants emphasized several priorities for the emerging framework. Organizations requested flexible guidance that won't become obsolete as AI technology evolves, along with practical use cases spanning different sectors including operational technology environments.
Workshop attendees highlighted the need for consistent AI terminology to enable clear communication across industries. They also stressed that human oversight remains critical even as AI adoption accelerates, with human-in-the-loop processes and training continuing to play essential roles.
Testing and evaluation emerged as a common challenge. Organizations struggle to assess AI system performance, with participants calling for standardized metrics, certifications, and benchmarking approaches.
Agentic AI requires special attention
Participants noted that agentic AI systems—those capable of autonomous decision-making and action—may require distinct security considerations beyond traditional AI applications. The profile will need to address how these more autonomous systems change the risk landscape.
NIST plans to release additional drafts with opportunities for public comment throughout the development process. The agency encourages participation from government and private sector organizations working to address AI security challenges.
These details were first reported by Government Technology's Lohrmann on Cybersecurity blog and Federal News Network.
This is an original analysis by the Omega editorial team. Source reporting: AI Watch.
Want systems like this working for your business?
Book a Call

