Policy

NIST Develops Cyber AI Profile to Address AI Security Risks

The standards body is creating new guidance for organizations managing cybersecurity threats from artificial intelligence systems and AI-powered defense tools.

Omega Editorial· July 5, 2026· 3 min read

The National Institute of Standards and Technology is expanding its influential Cybersecurity Framework to address the security challenges posed by artificial intelligence, launching a new "Cyber AI Profile" that aims to guide organizations through the risks of both deploying AI systems and using AI for cybersecurity defense.

The initiative comes as AI capabilities advance rapidly, with recent models demonstrating the ability to identify software vulnerabilities and generate exploits faster than human researchers. According to Federal News Network, NIST's National Cybersecurity Center of Excellence now operates six distinct projects focused on the intersection of AI and cybersecurity.

Why it matters

Organizations face a dual challenge: securing AI systems from attack while leveraging AI tools for defense. Without consistent guidance, enterprises risk implementing AI without adequate security controls or missing opportunities to strengthen their cybersecurity posture. The Cyber AI Profile aims to provide that missing framework, particularly benefiting smaller organizations that lack dedicated AI security expertise.

Three focus areas for AI security

The Cyber AI Profile addresses cybersecurity risks across three domains: AI system development, AI deployment in production environments, and the use of AI tools for cybersecurity operations. NIST is building this guidance on top of its existing Cybersecurity Framework version 2.0, which has become the primary reference for federal, state, and local government cybersecurity programs.

Cherilyn Pascoe, director of the National Cybersecurity Center of Excellence, told Federal News Network that AI is becoming foundational to cybersecurity work. "I think AI is going to be part, if not a leading part, of every project going forward at the center," Pascoe said.

Industry feedback shapes development

At a recent NIST workshop, participants emphasized several priorities for the emerging framework. Organizations requested flexible guidance that won't become obsolete as AI technology evolves, along with practical use cases spanning different sectors including operational technology environments.

Workshop attendees highlighted the need for consistent AI terminology to enable clear communication across industries. They also stressed that human oversight remains critical even as AI adoption accelerates, with human-in-the-loop processes and training continuing to play essential roles.

Testing and evaluation emerged as a common challenge. Organizations struggle to assess AI system performance, with participants calling for standardized metrics, certifications, and benchmarking approaches.

Agentic AI requires special attention

Participants noted that agentic AI systems—those capable of autonomous decision-making and action—may require distinct security considerations beyond traditional AI applications. The profile will need to address how these more autonomous systems change the risk landscape.

NIST plans to release additional drafts with opportunities for public comment throughout the development process. The agency encourages participation from government and private sector organizations working to address AI security challenges.

These details were first reported by Government Technology's Lohrmann on Cybersecurity blog and Federal News Network.

#nist#ai security#cybersecurity framework#agentic ai#risk management#government technology

This is an original analysis by the Omega editorial team. Source reporting: AI Watch.

Want systems like this working for your business?

Book a Call

More in Policy

Policy· 3 min read

Australian Health Officials Flag Privacy Risks in AI Medical Scribes

Federal regulators examine oversight gaps as doctor adoption of AI transcription tools surges to 40% amid consent and data security concerns.

Via AI Watch · Jul 5, 2026
Policy· 3 min read

Texas Governor Calls for Ban on AI Data Centers in Rural Areas

Greg Abbott's reversal marks a sharp departure from his earlier push to make Texas the global AI infrastructure hub.

Via AI Watch · Jul 4, 2026
Policy· 3 min read

OpenAI Exposes Chinese Influence Campaign Targeting U.S. AI Policy

Beijing-linked actors used generative models to spread anti-data-center narratives as China closes the technical gap in artificial intelligence.

Via AI Watch · Jul 4, 2026