NIST: Draft Cybersecurity Framework for AI

government

NIST·nist.gov/news-events/news/2025/12/draft-nist-guidelines-r...

Credibility Rating

5/5

Gold(5)

Gold standard. Rigorous peer review, high editorial standards, and strong institutional reputation.

Rating inherited from publication venue: NIST

This NIST draft framework is a key regulatory reference for AI security standards in the US; relevant to AI governance researchers and practitioners navigating compliance requirements for safe AI deployment.

Metadata

Importance: 62/100guidance documentreference

Summary

NIST has released a preliminary draft Cybersecurity Framework Profile specifically tailored for AI systems, addressing three core challenges: securing AI systems from attack, leveraging AI to enhance cyber defense, and defending against AI-enabled cyberattacks. The framework extends NIST's existing Cybersecurity Framework into the AI domain, providing structured guidance for organizations integrating AI into their security posture. It represents a significant government-led effort to standardize AI security practices across industries.

Key Points

•Extends the existing NIST Cybersecurity Framework to address AI-specific threats and opportunities, providing a structured profile organizations can adopt.
•Covers three domains: protecting AI systems themselves, using AI to strengthen cyber defenses, and countering adversarial use of AI by threat actors.
•Released as a preliminary draft, inviting public comment to refine guidelines before finalization — reflecting iterative policy development.
•Provides practical guidance for organizations adopting AI, helping bridge the gap between AI deployment and security compliance requirements.
•Relevant to AI safety governance as it establishes baseline security norms that could influence how AI systems are developed and deployed responsibly.

Review

The NIST Cyber AI Profile represents a critical effort to address the complex cybersecurity challenges emerging from rapid AI advancement. By providing a structured framework, NIST aims to help organizations navigate the intersection of AI technologies and cybersecurity, offering guidance on how to integrate AI responsibly while mitigating potential risks. The profile is distinguished by its comprehensive approach, covering three interconnected focus areas: securing AI systems, leveraging AI for defensive operations, and protecting against AI-enabled threats. Developed through extensive community engagement, with over 6,500 individuals contributing, the draft represents a collaborative approach to understanding and managing AI-related cybersecurity challenges. The framework is designed to be adaptable, recognizing that organizations are at different stages of AI adoption, and aims to provide practical, actionable insights that can be integrated into existing cybersecurity strategies.

Cited by 1 page

Page	Type	Quality
AI Evaluation	Approach	72.0

Cached Content Preview

HTTP 200Fetched Apr 7, 20266 KB

Draft NIST Guidelines Rethink Cybersecurity for the AI Era | NIST 
 
 
 
 

 

 
 
 
 Skip to main content
 
 

 
 
 
 
 
 
 
 
 
 
 
 
 Official websites use .gov 
 

 A .gov website belongs to an official government organization in the United States.
 

 
 
 
 
 
 
 Secure .gov websites use HTTPS 
 

 A lock ( 
 
 Lock 
 A locked padlock 
 
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
 

 
 
 
 
 
 
 

 
 
 
 
 https://www.nist.gov/news-events/news/2025/12/draft-nist-guidelines-rethink-cybersecurity-ai-era

 
 

 

 
 
 
 
 

 

 

 
 
 
 

 
 

 

 
 
 
 
 
 
 
 
 NEWS 
 

 
 

 
 
 
 Draft NIST Guidelines Rethink Cybersecurity for the AI Era

 
 

 
 
 
 December 16, 2025 
 

 
 

 
 
 
 
 
 Share

 
 
 
 
 Facebook 
 
 
 
 
 Linkedin 
 
 
 
 
 X.com 
 
 
 
 
 Email 
 
 
 
 
 
 

 
 

 
 
 
 
 

 
 
 
 
 
 
 
 
 
 AI presents new opportunities and challenges for an organization’s cybersecurity program.

 New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.

 The guidelines focus on ways organizations can secure their AI systems, defend against cyberattacks by using AI to enhance cybersecurity operations, and proactively thwart AI threats.

 

 
 

 
 
 
 
 
 
 
 

 
 
 
 The Cyber AI Profile centers on three overlapping focus areas: securing AI systems, conducting AI-enabled cyber defense, and thwarting AI-enabled cyberattacks.

 
 
 Credit: 
 
 N. Hanacek/NIST

 
 
 

 
 
 
 Artificial intelligence (AI) is impacting many organizations’ activities, and cybersecurity is no exception. For anyone interested in the opportunities and risks at the intersection of cybersecurity and AI, the National Institute of Standards and Technology (NIST) has released a preliminary draft of its Cyber AI Profile.

 The publication, whose full title is the Cybersecurity Framework Profile for Artificial Intelligence ( NISTIR 8596 ), offers guidelines for using the NIST Cybersecurity Framework ( CSF 2.0 ) to accelerate the secure adoption of AI. The profile helps organizations think about how to strategically adopt AI while addressing emerging cybersecurity risks that stem from AI’s rapid advance.

 “Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI’s advancement,” said Barbara Cuthill, one of the profile’s authors.

 The draft resulted from a yearlong effort on the part of NIST cybersecurity and AI experts. Over that time, more than 6,500 individuals have joined the community of interest to contribute to NIST’s development of the profile. After releasing an initial concept paper in February 2025, conducting a workshop the following April, and hosting a series of community of interest meetings in the summer, NIST is now releasing the preliminary draft of the profile for a 45-day public comment period.

 The Cyber AI Profile cent

... (truncated, 6 KB total)

Resource ID: 579ec2c3e039a7a6 | Stable ID: sid_KX5KnQbqvO