JD Supra: AI Risk Meets Cyber Governance - NIST's Cybersecurity Framework Profile

web

jdsupra.com·jdsupra.com/legalnews/ai-risk-meets-cyber-governance-nist...

Relevant for practitioners and policy watchers tracking how regulatory bodies like NIST are extending existing cybersecurity frameworks to cover AI-specific risks, particularly for enterprise compliance and AI deployment governance.

Metadata

Importance: 42/100news articleanalysis

Summary

This article examines NIST's Cybersecurity Framework (CSF) Profile for Generative AI, which integrates AI-specific risks into existing cybersecurity governance structures. It explores how organizations can align their AI risk management practices with established cybersecurity frameworks to address unique threats posed by generative AI systems. The piece highlights practical implications for legal and compliance professionals navigating the intersection of AI governance and cybersecurity.

Key Points

•NIST released a Cybersecurity Framework Profile specifically tailored to address risks from generative AI systems within existing cyber governance structures.
•The profile bridges the gap between AI risk management (as in NIST AI RMF) and cybersecurity frameworks, helping organizations manage both simultaneously.
•Key AI-specific risks addressed include data poisoning, prompt injection, model theft, and AI-enabled cyberattacks.
•Organizations are encouraged to integrate AI governance into existing cybersecurity programs rather than treating AI risk as a completely separate domain.
•The framework has practical compliance implications for legal teams advising on enterprise AI deployment and cyber risk management.

Cited by 1 page

Page	Type	Quality
NIST and AI Safety	Organization	63.0

Cached Content Preview

HTTP 200Fetched Apr 9, 202614 KB

-->
 AI Risk Meets Cyber Governance: NIST’s Draft Cyber AI Profile | Goodwin - JDSupra 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


 


 


 
 




 

 
 
 
 


 
 

 

 
 
 
 
 
 

 
 

 
 
 
 
 
 
 













 

 
 
 


 
 
 

 
 
 January 29, 2026 
 
 
 
 
 
 AI Risk Meets Cyber Governance: NIST’s Draft Cyber AI Profile

 
 
 
 
 
 
 Corey Berman , Kaitlin Betancourt , Peter Marta , L. Judson Welle 

 Goodwin 

 
 + Follow 
 x Following 
 x Following 
 - Unfollow 
 Contact 
 
 
 
 
 
 
 
 

 
 
 LinkedIn
 
 

 
 
 Facebook
 
 

 
 
 X
 
 

 
 Send 
 
 
 Embed 
 
 
 
 
 
 
 To embed, copy and paste the code into your website or blog: 
 
 
 
 
 
 

 
 
 

 

 
 
 

 
 
 
 
 
 
 
 
 

 On December 16, 2025, the National Institute of Standards and Technology (&ldquo;NIST&rdquo;), a non-regulatory federal agency within the U.S. Department of Commerce that promotes innovation through technical standards setting, released a preliminary draft of its forthcoming Cyber AI Profile. The Cyber AI Profile aims to help organizations bolster artificial intelligence (&ldquo;AI&rdquo;) governance leveraging NIST&rsquo;s Cybersecurity Framework 2.0 (the &ldquo;CSF&rdquo;) as a guide to the cybersecurity of AI systems and the use of AI to support cybersecurity. Like the CSF, the Cyber AI Profile is voluntary for most organizations; however, organizations that align their risk management practices to these resources tend to be viewed by customers, investors, and regulators as more secure, resilient, and responsible.

 The Cyber AI Profile identifies three overarching AI focus areas, or themes, related to organizational AI governance:

 
 Securing AI System Components (&ldquo;Secure&rdquo;): Companies are encouraged to supplement existing risk management approaches to account for the new challenges posed by integration of AI systems, including AI supply chains, infrastructure, and other dependencies.

 Conducting AI-Enabled Cyber Defense (&ldquo;Defend&rdquo;): Companies should work to leverage AI to strengthen cybersecurity defenses, whether by using AI to manage an increased volume of threat intelligence, integrating agentic AI to automate collaborative incident response tasks, or increasing efficiencies across IT operations and help desks.

 Thwarting AI-Enabled Cyber Attacks (&ldquo;Thwart&rdquo;): Companies must prepare for how adversarial use of AI increases threat actor sophistication, expands potential attack surfaces, and introduces new risks, including deepfake attacks targeting organization personnel, generative AI-enabled fraud, and autonomous agent-driven vulnerability exploitation.

 

 Rather than prescribing particular requirements, the Cyber AI Profile consists of recommended considerations for implementing AI governance within the

... (truncated, 14 KB total)

Resource ID: 9634280008b32542 | Stable ID: sid_PNjMTfMFIk