The National Institute of Standards and Technology (NIST) has released a preliminary draft of its “Cyber AI Profile,” a set of guidelines designed to help organizations rethink cybersecurity strategies as artificial intelligence becomes deeply embedded in their operations. Formally titled the Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), the document shows how to use the updated NIST Cybersecurity Framework (CSF 2.0) to adopt AI securely while addressing emerging risks such as AI-driven attacks, model vulnerabilities and changing threat surfaces. Developed in collaboration with a 6,500-person community of interest over the past year, the draft is now open for 45 days of public comment as NIST refines the profile ahead of a fuller release in 2026.
The Cyber AI Profile organizes its guidance around three focus areas: securing AI system components (“Secure”), using AI to strengthen cyber defense (“Defend”) and thwarting adversaries who use AI to enhance or scale their attacks (“Thwart”). NIST positions the profile as a practical companion to existing resources such as the AI Risk Management Framework, helping organizations map AI-specific concerns onto familiar CSF activities and prioritize actions like risk assessment, monitoring, governance and supply chain security. Once finalized, the profile is intended to give leaders a common language and roadmap for integrating AI into their cybersecurity programs with greater confidence—supporting more informed conversations about how AI will change their environments and what safeguards are needed as adoption accelerates.
Read the entire article here.