NIST Releases Draft Cyber AI Profile to Guide Secure AI Adoption

USA: NIST Releases Draft Cyber AI Profile to Guide Secure AI Adoption

The National Institute of Standards and Technology (NIST) has issued a preliminary draft of its Cyber AI Profile, a set of guidelines intended to help organizations integrate artificial intelligence (AI) while managing emerging cybersecurity risks. The draft was posted on December 16, 2025, and opens a 45‑day public comment period ending on January 30, 2026.

The effort reflects a year‑long collaboration among NIST cybersecurity and AI experts, during which more than 6,500 individuals joined a community of interest to shape the profile. An initial concept paper was released in February 2025, followed by a workshop in April and a series of stakeholder meetings over the summer.

Three Core Focus Areas

The Cyber AI Profile is organized around three overlapping focus areas: securing AI systems, conducting AI‑enabled cyber defense, and thwarting AI‑enabled cyberattacks. According to Barbara Cuthill, one of the profile’s authors, “the three focus areas reflect the fact that AI is entering organizations’ awareness in different ways, but ultimately every organization will have to deal with all three.”

Securing AI Systems

This segment identifies cybersecurity challenges that arise when integrating AI into existing organizational ecosystems and infrastructure. It offers recommendations for assessing vulnerabilities, implementing safeguards, and aligning AI deployments with the broader NIST Cybersecurity Framework (CSF 2.0).

AI‑Enabled Cyber Defense

Here, the profile outlines opportunities to leverage AI for enhancing defensive operations, such as threat detection and incident response, while also highlighting the technical and ethical considerations of relying on AI‑driven tools.

Thwarting AI‑Enabled Cyberattacks

The final focus area concentrates on building resilience against novel threats that exploit AI capabilities. It provides guidance for anticipating adversarial AI techniques and strengthening protective measures accordingly.

Stakeholders are invited to submit comments via an online form or by emailing cyberaiprofile@nist.gov before the January 30 deadline. NIST also plans a workshop on January 14, 2026, to discuss the draft and will release registration details later in the month.

Following the comment period, NIST aims to produce an initial public draft for release in 2026. The finalized profile is expected to map key actions to the CSF, reference additional NIST resources—including the AI Risk Management Framework—and help organizations confidently incorporate AI into their cybersecurity strategies.

“The Cyber AI Profile is all about enabling organizations to gain confidence on their AI journey,” Cuthill said. “We hope it will help them feel equipped to have conversations about how their cybersecurity environment will change with AI and to augment what they are already doing with their cybersecurity programs.”

This report is based on information from NIST, licensed under Public Domain (U.S. Government Work). Source: Official U.S. Government release.