NEWS

Draft NIST Guidelines Rethink Cybersecurity for the AI Era

December 16, 2025

Share

Facebook Linkedin X.com Email
- AI presents new opportunities and challenges for an organization’s cybersecurity program.
- New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.
- The guidelines focus on ways organizations can secure their AI systems, defend against cyberattacks by using AI to enhance cybersecurity operations, and proactively thwart AI threats.

The Cyber AI Profile centers on three overlapping focus areas: securing AI systems, conducting AI-enabled cyber defense, and thwarting AI-enabled cyberattacks.

Credit: N. Hanacek/NIST

Artificial intelligence (AI) is impacting many organizations’ activities, and cybersecurity is no exception. For anyone interested in the opportunities and risks at the intersection of cybersecurity and AI, the National Institute of Standards and Technology (NIST) has released a preliminary draft of its Cyber AI Profile.

The publication, whose full title is the Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), offers guidelines for using the NIST Cybersecurity Framework (CSF 2.0) to accelerate the secure adoption of AI. The profile helps organizations think about how to strategically adopt AI while addressing emerging cybersecurity risks that stem from AI’s rapid advance.

“Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI’s advancement,” said Barbara Cuthill, one of the profile’s authors.

The draft resulted from a yearlong effort on the part of NIST cybersecurity and AI experts. Over that time, more than 6,500 individuals have joined the community of interest to contribute to NIST’s development of the profile. After releasing an initial concept paper in February 2025, conducting a workshop the following April, and hosting a series of community of interest meetings in the summer, NIST is now releasing the preliminary draft of the profile for a 45-day public comment period.

The Cyber AI Profile centers on three focus areas:

• Securing AI systems: identifying cybersecurity challenges when integrating AI into organizational ecosystems and infrastructure
• Conducting AI-enabled cyber defense: identifying opportunities to use AI to enhance cybersecurity, and understanding challenges when leveraging AI to support defensive operations
• Thwarting AI-enabled cyberattacks: building resilience to protect against new AI-enabled threats “The three focus areas reflect the fact that AI is entering organizations’ awareness in different ways,” Cuthill said. “But ultimately every organization will have to deal with all three.”

The Cyber AI Profile can help organizations use the CSF to crystallize their cybersecurity goals with respect to AI and CSF 2.0. The profile offers insights to help organizations understand, examine and address the cybersecurity concerns related to AI and thoughtfully integrate AI into their cybersecurity strategies.

NIST uses the term “community profile” to describe the application of CSF 2.0 to address shared interests and goals among organizations. The Cyber AI Profile joins other community profiles that NIST has created for the manufacturing, financial and telecommunications communities, among others.

The preliminary draft release is intended to seek feedback from the public to inform an initial public draft, which Cuthill says will further refine the profile and include mapping of additional relevant resources to the CSF. Following the 45-day comment period, NIST plans to develop the initial public draft for release in 2026.

When finalized, the profile will help organizations incorporate AI into their cybersecurity planning by suggesting key actions to prioritize, highlighting special considerations from specific parts of the CSF when considering AI, and providing mappings to other NIST resources, including the AI Risk Management Framework.

Cuthill said the authors hope to continue developing the profile as a tool that will prove useful to the community.

“The Cyber AI Profile is all about enabling organizations to gain confidence on their AI journey,” she said. “We hope it will help them feel equipped to have conversations about how their cybersecurity environment will change with AI and to augment what they are already doing with their cybersecurity programs.”

Comments on the profile can be submitted by completing a comment form and emailing it to cyberaiprofile [at] nist.gov (cyberaiprofile[at]nist[dot]gov) before the Jan. 30, 2026, due date. NIST is also planning a workshop for Jan. 14, 2026, to discuss the preliminary draft profile and will post the link for registration later this month.

Artificial intelligence, Applied AI, Information technology, Cybersecurity and privacy, Privacy engineering and Risk management

Media Contact

• Chad Boutin [email protected] (301) 975-4261

NIST in your inbox

Stay up to date with the latest news from NIST. Enter Email Address

Learn More

Cybersecurity Framework AI Risk Management Framework

Organizations

• NIST Headquarters
• - Laboratory Programs
  • - Information Technology Laboratory
  • - Applied Cybersecurity Division
    • - Cybersecurity and Privacy Applications Group

Released December 16, 2025, Updated December 17, 2025