NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

NIST Publishes Preliminary Draft of Cybersecurity Framework Profile for Artificial Intelligence for Public Comment

Briefly

"On December 16, 2025, the U.S. National Institute of Standards and Technology (NIST) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile or Profile). According to the draft, the Cyber AI Profile is intended to provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities."

"The draft Profile uses the existing voluntary NIST Cybersecurity Framework (CSF) 2.0 which provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF's outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI."

"This draft guidance will likely be familiar to organizations that already leverage the CSF 2.0 in their cybersecurity programs and might be complimentary to existing frameworks that organizations already have in place. Even so, the outcomes are designed to be flexible such that a range of organizations (with mature or novel programs) can leverage the guidance to help manage AI-related cybersecurity risk."