U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cyber AI Profile

Recent advancements in Artificial Intelligence (AI) technology bring great opportunities to organizations, but also new risks and impacts that need to be managed in the domain of cybersecurity.  NIST is evaluating how to use existing frameworks, such as the Cybersecurity Framework (CSF), to assist organizations as they face new or expanded risks.

 

View the Roadmap

Development of an AI Profile

Discussions with many in the cybersecurity community strongly suggest that there would be value in developing guidance based on the CSF to address the cybersecurity risks related to AI development and use. Thus, NIST through the National Cybersecurity Center of Excellence (NCCoE) is considering developing a Community Profile that is based on the CSF for the domain of “cybersecurity of AI and AI for cybersecurity” (an “Cyber AI Profile”).
Status: Reviewing Comments

The public comment period for NIST IR 8596, Cybersecurity Framework Profile for Artificial Intelligence has closed. Thank you to everyone who shared their feedback with us.

NIST IR 8596 irpd: Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile)Web Version NIST IR 8596 irpd: Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile)

The public comment period for the following concept paper has closed. Thank you to everyone who shared their feedback with us.

If you have any questions, please reach out to our project team at [email protected].

Cybersecurity and AI Workshop Concept PaperDocument Version Cybersecurity and AI Workshop Concept Paper

For the cybersecurity of AI and AI used for cybersecurity, NIST is proposing to focus on three sources of risk that impact an organization’s operational risk: Cybersecurity of AI Systems, AI-enabled Cyber Attacks, and AI-enabled Cyber Defense.

Organizations vary on whether and how they are using AI in these three areas. Some organizations may not yet be using AI. Some may be using cybersecurity solutions enabled with machine learning (ML) but have not yet transitioned to newer and more robust AI capabilities, such as Generative AI (Generative AI can generate text, images, videos, or other data using generative models—and can learn about the patterns and structure of data to generate new data with similar characteristics). Regardless of where they are on their AI journey, organizations need risk management approaches that support the realities of advancements in AI use.

Organizations vary on whether and how they are using AI in these three areas. Some organizations may not yet be using AI. Regardless of where they are on their AI journey, organizations need risk management approaches that support the realities of advancements in AI use.

Spring 2026 Cyber AI Profile Virtual Working Sessions

Dates:  

Session 1: Updates to Profile Elements and Contents – April 28, 2026

Session 2: Extending the Technical Content – May 5, 2026

Session 3: Usability of the Profile – May 12, 2026

Join the NIST NCCoE for a series of virtual working sessions to discuss the NIST Cybersecurity Framework (CSF) Cyber Artificial Intelligence (AI) Profile. These virtual working sessions are intended for cybersecurity and AI leaders to provide detailed, technical input to inform the Profile’s development. 

These sessions will focus on community feedback on adapting cybersecurity practices to AI, strengthening the Cyber AI Profile in key technical areas, and exploring revised Profile packaging and delivery formats to enhance usability for different roles in the AI ecosystem. To register for each session, you can visit the event pages linked above. 

You can access the resources from the 2025 virtual working sessions here.

a drawing of a brain on a blue background with red and orange tiles displayed underneath

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself