Cyber AI Profile

Recent advancements in Artificial Intelligence (AI) technology bring great opportunities to organizations, but also new risks and impacts that need to be managed in the domain of cybersecurity.  NIST is evaluating how to use existing frameworks, such as the Cybersecurity Framework (CSF), to assist organizations as they face new or expanded risks.

Development of an AI Profile

Discussions with many in the cybersecurity community strongly suggest that there would be value in developing guidance based on the CSF to address the cybersecurity risks related to AI development and use. Thus, NIST through the National Cybersecurity Center of Excellence (NCCoE) is considering developing a Community Profile that is based on the CSF for the domain of “cybersecurity of AI and AI for cybersecurity” (an “Cyber AI Profile”).
Status: Defining Scope

Creating a Community Profile involves understanding priorities and risks, making collaboration I important part of the process. To ensure its success, it's crucial to involve stakeholders in developing this Profile. As we define the scope, we welcome your views, opinions, and thoughts.

If you have any questions, please reach out to our project team at [email protected].

For the cybersecurity of AI and AI used for cybersecurity, NIST is proposing to focus on three sources of risk that impact an organization’s operational risk: Cybersecurity of AI Systems, AI-enabled Cyber Attacks, and AI-enabled Cyber Defense.

Organizations vary on whether and how they are using AI in these three areas. Some organizations may not yet be using AI. Some may be using cybersecurity solutions enabled with machine learning (ML) but have not yet transitioned to newer and more robust AI capabilities, such as Generative AI (Generative AI can generate text, images, videos, or other data using generative models—and can learn about the patterns and structure of data to generate new data with similar characteristics). Regardless of where they are on their AI journey, organizations need risk management approaches that support the realities of advancements in AI use for cyber offense and defense.

Organizations vary on whether and how they are using AI in these three areas. Some organizations may not yet be using AI. Regardless of where they are on their AI journey, organizations need risk management approaches that support the realities of advancements in AI use for cyber offense and defense.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name