The U.S. National Institute of Standards and Technology has released a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence which provides guidance for the secure adoption of AI.

The draft takes the existing NIST Cybersecurity Framework 2.0 structure that helps organizations manage and communicate cybersecurity risk and adapts it to AI use.

CSF 2.0 organizes risk management around core functions like Govern, Identify, Protect, Detect, Respond and Recover to set a common language for cyber professionals across sectors, a theme that is carried over into the draft.

The new draft, also known as “Cyber AI Profile” for short, applies the CSF 2.0 model to AI technologies to give a blueprint to help organizations adopt AI confidently while accounting for the evolving threat landscape. The profile does not replace existing frameworks, such as the AI Risk Management Framework or federal security control standards, but instead tailors CSD 2.0 to address AI’s unique cybersecurity challenges and opportunities.

The draft organizes recommended guidance in three areas. The first, Securing AI System Components (Secure), covers identifying and mitigating cybersecurity risks inherent to AI infrastructure, models, data pipelines and integration points.

The second, Conducting AI-Enabled Cyber Defense (Defend), shows how AI can enhance defensive capabilities while acknowledging risks when AI is integrated into threat detection, response and mitigation workflows. And the third, Thwarting AI-Enabled Cyberattacks (Thwart), highlights resilience strategies against adversaries that leverage AI to scale, automate or evade traditional cybersecurity defenses

“AI has become a driving force behind today’s technological development, transforming industries and redefining how society operates,” writes NIST said in its public announcement. “Advancements in AI technology introduce both cybersecurity opportunities and challenges to organizations. NIST’s preliminary draft Cyber AI Profile can help organizations strategically adopt AI while addressing and prioritizing cybersecurity risks stemming from its advancements.”

The draft was designed following a year-long collaborative process involving more than 6,500 contributors in NIST’s Cyber AI Community of Interest, workshops and public drafts.

The initial reaction from cybersecurity professionals has been mixed, with some saying it falls short in some areas.

“The draft document doesn’t include guidance for complex systems where AI is used in an orchestration form: for example, one AI leading the work for the next AI, or AI agents that use other AI tools like generative AI or machine learning,” Melissa Ruzzi, director of AI at application security company AppOmni Inc., told SiliconANGLE via email. “In these cases, the hyperparameters are defined through AI itself and cannot deterministically be controlled as some of the NIST guidance suggests. This is great guidance for those who don’t have much expertise in AI security.”

The draft is open for comments through Jan. 30, 2026.

Photo: NIST