The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), has initiated the development of a "Cyber AI Profile." This new guidance is designed to be an overlay or companion to the widely adopted NIST Cybersecurity Framework (CSF) 2.0. The profile aims to provide organizations with a structured approach to managing the unique and complex cybersecurity risks introduced by the development, deployment, and use of artificial intelligence systems. This move reflects a growing consensus that AI presents a novel class of risks that require specialized guidance beyond traditional cybersecurity frameworks.
The Cyber AI Profile is not a new regulation but a voluntary guidance framework. It is being developed to help organizations apply the principles of the NIST CSF 2.0 to the specific context of AI. The profile will address two key areas:
The development process is collaborative, with NIST seeking public comment to refine the profile. It is part of a broader U.S. government effort to promote secure and trustworthy AI, aligning with principles outlined in executive orders on AI.
While the guidance is voluntary, its adoption will be strongly encouraged for all organizations that are developing, deploying, or using AI technologies. This includes virtually every industry sector:
Essentially, any organization that falls under the purview of the NIST CSF will be a target audience for the Cyber AI Profile.
As a voluntary framework, the Cyber AI Profile will not have mandatory compliance requirements. However, it will establish a de facto standard of care. Organizations will be expected to use the profile to:
The profile will likely map AI-specific controls to the existing functions of the CSF (Identify, Protect, Detect, Respond, Recover) and the new Govern function in CSF 2.0.
NIST is currently in the development and public comment phase. Drafts are being released, and the final version is expected to be published after incorporating feedback from industry, academia, and government stakeholders. While no firm deadline has been set, the urgency of the topic suggests NIST is moving quickly. Organizations should begin familiarizing themselves with the drafts and considering how the guidance will impact their AI governance and security programs.
The Cyber AI Profile will have a significant impact on how organizations approach AI security. It will help standardize the language and practices around AI risk management, moving it from a niche, expert-driven field to a more mainstream component of enterprise risk management. For security teams, it provides a clear framework for assessing and mitigating AI risks. For developers and data scientists, it will introduce new security requirements into the AI development lifecycle (AI-SDLC). The primary business impact will be an increased focus and budget allocation for securing AI initiatives, which is essential to safely harnessing the benefits of the technology.
Organizations should take the following proactive steps:

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.