As artificial intelligence (AI) becomes increasingly integrated into enterprise environments, the National Institute of Standards and Technology (NIST) has recognized the need for updated cybersecurity measures. To address the evolving risks associated with AI adoption, NIST has released a preliminary draft of guidance known as the Cyber AI Profile, designed to assist organizations in aligning their cybersecurity strategies with the integration of AI technologies.
The Cyber AI Profile is encapsulated in a document titled the Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596). Its objective is to facilitate the application of the NIST Cybersecurity Framework, specifically CSF 2.0, to ensure the secure and responsible use of AI. The framework aims to accelerate AI adoption while mitigating the cybersecurity threats that arise from AI’s rapid evolution.
NIST outlines the necessity for AI-specific cybersecurity guidelines, emphasizing that AI impacts cybersecurity in several dimensions. Organizations must secure their AI systems, leverage AI for enhanced cyber defense, and prepare for an emerging category of AI-driven cyberattacks. The Cyber AI Profile organizes its recommendations around three interrelated focus areas: securing AI systems, conducting AI-enabled cyber defense operations, and countering AI-enabled cyber threats.
Barbara Cuthill, one of the authors of the Cyber AI Profile, highlights the urgency of addressing these issues. She stated, “Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI’s advancement.” The collaborative effort behind the Cyber AI Profile involved extensive public input, with over 6,500 individuals engaging in discussions throughout the process, which began with an initial concept paper in February 2025.
The Cyber AI Profile’s three focus areas each serve a distinct function. The first area, securing AI systems, involves identifying the cybersecurity challenges that arise when AI is integrated into organizational ecosystems. The second area, conducting AI-enabled cyber defense, explores how AI can enhance cybersecurity operations while also recognizing the potential risks of deploying AI for defensive purposes. The third area, thwarting AI-enabled cyberattacks, focuses on building resilience against threats that utilize AI to improve their scale, speed, or effectiveness.
According to Cuthill, the prevalence of AI in organizational contexts means that leaders must engage with all three focus areas. “The three focus areas reflect the fact that AI is entering organizations’ awareness in different ways,” she said. “But ultimately every organization will have to deal with all three.”
Through the NIST Cybersecurity Framework lens, the Cyber AI Profile aids organizations in clarifying their cybersecurity objectives related to AI and CSF 2.0. It provides structured insights for organizations to understand, evaluate, and address AI-related cybersecurity challenges while integrating AI into existing cybersecurity protocols intentionally.
NIST describes the Cyber AI Profile as a “community profile,” indicating that it aligns CSF 2.0 with shared objectives across various sectors. This profile joins other community profiles developed for industries such as manufacturing, financial services, and telecommunications. The preliminary draft opens a 45-day public comment period, inviting feedback before NIST releases an initial public draft in 2026. This forthcoming version is expected to refine the guidance and include extended mappings to additional NIST resources.
Cuthill expressed hope that the Cyber AI Profile will continue to evolve as a practical tool for organizations. “The Cyber AI Profile is all about enabling organizations to gain confidence in their AI journey,” she said. “We hope it will help them feel equipped to have conversations about how their cybersecurity environment will change with AI and to augment what they are already doing with their cybersecurity programs.”
See also
Kaspersky Türkiye Reports Shift in Cyberattack Focus to Industrial Sectors by 2025
South African Firms Face 1,800 Weekly Cyberattacks Amid Rising AI Threats, Check Point Reports
CrowdStrike Launches Falcon AIDR to Combat AI Threats with 99% Efficacy
AI Vendors Align on Standards to Enhance Agentic AI Flexibility Amid Bot Crackdown
AI Cyber Threats Surge: 60% of Companies Targeted, Only 7% Use AI Defense Tools
