AI Risk Management: NIST Publishes Draft Cyber AI Profile
by
January 6, 2026
NIST recently published a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence, which is intended to provide guidelines for managing cybersecurity risk related to AI systems and identify opportunities for using AI to enhance cybersecurity capabilities. Here’s the intro to this Covington blog on the draft profile:
On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”). According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities.”
The draft Profile uses the existing voluntary NIST Cybersecurity Framework (“CSF”) 2.0 — which “provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks” — and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF’s outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI.
This draft guidance will likely be familiar to organizations that already leverage the CSF 2.0 in their cybersecurity programs and might be complimentary to existing frameworks that organizations already have in place. Even so, the outcomes are designed to be flexible such that a range of organizations (with mature or novel programs) can leverage the guidance to help manage AI-related cybersecurity risk.
The blog goes on to summarize the profile’s organizational structure and the areas about which NIST is seeking comment. The comment period for the profile expires on January 30, 2026. The blog also notes that NIST is planning to host a workshop on January 14, 2026 for those interested in offering feedback on the preliminary draft.