Share

New Guidance from NIST Demonstrates How Organizations Can Use AI for Cybersecurity

Alert
01.08.2026
By David Axtell & Theodore Thompson

Whether your organization presently uses artificial intelligence (AI) or has plans to in the future, the draft Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) published in December 2025 by the National Institute of Standards and Technology (NIST) is a valuable tool for a wide range of organizations. The Cyber AI Profile is designed to guide organizations in managing cybersecurity risks associated with AI systems used for internal processes or for active cybersecurity monitoring. It was developed in collaboration with the Applied Cybersecurity Division of the Information Technology Laboratory, the National Cybersecurity Center of Excellence (NCCoE), and the MITRE Corporation. The authors now seek public feedback through January 2026 to refine its content, structure, and priorities before finalization.

Background and Purpose

Recent advancements in AI have introduced both significant opportunities and new challenges for organizational cybersecurity. The Cyber AI Profile is intended to help organizations  "manage the impacts of advancements in AI to their organization by helping organizations secure AI system components, such as models, agents, algorithms, prompts, and data; take advantage of the new opportunities AI offers to improve cybersecurity defenses; and prepare for changes to the threat landscape based on adversarial use of AI." To accomplish this, the Cyber AI Profile seeks to assist organizations establish a shared understanding of AI-related cybersecurity priorities, foster collaboration across AI and cybersecurity communities, and provide common AI cybersecurity target outcomes based on the NIST Cybersecurity Framework (CSF) 2.0.

The Cyber AI Profile is not intended as a replacement for existing frameworks, such as the NIST CSF 2.0, but rather a supplement to existing frameworks while addressing the unique risks and opportunities presented by AI. It is designed for organizations at any stage of AI adoption, including those developing, deploying, or defending against AI systems.

Integration of the Cyber AI Profile with the NIST Cybersecurity Framework 2.0

The Cyber AI Profile is organized around three primary focus areas:

  1. Securing AI System Components (Secure): Addresses cybersecurity challenges in integrating AI into organizational ecosystems, including securing models, data, algorithms, and supply chains.
  2. Conducting AI-Enabled Cyber Defense (Defend): Identifies opportunities to leverage AI to enhance cybersecurity processes, such as threat detection, automated response, and risk management.
  3. Thwarting AI-Enabled Cyber Attacks (Thwart): Focuses on building resilience against new threat vectors introduced by adversarial uses of AI, including AI-driven phishing, malware, and autonomous attack agents.

The bulk of the draft guidance provides useful examples and additional references for implementing the Cyber AI Profile within the existing CSF 2.0. By illustrating how the focus areas of the Cyber AI Profile (Secure, Defend, Thwart) integrate within the larger CSF principles (Govern, Identify, Protect, Detect, Respond, and Recover), this proposed guidance could be a valuable tool for organizations that currently utilize the CSF 2.0 and plan to initiate or expand the use of AI tools in their organization.

Subcategories are classified as High, Moderate, or Foundational, allowing organizations to tailor implementation based on their risk tolerance, operational needs, and maturity. For each subcategory, the Cyber AI Profile provides:

  • General AI-related considerations for achieving the outcomes in each subcategory.
  • Focus area-specific priorities and considerations.
  • Sample opportunities for leveraging AI (particularly in the defend focus area), including:
    • A proposed priority corresponding to the High (1), Moderate (2), or Foundational (3) classification.
    • Sample opportunities to leverage AI to help achieve the subcategory's outcomes.
    • Sample focus area considerations based on observations in the field and/or subject matter expertise.
    • Example informative references, including such resources as laws, standards, guidelines, and research publications.

Public Feedback and Next Steps

NIST is actively seeking public comments on the preliminary draft, with specific requests for input on document structure, focus area descriptions, profile content, and glossary terms. Interested parties may complete a comment form and email it to cyberaiprofile@nist.gov. The deadline for submitting comments is January 30, 2026. NIST also invites disclosure of relevant patent claims and suggestions for additional informative references from the public.  NIST is also planning an upcoming workshop to discuss the draft guidance.

The Cyber AI Profile is expected to evolve based on stakeholder feedback, ongoing literature review, and developments in AI and cybersecurity standards. Organizations are encouraged to monitor the project's progress and participate in the public comment process.

Conclusion

The Cyber AI Profile represents a significant step toward a unified, risk-based approach to managing the cybersecurity implications of AI. By aligning AI-specific considerations with the established NIST CSF 2.0, the Cyber AI Profile provides a practical resource for organizations seeking to secure AI systems, leverage AI for cyber defense, and build resilience against AI-enabled threats.

For more information on NIST's draft guidance specific to Cybersecurity AI Profile, please contact David Axtell, Theodore Thompson, or the Stinson LLP contact with whom you regularly work.

Subscribe to Stinson's
News & Insights
Jump to Page

We use cookies on our website to improve functionality and performance, analyze website traffic and enable social media features. For more information, please see our Cookie Policy.