NIST Releases New Guidelines to Enhance AI Era Cybersecurity

The National Institute of Standards and Technology (NIST) has taken a significant step toward enhancing cybersecurity in the AI era. They recently unveiled a preliminary draft of the Cyber AI Profile, officially titled the Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596). This document provides essential guidelines for organizations aiming to integrate artificial intelligence safely within their cybersecurity frameworks.

NIST Cyber AI Profile Overview

This new profile is designed to guide organizations through the complex relationship between cybersecurity and AI. It focuses on three primary areas:

• Securing AI Systems: Identifying cybersecurity challenges when incorporating AI into existing frameworks.
• Conducting AI-Enabled Cyber Defense: Leveraging AI to enhance defensive strategies while recognizing potential challenges.
• Thwarting AI-Enabled Cyberattacks: Building resilience to counter emerging threats enabled by AI technologies.

As Barbara Cuthill, one of the profile’s authors, noted, organizations must establish cybersecurity strategies that acknowledge the realities of AI’s integration. “Every organization will have to deal with all three focus areas, regardless of their current stage in the AI journey,” she stated.

Community Engagement and Development

NIST has created this draft following a year-long collaborative effort involving over 6,500 participants from various sectors interested in cybersecurity and AI. Key milestones included the release of an initial concept paper in February 2025 and several workshops and meetings to gather input. The current preliminary draft is now available for a 45-day public comment period, allowing stakeholders to share their feedback.

Next Steps for the Cyber AI Profile

The comment period is open until January 30, 2026. NIST will consider this input to refine the profile further. An initial public draft is slated for release in 2026, aiming to provide comprehensive strategies for organizations to incorporate AI into their cybersecurity plans effectively. The finalized profile will highlight priority actions, specific considerations from the Cybersecurity Framework (CSF 2.0), and create mappings to other important NIST resources, such as the AI Risk Management Framework.

Additionally, NIST plans to host a workshop on January 14, 2026, to discuss the preliminary draft and encourage further engagement from the cybersecurity community. This initiative is part of NIST’s broader goal to help organizations develop a confident approach to their AI integration.

Cuthill emphasized the importance of this profile as a resource for organizations. “We hope it will enable them to engage in meaningful conversations about how AI will influence their cybersecurity landscape,” she stated.