Guidance to secure, defend, and thwart AI risks
The preliminary NIST IR 8596 frames how organizations should manage AI-related cyber risks and capitalize on AI for defense, aligned with CSF 2.0. It centers on three focus areas—secure, defend, and thwart—prioritizing outcomes across the CSF’s functions, categories, and subcategories. NIST invites broad feedback to refine priorities, references, and practical formats before issuing the initial public draft.
Points clés
- NIST IR 8596 (December 2025) is a preliminary draft from the U.S. Department of Commerce’s National Institute of Standards and Technology.
- The profile aligns with NIST CSF 2.0 and organizes AI-specific guidance under six functions via three focus areas: securing AI system components (secure), conducting AI-enabled cyber defense (defend), and thwarting AI-enabled cyber attacks (thwart).
- The draft maps AI considerations to 106 CSF subcategories across 22 categories and six functions, proposing priority tiers (1 high, 2 moderate, 3 foundational).
- Public comments are open from December 16, 2025, to January 30, 2026, via cyberaiprofile@nist.gov, with all input subject to FOIA release.
- A call for patent claims seeks disclosures and RAND assurances for any essential claims tied to the guidance, managed by ITL.
- Authors include Katerina Megas, Barbara Cuthill, Marissa Dotter, Michael Garris, Ishika Khemani, Bronwyn Patrick, Noah Schiro, Julie Nethery Snyder, and Mohammad Zarei.
- The profile emphasizes AI supply chain risk, elevating data provenance (e.g., AI SBOM/AIBOM) alongside software and hardware assurance.
- Governance priorities highlight legal and regulatory change tracking, HITL oversight, and frequent policy updates due to rapidly evolving AI threats and capabilities.
- Operational guidance stresses inventorying AI assets and data (ID.AM-07), logging AI inputs/outputs, model versions, and hyperparameters (PR.PS-04; RS.AN-07), and safeguarding data-in-use to prevent leakage (PR.DS-10).
- References include NIST AI RMF 1.0 and AI 600-1, MITRE ATLAS, ENISA guidance, OWASP LLM resources, and industry reports from Google, Microsoft, and others that inform mappings and mitigations.
À retenir
Start by doing the unglamorous bits: inventory your AI models, data, and agents like they’re crown jewels, because—surprise—they are. Add human-in-the-loop guardrails so your shiny AI doesn’t sprint past your risk appetite, and rehearse AI-enabled phishing and deepfake drills before they become your new normal. And yes, test those model and dataset backups; nothing says “holiday cheer” like discovering your only clean checkpoint is three versions ago.
Sources
Quiz sur le document: 10 questions
