InfoSecBulletin Cybersecurity for mankind
The U.S. National Institute of Standards and Technology (NIST) has published a draft Cybersecurity Framework Profile for Artificial Intelligence to guide secure AI adoption. The draft modifies the NIST Cybersecurity Framework 2.0 to help organizations manage and communicate cybersecurity risks associated with AI.
CSF 2.0 structures risk management around key functions: Govern, Identify, Protect, Detect, Respond, and Recover, creating a shared language for cyber professionals across sectors, which is reflected in the draft.
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
The “Cyber AI Profile” draft uses the CSF 2.0 model to provide a guide for organizations adopting AI, considering the changing threat landscape. It doesn’t replace existing frameworks like the AI Risk Management Framework but adapts CSF 2.0 for AI’s specific cybersecurity challenges.
The draft outlines guidance in three areas. The first area, Securing AI System Components (Secure), focuses on identifying and addressing cybersecurity risks related to AI infrastructure, models, data pipelines, and integration points.
The second part, Conducting AI-Enabled Cyber Defense (Defend), explains how AI improves defense while recognizing the risks of using AI in threat detection and response. The third part, Thwarting AI-Enabled Cyberattacks (Thwart), focuses on resilience strategies against attackers using AI to bypass standard cybersecurity methods.
“AI has become a driving force behind today’s technological development, transforming industries and redefining how society operates,” writes NIST said in its public announcement. “Advancements in AI technology introduce both cybersecurity opportunities and challenges to organizations. NIST’s preliminary draft Cyber AI Profile can help organizations strategically adopt AI while addressing and prioritizing cybersecurity risks stemming from its advancements.”
The draft was created over a year with input from over 6,500 contributors in NIST’s Cyber AI Community, including workshops and public drafts.
The initial reaction from cybersecurity professionals has been mixed, with some saying it falls short in some areas.
“The draft document doesn’t include guidance for complex systems where AI is used in an orchestration form: for example, one AI leading the work for the next AI, or AI agents that use other AI tools like generative AI or machine learning,” Melissa Ruzzi, director of AI at application security company AppOmni Inc., told SiliconANGLE via email. “In these cases, the hyperparameters are defined through AI itself and cannot deterministically be controlled as some of the NIST guidance suggests. This is great guidance for those who don’t have much expertise in AI security.”
The draft is open for comments through Jan. 30, 2026.
