- Key insight: The new NIST Cyber AI Profile is designed to complement existing risk management frameworks by providing a common language for AI security.
- Expert quote: "Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI's advancement," says NIST's Barbara Cuthill.
- Forward look: NIST is accepting public comments on the preliminary draft until Jan. 30, 2026, with a full initial public draft expected later that year.
Overview bullets generated by AI with editorial review
The National Institute of Standards and Technology, or NIST, released a preliminary draft of an AI cybersecurity risk profile on Tuesday, offering companies including banks a new roadmap for integrating artificial intelligence into their existing cybersecurity strategies.
The voluntary guidance arrives as banks aggressively ramp up spending on generative AI and machine learning for everything from code development to fraud mitigation.
The publication, formally titled the Cybersecurity Framework Profile for Artificial Intelligence, aims to help organizations standardize how they discuss and manage the unique security risks posed by AI, according to the preliminary draft.
"Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI's advancement," said Barbara Cuthill, a profile author and NIST expert, in a Tuesday press release.
NIST designed the Cyber AI Profile to complement (rather than replace) its AI risk management framework, which covers broader risks such as bias and fairness.
NIST is accepting public comments on the preliminary draft until Jan. 30, 2026, and plans to release a full initial public draft later that year, according to the Tuesday announcement.
What is the framework?
To understand the new profile, bankers must first understand the foundation upon which it sits: the NIST Cybersecurity Framework, or CSF. NIST
Widely considered the gold standard for cyber risk management, the framework organizes cybersecurity outcomes into high-level functions such as "Govern," "Protect," "Detect" and "Respond."
Rather than a rigid checklist of technical controls, the CSF offers a taxonomy — a common language that allows a chief information security officer to communicate risk to the board of directors in business terms.
A profile takes this broad framework and tailors it to a specific purpose, sector or technology. Just as a suit requires tailoring to fit a specific individual, the framework requires profiling to fit specific business needs.
The new cyber AI profile specifically tailors CSF 2.0 to address the new risks and impacts that need to be managed when AI enters an organization's digital ecosystem, according to a NIST summary of the project.
Three areas of focus
The preliminary draft advises banks and other users to organize their AI cybersecurity efforts around three overlapping focus areas:
Securing AI system components: This area focuses on the "cybersecurity challenges when integrating AI into organizational ecosystems."
For a bank, this involves locking down the AI models, the data used to train them and the infrastructure they run on, much like they would a core banking system.
For example, banks must verify the integrity of third-party AI models to prevent 'backdoor' attacks that could manipulate credit scoring or fraud detection systems, according to data provenance guidelines in the draft.
Conducting AI-enabled cyber defense: This section helps organizations identify opportunities to use AI to improve their own defenses.
For instance, security operations centers can deploy AI agents that autonomously triage thousands of daily alerts to distinguish between false positives and critical threats, according to the draft profile.
Thwarting AI-enabled cyber attacks: This focus area addresses resilience against adversaries who use AI to conduct more sophisticated attacks.
This requires updating defenses to detect AI-enhanced social engineering, such as deepfake voice cloning that adversaries use to trick employees into authorizing fraudulent wire transfers, according to the draft profile.
Why industries asked for this document
The industry feedback leading up to the release of the 107-page preliminary draft underscored a strong preference for integrating AI into existing cybersecurity structures rather than creating isolated compliance regimes.
The Cybersecurity Coalition, a trade group representing major technology and security companies, advocated for this exact approach earlier this year. In comments regarding the profile's concept paper, the group urged NIST to treat AI fundamentally as software, rather than a mysterious entity requiring entirely novel protocols.
"There is broad consensus that AI is software, and many foundational approaches to securing software laid out in the NIST CSF translate easily to AI models, tools, and systems," the Cybersecurity Coalition wrote in a March 14 letter to NIST.
The group specifically warned regulators and standard-setters against fracturing the compliance landscape. Creating too many separate resources could "leave organizations with too many resources with similar goals," the Cybersecurity Coalition wrote, noting that a profile rooted in the CSF would "facilitate regulatory harmonization."
The Cybersecurity Coalition also highlighted the necessity of separating the defense of AI from defense by AI — a distinction NIST adopted in its three focus areas.
"It will be essential to keep in mind that defending against AI-enabled attacks and defending AI-enabled systems are two distinct scenarios and should be treated as such," the Cybersecurity Coalition stated in the March letter.
This distinction addresses long-standing concerns from technical experts that traditional frameworks miss specific adversarial AI threats. For example, MITRE Corporation noted in an April 2022 comment letter to NIST that AI-based attack vectors often "fall through the cracks between current cybersecurity and risk frameworks," a gap the new "Thwarting AI-Enabled Cyber Attacks" focus area aims to close.
Another cyber profile tailored to banks
The concept of a profile based on NIST's Cybersecurity Framework may be familiar to cybersecurity professionals at banks through the work of the Cyber Risk Institute, or CRI.
The CRI Profile, used by nearly 50 financial institutions, serves as a sector-specific distillation of the NIST CSF.
It harmonizes more than 2,500 regulatory expectations from agencies including the Federal Reserve, OCC and FDIC into a concise set of diagnostic statements.
A typical diagnostic statement in this profile — statement GV.RM-01.01 — asks institutions to verify:
"Technology and cybersecurity risk management strategies and frameworks are approved by the governing authority (e.g., the Board or one of its committees) and incorporated into the overall business strategy and enterprise risk management framework," according to the CRI Profile assessment text.
By verifying "Yes," this statement is true, a bank can demonstrate compliance with overlapping board oversight requirements from multiple agencies rather than reporting on each regulator's specific rule individually.
And, by addressing all relevant statements in the profile, a bank can assess its compliance posture once and report it to multiple regulators.
CRI also publishes a related "Cloud Profile," which helps banks and cloud service providers define shared security responsibilities — a major topic of discussion among regulators and banks as each looks to tackle cybersecurity risks associated with third-party vendors.
NIST's new cyber AI profile functions similarly to these established tools for banks and credit unions. While the CRI profiles tailor the NIST framework specifically for financial compliance and cloud usage, the cyber AI profile tailors it for the specific nuances of artificial intelligence.
