Skip to content
Longterm Wiki
Back

JD Supra: AI Risk Meets Cyber Governance - NIST's Cybersecurity Framework Profile

web
jdsupra.com·jdsupra.com/legalnews/ai-risk-meets-cyber-governance-nist...

Relevant for practitioners and policy watchers tracking how regulatory bodies like NIST are extending existing cybersecurity frameworks to cover AI-specific risks, particularly for enterprise compliance and AI deployment governance.

Metadata

Importance: 42/100news articleanalysis

Summary

This article examines NIST's Cybersecurity Framework (CSF) Profile for Generative AI, which integrates AI-specific risks into existing cybersecurity governance structures. It explores how organizations can align their AI risk management practices with established cybersecurity frameworks to address unique threats posed by generative AI systems. The piece highlights practical implications for legal and compliance professionals navigating the intersection of AI governance and cybersecurity.

Key Points

  • NIST released a Cybersecurity Framework Profile specifically tailored to address risks from generative AI systems within existing cyber governance structures.
  • The profile bridges the gap between AI risk management (as in NIST AI RMF) and cybersecurity frameworks, helping organizations manage both simultaneously.
  • Key AI-specific risks addressed include data poisoning, prompt injection, model theft, and AI-enabled cyberattacks.
  • Organizations are encouraged to integrate AI governance into existing cybersecurity programs rather than treating AI risk as a completely separate domain.
  • The framework has practical compliance implications for legal teams advising on enterprise AI deployment and cyber risk management.

Cited by 1 page

PageTypeQuality
NIST and AI SafetyOrganization63.0

Cached Content Preview

HTTP 200Fetched Mar 20, 202636 KB
January 29, 2026

# AI Risk Meets Cyber Governance: NIST’s Draft Cyber AI Profile

[Corey Berman](https://www.jdsupra.com/authors/corey-berman/), [Kaitlin Betancourt](https://www.jdsupra.com/authors/kaitlin-betancourt/), [Peter Marta](https://www.jdsupra.com/authors/peter-marta1/), [L. Judson Welle](https://www.jdsupra.com/authors/l-judson-welle/)

[Goodwin](https://www.jdsupra.com/profile/Goodwin_docs/)

\+ Followx Followingx Following\- Unfollow [Contact](https://www.jdsupra.com/profile/contributor-contact.aspx)

LinkedIn


Facebook


X


Send

Embed

To embed, copy and paste the code into your website or blog:

![Goodwin](https://jdsupra-static.s3.amazonaws.com/client-headers/GoodwinProcter/1-Header-2016-onwards.jpg)

On December 16, 2025, the National Institute of Standards and Technology (“NIST”), a non-regulatory federal agency within the U.S. Department of Commerce that promotes innovation through technical standards setting, released a [preliminary draft](https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8596.iprd.pdf) of its forthcoming Cyber AI Profile. The Cyber AI Profile aims to help organizations bolster artificial intelligence (“AI”) governance leveraging NIST’s [Cybersecurity Framework 2.0](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf) (the “CSF”) as a guide to the cybersecurity of AI systems and the use of AI to support cybersecurity. Like the CSF, the Cyber AI Profile is voluntary for most organizations; however, organizations that align their risk management practices to these resources tend to be viewed by customers, investors, and regulators as more secure, resilient, and responsible.

The Cyber AI Profile identifies three overarching AI focus areas, or themes, related to organizational AI governance:

- **Securing AI System Components (“Secure”):** Companies are encouraged to supplement existing risk management approaches to account for the new challenges posed by integration of AI systems, including AI supply chains, infrastructure, and other dependencies.
- **Conducting AI-Enabled Cyber Defense (“Defend”):** Companies should work to leverage AI to strengthen cybersecurity defenses, whether by using AI to manage an increased volume of threat intelligence, integrating agentic AI to automate collaborative incident response tasks, or increasing efficiencies across IT operations and help desks.
- **Thwarting AI-Enabled Cyber Attacks (“Thwart”):** Companies must prepare for how adversarial use of AI increases threat actor sophistication, expands potential attack surfaces, and introduces new risks, including deepfake attacks targeting organization personnel, generative AI-enabled fraud, and autonomous agent-driven vulnerability exploitation.

Rather than prescribing particular requirements, the Cyber AI Profile consists of recommended considerations for implementing AI governance within the CSF. The Cyber AI Profile maps each of the AI focus areas onto the six core functions of the CSF (Govern, Identify, Protect, Detec

... (truncated, 36 KB total)
Resource ID: 9634280008b32542 | Stable ID: N2ExZGVhOD