NIST and AI Safety

“U.S. Secretary of Commerce Gina Raimondo (opens in new window) announced Sept. 24 that the Department of Commerce’s National Institute of Standards and Technology (opens in new window) (NIST) has awarded $6 million to Carnegie Mellon University to establish a joint center to support cooperative research and experimentation for the test and evaluation of modern AI capabilities and tools.”

Failed to parse LLM response

“U.S. Secretary of Commerce Gina Raimondo (opens in new window) announced Sept. 24 that the Department of Commerce’s National Institute of Standards and Technology (opens in new window) (NIST) has awarded $6 million to Carnegie Mellon University to establish a joint center to support cooperative research and experimentation for the test and evaluation of modern AI capabilities and tools.”

“The Consortium brings together more than 280 organizations to develop science-based and empirically backed guidelines and standards for AI measurement.”

“The President’s FY 2025 budget request for NIST, totaling $1.5 billion, included $50 million to conduct AI research, establish testing infrastructure, develop technical guidance to measure and manage AI risks, and implement best practices and frameworks.”

The claim states the agency's overall annual budget is approximately $1-1.3 billion, but the source states the President's FY 2025 budget request for NIST is $1.5 billion, not the overall annual budget. The claim states the President's FY 2025 budget requested $47.7 million for AI research, but the source states $50 million.

“IST aligns with NIST’s Practice 3.1, #3 (line 20) on insider threats, and recommends the publication also incorporate the concept of an AI model itself constituting an insider threat. While this is a newer concern, our initial inquiries into AI agents (discussed above) and discussions with experts on the topic of “AI control” brings to mind scenarios in which increasingly capable and autonomous AI agents operating within an authorized context might self-evolve and eventually deviate from their intended scope—potentially even colluding with other agents to bypass controls.”

“On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”). According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for using AI to enhance cybersecurity capabilities.” The draft Profile uses the existing voluntary NIST Cybersecurity Framework (“CSF”) 2.0 — which “provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks” — and overlays three AI Focus Areas (Secure, Detect, Thwart) on top of the CSF’s outcomes (Functions, Categories, and Subcategories) to suggest considerations for organizations to prioritize when securing AI implementations, using AI to enhance cybersecurity defenses, or defending against adversarial uses of AI.”

The claim states that the profile maps the AI focus areas onto the six core functions of NIST's Cybersecurity Framework 2.0. However, the source states that the profile overlays the three AI Focus Areas on top of the CSF's outcomes (Functions, Categories, and Subcategories). The claim includes the NISTIR number for the Cyber AI Profile, but this is not mentioned in the source.

“Through this award, NIST is investing $20 million to establish two AI centers, namely the AI Economic Security Center for U.S. Manufacturing Productivity and the AI Economic Security Center to Secure U.S. Critical Infrastructure from Cyberthreats, which will advance the delivery of AI-based technology solutions, strengthening U.S. manufacturing and cybersecurity for critical infrastructure.”

Failed to parse LLM response

“CAISI has established voluntary agreements with multiple developers of leading-edge or “frontier” AI models to enable collaborative research and voluntary testing of industry models for priority national security capabilities.”

The claim states that the AISIC includes over 200 members, but the source mentions CAISI, not AISIC. The source does not specify the number of members in CAISI. The claim states that voluntary agreements with frontier AI model developers enable NIST to conduct collaborative research and voluntary testing of industry models for priority national security capabilities. The source states that CAISI has established voluntary agreements with multiple developers of leading-edge or “frontier” AI models to enable collaborative research and voluntary testing of industry models for priority national security capabilities.

“CAISI has established voluntary agreements with multiple developers of leading-edge or “frontier” AI models to enable collaborative research and voluntary testing of industry models for priority national security capabilities.”

“The AI Economic Security Center for U.S. Manufacturing Productivity and the AI Economic Security Center to Secure U.S. Critical Infrastructure from Cyberthreats will drive the development and adoption of AI-driven tools, or “agents,” in these two national priority areas.”

“The University of British Columbia Mike Zajko 731 Appendix A defines "societal bias" (a term that does a lot of work in this document) from a social psychology textbook as "an adaptable byproduct of human cognition". This does not reflect the understanding of these notions in domains such as sociology (my field) and notable works in the critical AI literature. These biases aren't just byproducts of cognition, but products of identifiable, hierarchical social systems (sexism is not a byproduct).”

“TLDR: The NIST AI Risk Management Framework (NIST AI RMF) is a voluntary guideline designed to help organizations identify, assess, and manage risks associated with artificial intelligence (AI). The framework was designed with the principles of Map, Measure, Manage, and Govern to develop trustworthy, transparent, and ethical AI systems, ensuring responsible AI adoption across various industries.”

The claim states the AI RMF 1.0 was released in January 2023, but the source does not provide the release date. The claim states the framework was released following extensive public consultation, but the source only mentions public workshops to gather input and discuss updates to the AI RMF.

“The US AI Safety Institute, which is housed within NIST and was created to carry out priorities outlined in Biden’s AI executive order, published an initial draft report for Managing the Risk of Misuse for Dual-Use Foundation Models ( AI 800-1 ).”

““AI was all the hype at RSA, Blackhat and Defcon. It was at the beginning and end of every vendor sentence,” said Jeff Man, an industry veteran who today serves as the senior information security consultant at Online Business Systems. “It was amazing how AI was going to solve all of the problems [and] we were also discovering amazing vulnerabilities.” Man also stressed the visibility issues, especially in terms of how AI is deployed company-wide. “Have an inventory and know what you are dealing with. But I am not sure it’s even possible to take a complete inventory of what is out there. You have to assume a doomsday scenario.””

“Forrester’s Worthington stressed that CISOs need to carefully review all current cybersecurity tools because they may not be especially effective at protecting the enterprise from relatively new AI threats. “AI agents and agentic systems introduce new risks that traditional security models are ill-equipped to manage,” Worthington said. “We are seeing growing concerns around the lack of mature detection surfaces, the risk of cascading failures, and the challenge of securing intent rather than just outcomes.” Vince Berk, partner at Apprentis Ventures, was even more skeptical that current standards efforts will be able to make a meaningful difference in protecting companies from AI threats.”

“Erik Avakian, technical counselor at Info-Tech Research Group, said that he applauds NIST’s efforts to reach out for community feedback, but he also cautioned that it might backfire. For example, what if AI agents flood the comments with self-serving suggestions?”

“NIST aims to assist organizations through the release of its own open source software tool, Dioptra , which tests the effects of adversarial attacks on AI systems.”

The source does not mention NIST's research portfolio including applied AI work in advanced materials discovery, robotic manufacturing, wireless systems, and cybersecurity. The source states that NIST released details about adversarial machine learning in January 2024, not that they released Dioptra in January 2024.

“FARSAIT’s applied AI research promotes applying AI techniques to NIST research programs in areas including advanced materials discovery, robotic systems in manufacturing environments, and wireless networked control systems.”

The claim mentions cybersecurity as an area of applied AI work, but the source only mentions advanced materials discovery, robotic systems in manufacturing environments, and wireless networked control systems. The claim mentions the release of Dioptra, an open-source software tool for adversarial AI testing, but this is not mentioned in the source.

“In FY 2018, NIST initiated the Fundamental and Applied Research and Standards for AI Technologies (FARSAIT) program, which is designed to advance the fundamental and applied AI research at NIST. FARSAIT’s fundamental AI research aims to develop a metrologist’s guide to AI systems that addresses the complex intertwinement of different aspects of trustworthy AI as well as terminology and taxonomy as it relates to the several layers of the AI space.”

“The USAISI Consortium, tagged with the acronym AISIC, includes over 200 members from academia, advocacy organizations, private industry, and the public sector.”

The claim that AISI operates with three core goals is unsupported by the provided source. The source states the AISIC was announced on February 8, 2024, not established in February 2024.

“The USAISI Consortium, tagged with the acronym AISIC, includes over 200 members from academia, advocacy organizations, private industry, and the public sector.”

The claim mentions voluntary agreements with frontier AI model developers enabling NIST to conduct collaborative research and voluntary testing of industry models for priority national security capabilities. This is not explicitly mentioned in the source. The source mentions that members are required to enter into a consortium Cooperative Research and Development Agreement (CRADA) with NIST.

“On December 16, 2025, the National Institute of Standards and Technology (“NIST”), a non-regulatory federal agency within the U.S. Department of Commerce that promotes innovation through technical standards setting, released a preliminary draft of its forthcoming Cyber AI Profile.”

The claim mentions NISTIR 8596, but the source does not provide this identifier.

“After just five rounds of AI changes, there was a 37.6% increase in critical vulnerabilities that other AIs could easily exploit.”

“Potential Efficiency Losses The primary challenge is the additional time and resources required. Formalizing governance processes, documenting risk controls, and running ongoing evaluations can slow product development cycles and delay the release of new features.”

“Elham Tabassi is the chief of staff in the Information Technology Laboratory (ITL) at NIST.”

WRONG ATTRIBUTION: The claim incorrectly identifies Elham Tabassi as the Chief Technology Officer of AISI. The source identifies her as the chief of staff in the Information Technology Laboratory (ITL) at NIST.

“The National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF) emerged as a response to the growing complexities and potential risks associated with artificial intelligence systems. Initiated in 2021 and released in January 2023, this framework represents a collaborative effort between NIST and a diverse array of stakeholders from both public and private sectors.”

The source does not mention NIST AI 600-1, the Generative AI Profile, or the release date of July 26, 2024. The source only mentions trustworthy AI attributes including validity, reliability, safety, security, and resilience.

“At its core, the NIST AI RMF is built on four functions: Govern, Map, Measure, and Manage.”

The source does not mention that the guidance was updated in 2025. It states that the framework was initiated in 2021 and released in January 2023. The claim mentions that the updated guidance expanded the framework to address supply chain vulnerabilities, model provenance, data integrity, and third-party risks. While the source mentions data integrity, it does not explicitly mention supply chain vulnerabilities, model provenance, or third-party risks. The claim mentions the introduction of maturity model guidance for measuring organizational AI risk management capabilities. This is not explicitly mentioned in the source.

“The National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF) emerged as a response to the growing complexities and potential risks associated with artificial intelligence systems. Initiated in 2021 and released in January 2023, this framework represents a collaborative effort between NIST and a diverse array of stakeholders from both public and private sectors.”

“An agency-related foundation could play a crucial role in addressing these challenges and strengthening NIST’s AI mission.”

The Fiscal Responsibility Act of 2023 set discretionary spending limits through FY26 through FY29, not FY29 as stated in the claim. The claim mentions 'AI talent fellowships, rapid evaluations, and benchmark development' as potential uses of private investment. The source mentions these as ideas from a June 2024 paper from the Institute for Progress, not necessarily as established plans.

“In addition, NIST is struggling to attract the specialized science and technology (S&T) talent that it needs due to competition for technical talent, a lack of competitive pay compared to the private sector, a gender-imbalanced culture, and issues with transferring institutional knowledge when individuals transition out of the agency, according to a February 2023 Government Accountability Office report.”

“Mid 1960s - MAGIC, one of the first intelligent computer graphics terminals, developed for federal agencies.”

The claim says NIST has conducted computing research since the mid-1960s, but the source says "Automatic Data Processing (ADP) standards development at NBS mandated by Brooks Act (P. L. 89-306)" in 1965. This is not necessarily research. The claim says the agency's Information Technology Laboratory (ITL) built capabilities in cryptography, biometrics, and data processing standards through the 1990s and 2000s, but the source does not explicitly state that ITL built capabilities in these areas. It only lists events related to these topics. The claim says the agency's Information Technology Laboratory (ITL) built capabilities in cryptography, biometrics, and data processing standards through the 1990s and 2000s, establishing foundations for later AI work, but the source does not mention that these capabilities established foundations for later AI work.

“NIST anticipates funding up to $70 million over a five-year period, subject to the availability of federal funds, for the recipient to establish and operate the new institute.”

“NIST partners with other agencies including the U.S. Department of Commerce’s International Trade Administration and the U.S. Department of State on many of these efforts.”

“In 2023, NIST released the AI Risk Management Framework and launched the Trustworthy AI Resource Center to help organizations manage AI risks.”

“U.S. Secretary of Commerce Gina Raimondo announced today key members of the executive leadership team to lead the U.S. AI Safety Institute (AISI), which will be established at the National Institute for Standards and Technology (NIST). Raimondo named Elizabeth Kelly to lead the institute as its inaugural director and Elham Tabassi to serve as chief technology officer.”

unsupported: The source does not mention Paul Christiano, Adam Russell, Mara Campbell, Rob Reich, or Mark Latonero. minor_issues: The announcement was made on February 7, 2024, not in February 2024.

“The U.S. AI Safety Institute was established under NIST at the direction of President Biden to support the responsibilities assigned to the Department of Commerce under the president’s landmark Executive Order.”

The source only mentions the establishment of the AI Safety Institute (AISI) within NIST and the appointment of its leadership. It does not explicitly state that NIST was given 'new mandates for AI system evaluation, red-teaming, and international standards coordination.' The source mentions NIST's role in developing guidelines and standards for AI measurement but does not provide specific details about NIST's work spanning fundamental research, applied projects in manufacturing and cybersecurity, and the convening of large multi-stakeholder consortia to develop practical guidance for AI deployment.

“The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has awarded over $1.8 million to 18 small businesses under the Small Business Innovation Research (SBIR) program.”

Failed to parse LLM response

“The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has awarded over $1.8 million to 18 small businesses under the Small Business Innovation Research (SBIR) program.”

“As AISI finalizes NIST AI 800-1, however, EPIC encourages the Institute to reconsider its dismissal and deprioritization of bias risks and privacy risks, respectively. Without adequate privacy and bias safeguards in place, AI developers cannot effectively identify, assess, and mitigate misuse risks within dual-use foundation models.”

“EPIC’s recommendations align closely to the goals of Executive Order 14110 and the NIST AI RMF to increase the safety, equity, and reliability of AI technologies, and we strongly believe that incorporating more sociotechnical factors into NIST AI 800-1, such as data privacy vulnerabilities and bias risks, will only improve the effectiveness of techniques to manage the misuse risks of dual-use foundation models.”

““Organizations often default to overly technical solutions for AI bias issues,” Schwartz said. “But these approaches do not adequately capture the societal impact of AI systems. The expansion of AI into many aspects of public life requires extending our view to consider AI within the larger social system in which it operates.””

“Announced by Commerce Secretary Gina Raimondo, leaders joining the AISI include Paul Christiano, a former OpenAI leader and founder of the nonprofit Alignment Research Center, as head of AI safety; Adam Russell, director of the Information Sciences Institute’s AI Division at the University of Southern California, as chief vision officer; Mara Campbell, former deputy chief operating officer at Commerce’s Economic Development Administration, as acting chief operating officer and chief of staff; Rob Reich, professor of political science at Stanford University and associate director of the Institute for Human-Centered AI, as senior advisor; and Mark Latonero, former deputy director of the National AI Initiative Office at the White House Office of Science and Technology Policy as head of international engagement.”

The source does not mention Elizabeth Kelly as director and Elham Tabassi as chief technology officer. The source is dated April 16, 2024, not February 2024.

“Announced by Commerce Secretary Gina Raimondo, leaders joining the AISI include Paul Christiano, a former OpenAI leader and founder of the nonprofit Alignment Research Center, as head of AI safety”

“Announced by Commerce Secretary Gina Raimondo, leaders joining the AISI include Paul Christiano, a former OpenAI leader and founder of the nonprofit Alignment Research Center, as head of AI safety; Adam Russell, director of the Information Sciences Institute’s AI Division at the University of Southern California, as chief vision officer”

“The National Institute of Standards and Technology (NIST) is seeking input on its newly launched pilot project, “AI Standards Zero Drafts,” which aims to expand participation in AI standards development and help standards developing organizations (SDOs) achieve consensus more quickly.”

“On July 26, 2024, NIST released NIST-AI- 600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile . The profile can help organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.”

The claim mentions trustworthy AI attributes including validity, reliability, safety, security, and resilience, but the source does not explicitly list these attributes. The source only mentions that the framework is intended to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems. The source states the AI RMF was released on January 26, 2023, not just January 2023.

“The NIST AI Risk Management Framework (AI RMF) is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.”