Draft NIST Guidelines Rethink Cybersecurity for the AI Era
A NIST cybersecurity-AI framework aligned to CSF 2.0 is likely to influence how Australian agencies approach AI security risk management.
Key points
- NIST has released a preliminary draft Cyber AI Profile (NISTIR 8596) for 45-day public comment until 30 January 2026.
- The profile maps cybersecurity risk across three areas: securing AI systems, AI-enabled defence, and AI-enabled attack resilience.
- Public comment closes January 2026; an initial public draft and AI RMF mappings are planned for later in 2026.
Summary
NIST has published a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), applying the CSF 2.0 to the intersection of AI and cybersecurity. The profile addresses three focus areas: securing AI systems, using AI to enhance cyber defence, and building resilience against AI-enabled attacks. Developed with input from over 6,500 contributors through workshops and community engagement, it is open for public comment until 30 January 2026, with a refined public draft and mappings to the NIST AI RMF planned for 2026. Australian agencies referencing NIST frameworks for AI risk management or cybersecurity governance may find this profile a useful input to their own risk approaches.
Implications for Australian agencies
- Monitor Agencies using NIST CSF 2.0 or the AI RMF as reference frameworks may want to monitor the profile's development ahead of its 2026 public draft release.
- Consider APS practitioners developing AI security or risk governance approaches could consider whether the three-focus-area structure maps usefully onto their own agency's AI threat landscape.
Implications are AI-generated. Starting points, not advice.
"Draft NIST Guidelines Rethink Cybersecurity for the AI Era" Source: NIST Information Technology RSS Published: 16 December 2025 URL: https://www.nist.gov/news-events/news/2025/12/draft-nist-guidelines-rethink-cybersecurity-ai-era NIST has published a preliminary draft of its Cybersecurity Framework Profile for Artificial Intelligence (NISTIR 8596), applying the CSF 2.0 to the intersection of AI and cybersecurity. The profile addresses three focus areas: securing AI systems, using AI to enhance cyber defence, and building resilience against AI-enabled attacks. Developed with input from over 6,500 contributors through workshops and community engagement, it is open for public comment until 30 January 2026, with a refined public draft and mappings to the NIST AI RMF planned for 2026. Australian agencies referencing NIST frameworks for AI risk management or cybersecurity governance may find this profile a useful input to their own risk approaches. Implications for Australian agencies: - [Monitor] Agencies using NIST CSF 2.0 or the AI RMF as reference frameworks may want to monitor the profile's development ahead of its 2026 public draft release. - [Consider] APS practitioners developing AI security or risk governance approaches could consider whether the three-focus-area structure maps usefully onto their own agency's AI threat landscape. Retrieved from SIMS, 18 May 2026.