惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
爱范儿
爱范儿
P
Proofpoint News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
Latest news
Latest news
The Hacker News
The Hacker News
Cyberwarzone
Cyberwarzone
博客园 - 【当耐特】
Project Zero
Project Zero
小众软件
小众软件
T
Tailwind CSS Blog
量子位
博客园 - 聂微东
I
Intezer
美团技术团队
S
SegmentFault 最新的问题
T
Tor Project blog
Spread Privacy
Spread Privacy
V
Vulnerabilities – Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Jina AI
Jina AI
罗磊的独立博客
B
Blog RSS Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
C
Cisco Blogs
L
LINUX DO - 热门话题
Last Week in AI
Last Week in AI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Azure Blog
Microsoft Azure Blog
L
LINUX DO - 最新话题
Know Your Adversary
Know Your Adversary
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
Lohrmann on Cybersecurity
The Register - Security
The Register - Security
L
LangChain Blog
博客园 - 叶小钗
T
Tenable Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

Blog | Orca Security

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure Orca MCP: When Text Stops Scaling Kubernetes Compliance Tools: Automating CIS Benchmarks Risk-Based Vulnerability Management for the Cloud: A 2026 Guide Private Cloud Security: Top Risks and Best Practices (2026) What Is Generative AI in Cybersecurity? Best Vulnerability Management Tools and Software in 2026 2026 State of Application Security Report Recap: What the Data Says and What Security Teams Should Do About It AI Security for Sensitive Data: Best Practices and Guidelines Best AI Code Security Solutions 2026: How to Secure AI-Generated Code From Platform to Program: How to Ensure Your Cloud Security Solution Delivers Best AI Cybersecurity Providers 2026: A Buyer's Guide to AI-Powered Security Platforms Join Orca Security at Black Hat USA 2026 CNAPP Tools That Reduce Security Tool Sprawl: CNAPP vs. Dedicated Solutions What Is Container Runtime Security? A Practical Guide 2026 What Is Application Security Testing? Tools and Types What Is Managed Cloud Security? A Practical Guide What Is SaaS Security Posture Management? SSPM Guide Top 10 Cloud Security Standards for Compliance What is the MIT License? Compliance and Comparisons AI Agents vs. Agentless Security vs. Agent-based Security 144 Mastra npm Packages Compromised via Supply Chain Attack The Complete Guide to LLM Security: Risks, Best Practices, and Solutions Cloud Security LIVE 2026: Top 10 Takeaways Practitioners Can Use Now Cloud Security LIVE 2026: Top 10 Takeaways CISOs Can Use Now (and What to Do Next) How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code What to Look for in Container Security Tools Cloud Application Security Best Practices for DevSecOps Cloud Security Tools: 10 Types Explained for Teams What Is NIST CSF? Framework 2.0 Explained 7 Open Source Incident Response Tools by Category Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution 16 Best Open Source Application Security Tools 2026 What Is Containerization? Security and Best Practices 8 Container Security Best Practices for 2026 Close the Cloud Identity Gap with Orca and AWS IAM Access Analyzer The 5-Step Context-Aware Cloud Vulnerability Prioritization Framework Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover AI Security Best Practices for Regulated Industries Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks SAST vs SCA: Key Differences for AppSec Teams What Is Cloud Security Architecture? Principles, Layers, and Frameworks What Is ASPM? A Guide to Application Security Posture Management What Is SaaS Security? A Practical Guide 2026 What Is a Man-in-the-Middle Attack? A Cloud Security Guide What Is Open Policy Agent? Best Practices and Use Cases 11 Best Open-Source DevSecOps Tools for 2026 How to Secure AI Workloads in Multi-Cloud Environments: A Complete Framework Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites What Is Kubernetes as a Service? KaaS Explained Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers Your FedRAMP Continuous Monitoring Strategy Has a Gap. We Built Something to Fix It. How to Simplify Multi-Cloud Compliance Reporting: The 2026 Checklist Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud Data Security Posture Management (DSPM) for AI Gitea Container Registry Exposes Private Images to Unauthenticated Attackers Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026 7 Enterprise AI Security Risks to Manage Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure Critical Coder Signature Bypass Exposes Developer Keys and Tokens New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution AI Security Tools: How to Evaluate Them Across Every ML Attack Phase Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026 What Is Multi-Cloud Security? What Is Cloud Detection and Response (CDR)? Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE Announcing Cloud Security Agent Skills for Orca’s MCP Server TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace What Is an Incident Response Plan? What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431) Xinference PyPI package compromise leads to full environment takeover What is Application Security? When AI Accelerates the Offense, Coverage Gaps Become Catastrophic Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook Navigating Cloud Security in 2026: Join Cloud Security LIVE Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789) Streamline Compliance Reporting with Orca and Drata’s Integrated Vulnerability Management CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server 2026 State of AppSec: When Development Velocity Outpaces Security AI Is Entering Your Infrastructure. Now what? Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account Credential‑Stealing Malware in LiteLLM Supply Chain Attack Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions The Orca Approach to Runtime AI Security
NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It
The Orca Security Team · 2026-05-20 · via Blog | Orca Security

Table of contents

  • Key Takeaways
  • Why AI Governance and Security Are Converging
  • Why Is AI Risk Management Essential
  • A Closer Look at the NIST AI RMF
  • Why Was the NIST AI RMF Created
  • What Is the Structure of the NIST AI RMF
  • How Can You Adopt the NIST AI RMF
    • Risk categories teams map most often
  • From AI RMF Playbook to Runtime Evidence
  • How Orca Security Operationalizes AI RMF in the Cloud
  • Frequently Asked Questions about NIST AI Risk Management Framework

Key Takeaways

  • The NIST AI Risk Management Framework (AI RMF 1.0) is voluntary guidance for managing risks across the AI lifecycle, from design through deployment and retirement.
  • Its core is four functions: Govern, Map, Measure, and Manage, aligned with trustworthy AI characteristics such as validity, safety, security, accountability, and fairness.
  • NIST publishes companion materials including the AI RMF Playbook, Roadmap, Crosswalks, and sector perspectives to help organizations operationalize the framework.
  • Adoption starts with governance and inventory, then maps risks, measures controls, and manages incidents and drift. AI security posture management (AI-SPM) tools help teams maintain visibility as models and data pipelines change.

The NIST AI Risk Management Framework (AI RMF 1.0) is voluntary guidance from NIST for organizations that build, buy, or operate artificial intelligence systems. Published in January 2023, the framework gives organizations a structured way to identify, assess, measure, and manage AI-related risk across the lifecycle. It organizes work into four functions: Govern, Map, Measure, and Manage. NIST expands on implementation in the AI RMF Playbook, crosswalks, and roadmap materials.

AI RMF sits alongside broader AI security programs that cover model access, data protection, and supply chain integrity. Leaders often pair it with the CISO guide to AI security strategy when aligning security, legal, and product roadmaps.

Unlike a certification standard, AI RMF is designed to be flexible. Organizations adapt it to their own regulatory, operational, and technical environments using profiles, governance processes, monitoring practices, and supporting frameworks. This article explains how AI RMF works, why organizations use it, how teams operationalize it in practice, and how it connects to modern AI security and cloud security programs.

Why AI Governance and Security Are Converging

AI systems increasingly operate inside cloud infrastructure, SaaS platforms, developer pipelines, and enterprise data environments. As organizations adopt generative AI, model APIs, and retrieval-augmented systems, AI governance and cybersecurity programs are becoming tightly connected.

Security teams now need visibility into model access, training data exposure, prompt injection risks, third-party AI services, and identity misuse alongside traditional cloud risks. Frameworks like NIST AI RMF help organizations connect governance processes with technical security controls and operational monitoring.

Why Is AI Risk Management Essential

AI systems now influence credit decisions, clinical workflows, code generation, and physical control loops. Failures can harm individuals through bias, privacy loss, or unsafe automation. They can harm organizations through fraud, intellectual property leaks, and regulatory exposure.

Models also introduce operational complexity. Large language models and other generative systems can behave in ways that are hard to explain without structured logging and evaluation. Unsanctioned and shadow AI tools spread faster than central IT can inventory them.

Governments have responded with new obligations. The European Union’s Artificial Intelligence Act establishes risk-based rules for certain AI products and practices. U.S. federal agencies have issued guidance that references NIST frameworks for safe and trustworthy AI. State privacy laws and sector rules still govern personal data even when an AI system is the processing layer.

Organizations need a repeatable method to show how they manage risk, not only a list of models. Boards ask for resilience to model abuse, supply chain integrity for pretrained weights, and continuity plans when a critical API changes pricing or terms. AI RMF gives structure to those critical conversations.

A Closer Look at the NIST AI RMF

The AI RMF is not a certification scheme. It is a framework organizations adapt through profiles, roadmaps, and internal policy. NIST positions it as flexible enough for startups and multinationals, and rigorous enough to support audit conversations when regulators ask how risks are controlled.

The framework emphasizes trustworthy and responsible AI. Trustworthy AI characteristics in NIST AI RMF documentation include:

  • Validity and reliability
  • Safety
  • Security and resilience
  • Accountability and transparency
  • Explainability and interpretability
  • Privacy-enhanced design 
  • Fairness with harmful bias managed

These characteristics translate into concrete control expectations when paired with your threat model.

The NIST AI RMF is supported by several companion artifacts that help organizations apply the framework in practice. These include the Playbook, which suggests actions mapped to RMF outcomes; Crosswalks, which connect AI RMF activities to other standards and frameworks; Roadmap documents, which outline future research and measurement needs; and Use Cases, which demonstrate how different sectors operationalize the RMF functions under varying constraints..

If you already run ISO 27001, SOC 2, or NIST CSF programs, treat AI RMF as an overlay. Map existing controls to Govern and Manage functions first. Add AI-specific tests where Map and Measure demand new evidence, such as model cards, evaluation harnesses, and runtime monitoring for prompt injection. Where models run on public cloud, pair those tests with cloud security posture management findings so misconfigurations and data exposure do not sit in a separate backlog from model risk.

Platforms that specialize in CNAPP or a modern guide to CNAPP program maturity can thread AI RMF evidence into the same remediation queues as cloud findings.

For related explainers, browse the Cloud Security Learning hub; acronym definitions appear in the cloud security glossary.

Why Was the NIST AI RMF Created

The NIST AI RMF was created to address inconsistent AI risk management practices across industries and to reduce harms associated with poorly governed AI systems. Through the National Artificial Intelligence Initiative Act of 2020 (P.L. 116-283), Congress directed NIST to develop a voluntary framework that could balance innovation with accountability. Rather than slowing AI deployment, the framework aims to make AI risk management more transparent and understandable for executives, auditors, regulators, and the public. Organizations can use the RMF to demonstrate how they identify hazards, measure mitigations, and respond to issues such as model or data drift.

NIST officially published AI RMF 1.0 on January 26, 2023, following extensive public workshops and draft consultations. Additional companion resources, including the AI RMF Playbook and Roadmap, were released to support practical implementation and identify future research and measurement priorities. Because AI risks and measurement methods continue to evolve, the framework is intended to function as a living baseline that NIST may revise over time.

What Is the Structure of the NIST AI RMF

AI RMF 1.0 organizes its content into two main parts that move from concepts to implementation. Part 1 introduces foundational ideas, intended audiences, and AI risk concepts. Part 2 presents the Core, which is structured around four primary functions: 

  • Govern
  • Map
  • Measure and, Manage

Each function contains categories and subcategories that organizations can tailor to their operational environment.

The Govern function focuses on organizational risk culture, accountability, and AI-related policies across the lifecycle. It addresses issues such as who approves high-risk use cases, how third-party models are introduced into the environment, and how resources are allocated for safety testing.

The Map function identifies context, stakeholders, system boundaries, and potential harms. It examines data flows, intended uses, and possible failure modes before organizations define performance metrics. Weak mapping can result in dashboards that appear comprehensive while overlooking critical risks.

The Measure function evaluates identified risks using qualitative and quantitative methods where possible. Measurement activities may include offline evaluation datasets, continuous monitoring for model drift, and security testing for adversarial prompts or data exfiltration vulnerabilities. For large language models, organizations often benchmark these assessments against references such as the OWASP Top 10 for LLM Applications.

The Manage function prioritizes responses, implements mitigations, and incorporates lessons learned back into governance processes. This includes incident response procedures for unsafe model outputs, vendor escalation when external APIs change behavior, and rollback plans when deployments fail validation checks.

In addition to the four functions, the framework uses profiles to document how organizations apply the Core to specific systems, business units, or risk environments. Profiles help make tradeoffs explicit, such as requiring stricter testing for high-impact AI systems while applying lighter review processes to lower-risk internal tools.

The framework also connects trustworthy AI characteristics to both technical and organizational controls. Practices such as bias testing, red teaming, secure logging, access control, and incident response appear across multiple functions and categories. Categories and subcategories further provide traceability for audits and compliance efforts. Although organizations are not expected to implement every subcategory immediately, they are encouraged to document reasons for deferred work, along with compensating controls and implementation timelines.

How Can You Adopt the NIST AI RMF

Adopting the NIST AI RMF is usually an incremental process rather than a one-time implementation effort. Organizations often begin by identifying where AI is used across systems, vendors, datasets, and workflows before expanding into governance, measurement, and monitoring practices. The framework is intentionally flexible, allowing organizations to align adoption with their operational goals, regulatory obligations, and risk tolerance.

Early adoption efforts typically focus on understanding AI use cases, documenting system limitations, and identifying potential risks. Different applications require different safeguards: customer-facing AI systems may demand stricter oversight than internal automation tools. Organizations also benefit from documenting data lineage, human review processes, and known failure modes to improve accountability and transparency.

As programs mature, organizations develop more structured measurement and response processes. Evaluations may include fairness testing, drift monitoring, adversarial testing, and reviews of generated outputs. Over time, governance practices often evolve from manual reviews and spreadsheets into continuous monitoring, automated policy checks, and integrated reporting dashboards.

NIST’s companion resources support this progression. The Playbook provides implementation guidance, Crosswalks align the RMF with existing security and compliance frameworks, and sector-specific use cases demonstrate how organizations adapt the framework to different operational environments. Rather than imposing a rigid maturity model, the AI RMF encourages continuous improvement based on organizational needs, incident history, and regulatory pressure.

Risk categories teams map most often

ThemeExamples
Harmful BiasSkewed training data or evaluation gaps that affect protected classes
PrivacySensitive data in prompts, fine-tuning sets, or retrieval pipelines
SecurityModel theft, prompt injection, supply chain compromise of weights or containers
SafetyUnsafe outputs in physical or high-stakes domains

From AI RMF Playbook to Runtime Evidence

The AI RMF gives you the process model. It does not by itself install logging, discover shadow models, or correlate a misconfigured data store with a deployed inference endpoint. Teams still need technical visibility across cloud accounts, SaaS AI features, and model APIs.

When you evaluate tooling, compare how vendors map AI inventories to cloud context. A unified platform overview should explain coverage across configuration, workloads, identity, and data in one narrative.

AI-SPM and cloud security posture management address that layer when tooling aligns with your estate. How AI is Changing Cybersecurity explains why attackers automate across identity and data, and why defenses need correlated evidence instead of parallel spreadsheets for models and infrastructure.

How Orca Security Operationalizes AI RMF in the Cloud

Orca Security combines AI-SPM, CSPM, DSPM, CIEM, and workload visibility so teams can assemble inventory, blast-radius views, and monitoring-oriented artifacts that line up with Govern, Map, Measure, and Manage under NIST AI RMF. Orca provides technical building blocks, not a packaged AI RMF audit or turnkey compliance program. Whether exports and dashboards satisfy a formal assessment still depends on your evidence formats, retention rules, and the rest of your control environment.

Orca’s AI Security capability overview and AI-SPM pages describe discovery for models, pipelines, training datasets, and AI packages. Coverage follows Orca’s published detection scope for common frameworks, managed AI services, and package types rather than universal discovery of every artifact. Agentless collection depends on cloud APIs, snapshot and volume access, and the permissions you grant. Ephemeral workloads, purely in-memory state, or live-only signals may need the optional Orca Sensor to close gaps.

SideScanning™ reads block storage snapshots without agents, reconstructs file system views from persisted volume data in a virtual read-only image, and analyzes that view for risk, as documented on Orca’s SideScanning technology page. It avoids guest-CPU load on the workload, but snapshot and API activity can still create cloud-side cost or transient I/O your team should validate in a pilot. Data that never lands on durable block storage will not appear in that reconstruction.

Orca correlates those workload signals with cloud context from CSPM, DSPM, CIEM, IAM, and data sensitivity so AI-related findings sit next to infrastructure issues. How deep that linkage runs, for example from a model endpoint to a specific identity path or to a retrieval store, varies with integration surface and available telemetry. The optional Sensor and AI-SPM dashboards extend inventory and observation on the deployment model Orca publishes for each feature. Request-level prompt capture and richer live behavior generally assume the Sensor path and carry normal in-host footprint and privacy design work.

Frequently Asked Questions about NIST AI Risk Management Framework

How Is AI RMF Different From AI Governance?

AI governance is the broader organizational process for overseeing AI systems, policies, ethics, accountability, and regulatory alignment. The NIST AI Risk Management Framework (AI RMF) provides a structured methodology organizations can use to operationalize and measure AI risk management within those governance programs.

What Is the Difference Between the NIST AI RMF and the NIST Cybersecurity Framework (CSF)?

The AI RMF focuses specifically on risks introduced by AI systems, including harmful bias, model drift, unsafe outputs, explainability, and AI supply chain risk. The NIST Cybersecurity Framework (CSF) addresses broader cybersecurity risks across infrastructure, networks, identities, data, and incident response. Many organizations use the CSF as their enterprise security baseline while applying AI RMF as an overlay for AI-specific risks.

How Do Organizations Adopt the NIST AI RMF?

Most organizations begin by creating an inventory of AI systems, models, datasets, APIs, and vendors. From there, teams use Govern to establish policies and accountability, Map to document risks and use cases, Measure to evaluate models and controls, and Manage to monitor incidents, drift, and ongoing compliance. Adoption is typically iterative and expands over time as AI usage grows.

How Do Organizations Measure AI Risk Under AI RMF?

AI risk measurement combines technical testing with governance evidence. Organizations may evaluate accuracy, robustness, fairness, calibration, prompt injection exposure, data leakage risks, and runtime behavior while also documenting approvals, human oversight, and policy reviews. Results should be versioned and stored alongside model and deployment changes for auditability.

Does AI RMF Require Specific Security Tools?

No. AI RMF is technology-neutral and does not mandate specific vendors or products. Organizations typically combine governance processes with technical controls such as AI-SPM, DSPM, CIEM, runtime monitoring, logging, and cloud security tooling to operationalize the framework effectively.

Does AI RMF Apply to Third-Party or Vendor AI?

Yes. AI RMF applies whether organizations build models internally or consume third-party AI services. Organizations still remain responsible for understanding how vendors process data, how models are updated, what security controls exist, and how risks are monitored over time.

How Does Monitoring Fit Into the AI RMF?

Monitoring is a core part of the Measure and Manage functions. Organizations need continuous visibility into model drift, unsafe outputs, prompt injection attempts, access patterns, and data exposure risks after deployment. Monitoring also helps validate that controls remain effective as models, prompts, APIs, and training data evolve.

Why Are AI Security and Cloud Security Becoming Connected?

Most AI systems rely heavily on cloud infrastructure, APIs, SaaS integrations, identity systems, and large-scale data pipelines. As a result, AI risk increasingly overlaps with cloud misconfigurations, exposed storage, over-permissioned identities, and insecure workloads. Many organizations now integrate AI-SPM, CSPM, DSPM, and CIEM into unified AI security and governance programs.

What Are the Biggest Risks Organizations Face With AI Systems?

Common AI risks include harmful bias, prompt injection, data leakage, insecure APIs, model theft, unauthorized access, supply chain compromise, hallucinations, and insufficient monitoring of third-party AI services. The severity of these risks depends on how AI systems interact with sensitive data, users, and operational workflows.

Is the NIST AI RMF Mandatory?

No. The AI RMF is voluntary guidance rather than a mandatory regulation or certification framework. However, many organizations use it to demonstrate responsible AI governance, support audit readiness, and align internal controls with emerging regulatory expectations.