惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Blog — PlanetScale
Blog — PlanetScale
SecWiki News
SecWiki News
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
小众软件
小众软件
C
CERT Recently Published Vulnerability Notes
Jina AI
Jina AI
N
Netflix TechBlog - Medium
GbyAI
GbyAI
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
C
Cybersecurity and Infrastructure Security Agency CISA
I
Intezer
T
Tor Project blog
P
Palo Alto Networks Blog
P
Privacy & Cybersecurity Law Blog
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Proofpoint News Feed
T
Tailwind CSS Blog
C
Check Point Blog
Cloudbric
Cloudbric
Y
Y Combinator Blog
The Last Watchdog
The Last Watchdog
Forbes - Security
Forbes - Security
Last Week in AI
Last Week in AI
S
Security Affairs
博客园 - Franky
F
Fortinet All Blogs
量子位
M
MIT News - Artificial intelligence
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
V
Visual Studio Blog
AI
AI
美团技术团队
B
Blog RSS Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 三生石上(FineUI控件)
阮一峰的网络日志
阮一峰的网络日志
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
Microsoft Security Blog
Microsoft Security Blog
T
Threatpost
Cyberwarzone
Cyberwarzone

Lohrmann on Cybersecurity

On AI Ethics: Why Prompt Engineering Needs a Moral Compass AI at Work: Employees Aren’t Waiting for Permission AI, Mind Reading and Microchip Brain Implants The Global State of Technology Risk in 2026 The Mythos Race: Trump’s New EO and Glasswing’s Expansion No Longer Invisible: When Cyber Attacks Go Physical How New College Grads Can Succeed in an AI Economy Protecting People and Infrastructure: A 2026 World Cup Security Preview ‘CI Fortify’ Is the New Road Map for State and Local Resilience A Tale of Two States: The 2026 Cybersecurity Paradox The Great Stay: Why Tech Talent Is Choosing Stability Over Salary A History of Global Hacking — and Where It’s Going Next Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity Post-Quantum Cryptography: Moving From Awareness to Execution RSAC 2026 Highlights: From Agentic AI to Active Defense What Is Physical AI, and What Does It Mean for Government? New Federal Strategies, Rising Risk From Iran Top Cyber Themes Securing Critical Infrastructure in a Time of War From Michigan to Silicon Valley: A Conversation With Mohamad Yassine Defending Your Castle: Best Practices for Smart Home Security Your Smart Home Is Watching You: Privacy in the Age of AI Robots How Global Power Struggles Are Rewriting Cyber Defense After TikTok: Navigating the Complex Web of Foreign Tech Bans
Navigating NIST’s New Cybersecurity AI Frontier
https://www.govtech.com/authors/dan-lohrmann.html · 2026-07-05 · via Lohrmann on Cybersecurity

Over the past several years, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) (now at version 2.0) has been a primary framework used by federal, state and local governments and the private sector regarding best practices and actions needed to address system risk for cybersecurity programs across the country.

But recent developments in AI and quantum computing are changing the risk paradigm while redefining what steps must be taken by enterprises to address this new normal.

As Chuck Brooks recently wrote for Forbes, in what he calls “the acceleration era,” there is a need to focus on five strategic pillars to increase resilience and trust.

  1. Adaptive Risk Management
  2. Resilience via Design
  3. Trust-Centered Governance
  4. Crypto-Agility and Quantum Readiness
  5. Human Capital and Collaboration

NIST UPDATES AND ROAD MAP

There has been extensive work this spring to bring updates to NIST guidance. These updates are outlined in detail at this website, which focuses on its new “Cyber AI Profile” based on the CSF.

The website describes this new update this way:

“Discussions with many in the cybersecurity community strongly suggest that there would be value in developing guidance based on the CSF to address the cybersecurity risks related to AI development and use. Thus, NIST through the National Cybersecurity Center of Excellence (NCCoE) is considering developing a Community Profile that is based on the CSF for the domain of ‘cybersecurity of AI and AI for cybersecurity’ (a ‘Cyber AI Profile’).”

The diagram below shows the steps in the process and outlines the steps to come. Opportunities for public comment are included, and more drafts will be coming.

NIST Cyber AI Profile Roadmap.png

NIST CHANGES IN THE NEWS

The Federal News Network recently wrote this about the NIST Cyber Center process and changes to incorporate AI guidance:

“The National Institute of Standards and Technology expects to advance high profile standards work around a ‘Cyber AI Profile’ and securing artificial intelligence agents this summer, amid a flurry of federal activity aimed at addressing both the risks and opportunities for AI and cybersecurity.

“NIST’s National Cybersecurity Center of Excellence (NCCoE) is now running six distinct projects focused on the intersection of AI and cyber. But Cherilyn Pascoe, director of the NCCoE, said AI is popping up across the center’s work, which focuses on practical guidance to advance secure technologies in collaboration with government agencies, industry and academia.

“‘I think AI is going to be part, if not a leading part, of every project going forward at the center,’ Pascoe said in an interview. ‘It is becoming so foundational to cybersecurity.’

“Recent advancements in AI models like Anthropic’s Claude Mythos have shown the ability to quickly find software vulnerabilities and create cyber exploits much faster than humans.

“President Donald Trump earlier this month signed an executive order aimed at addressing those risks. The Cybersecurity and Infrastructure Security Agency subsequently released an AI-focused, governmentwide directive for agencies to prioritize the highest risk software vulnerabilities.”

In addition, NIST published this blog post with reflections from the second NIST Cyber AI Profile Workshop:

“During workshop discussions, participants expressed support for the development of the Cyber AI Profile and appreciated that it is filling gaps in much needed guidance. Participants emphasized the need for both enterprise risk management and implementation level resources, especially to benefit smaller organizations or organizations overwhelmed with addressing strategic adoption, integration, and use of AI (while continuing operational cybersecurity risk management activities). Below are some key themes we heard from participants during the workshop [see the blog post for more details on each item]:

  • Agentic AI: Agentic AI may require special considerations with respect to all three Focus Areas outlined in the Profile (and more agentic AI examples need to be included).
  • Longevity of Profile and Innovation: Participants requested that the Profile not include guidelines that are too specific.
  • Need for Consistent AI Taxonomy: Participants stated that the Cyber AI Profile is on track to provide a consistent, industry-agnostic AI taxonomy that will enable organizations across industries to communicate clearly about a wide range of AI topics.
  • Use Cases: Participants said that it would be helpful to include use cases (e.g., operational technology (OT) cybersecurity) and illustrative examples in the Profile.
  • Ideas for Enhancing the Usability of the Profile: Participants suggested creating a more flexible format for filtering the profile (i.e., workbook) as well as providing a machine-readable format and increasing the use of hyperlinks.
  • AI Governance and Accountability: AI governance remains top of mind and current approaches are varied.
  • Guidelines on Testing and Evaluation: Participants voiced a common challenge in testing and managing AI systems and tools. Performance metrics, certifications, and benchmarking were discussed as means to support AI system testing and evaluation.
  • Cybersecurity’s Role in Trustworthiness of AI Decisions: Participants highlighted how cybersecurity can help with challenges in adopting AI.
  • Transparency, Integrity, and Accountability: Participants mentioned that considerations in the Profile should highlight the need to enhance transparency and accountability to support cybersecurity objectives.
  • Continued Need for Human-in-the-Loop for Cybersecurity: Participants expressed that human-in-the-loop (HITL) processes and training remain critical at this time in AI adoption.”

This video also describes ongoing activities with NIST and AI.

FINAL THOUGHTS

There was always an expectation that the NIST CSF would evolve over time, as has been the case moving from the initial version to version 2.0.

However, developments in AI and quantum computing are accelerating the need for rapid updates and new thinking regarding risk mitigation.

Knowledge of, and participation in, these Cyber AI Profile working groups, as well as commenting on draft updates, is a good use of time for state and local government professionals who want to continue to stay current with relevant guidance and best practices.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.