NIST Proposes New Cybersecurity Guidelines for AI Systems

The National Institute of Standards and Technology (NIST) has announced plans to issue a new set of cybersecurity guidelines aimed at safeguarding artificial intelligence (AI) systems, citing rising concerns over risks tied to generative models, predictive analytics, and autonomous agents.

The concept paper outlines a framework called Control Overlays for Securing AI Systems (COSAIS), which adapts existing federal cybersecurity standards (SP 800-53) to address unique vulnerabilities in AI. NIST said the overlays will provide practical, implementation-focused security measures for organizations deploying AI technologies, from large language models to predictive decision-making systems.

"AI systems introduce risks that are distinct from traditional software, particularly around model integrity, training data security, and potential misuse," according to the concept paper. "By leveraging familiar SP 800-53 controls, COSAIS offers a technical foundation that organizations can adapt to AI-specific threats."

The initial overlays will cover five categories of use: generative AI applications such as chatbots and image generators; predictive AI systems used in business and finance; single-agent and multi-agent AI systems designed for automation; and secure software development practices for AI developers. Each overlay will address risks to model training, deployment, and outputs, with a focus on protecting data confidentiality, integrity, and availability.

The effort builds on NIST's existing AI Risk Management Framework and related guidelines on adversarial machine learning and dual-use foundation models. COSAIS will also complement the agency's work on a Cybersecurity Framework Profile for AI, ensuring consistency across risk management approaches.

NIST is inviting feedback from AI developers, cybersecurity professionals, and industry groups on the draft, including whether the proposed use cases capture real-world adoption patterns and how the overlays should be prioritized. The agency plans to release a public draft of the first overlay in fiscal year 2026, alongside a stakeholder workshop.

Interested parties can share feedback via e-mail or through a Slack channel dedicated to the project.

For more information, visit the NIST site.

About the Author

John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].

Featured

  • Abstract neural network 3D illustration

    Intel® AI EmpowerED: The AI-Ready Campus, Delivered

    Artificial intelligence is transforming higher education, prompting institutions to rethink how they manage infrastructure, security, governance, and workforce readiness. Successful adoption requires a strategic, institution-wide approach that aligns AI initiatives with educational goals, faculty enablement, and scalable operational frameworks.

  • abstract data flow

    Google Intros New Gemini Enterprise Agent Platform

    Google Cloud has announced a new platform for building and managing enterprise AI agents, as the company seeks to turn its Gemini models and Vertex AI tooling into a broader system for automating business workflows.

  • silhouette of business person facing wall of data

    Why AI Strategy Belongs in the President's Office

    Institutions that are succeeding with AI share one thing in common, and it is not a better committee, a larger budget, or a more sophisticated technology stack. It is a president who never handed off the steering wheel.

  • Man types on laptop in data center

    Point-in-Time Restore Now Generally Available for Windows 11

    Microsoft has made point-in-time restore generally available for Windows 11, giving users and IT administrators a built-in way to roll back PCs after bad updates, driver problems, app corruption, or other issues.