Artificial Intelligence is becoming the great disrupter. And in privacy and cyber security its impact is especially acute. the National Institute of Science and Technology (“NIST”) has announced the process to develop a new cyber AI profile.

The NIST notes that:

• There is no consistent taxonomy or agreement on how AI advances inform organizations’ strategies for cybersecurity risk management.
• Cybersecurity professionals must strategically address emerging cybersecurity risks stemming from advancements in AI, even as they continue to manage ongoing
• These professionals would benefit from informed, neutral guidance and other resources to inform their strategies and help them to organize and prioritize their
• AI introduces new challenges with potentially major impacts regarding cybersecurity – but AI advances do not necessarily require fundamental changes to the way organizations address cybersecurity. Existing cybersecurity standards, frameworks, guides, and practices can still be effective when used individually and together if they are applied or modified to specifically address AI-related challenges as well as AI’s helpful capabilities.

The specific questions the NIST seeks to address are:

Scope:

• Is it appropriate to develop or modify existing cybersecurity-focused guidelines and resources to specifically address how AI advances change cybersecurity risks and opportunities?
• Is it appropriate to separately develop or modify existing AI-focused risk management guidelines and resources to specifically address cybersecurity considerations?
• Are we focusing on the right areas (securing AI system components, thwarting AI-enabled attacks, and leveraging AI in organizations’ cybersecurity approaches)?
• Are there any key areas missing that are at the intersection of cybersecurity and AI?
• Should AI design and implementation failures be included?

Cybersecurity Risks:

• What existing NIST guidance or best practices should be included to address the needs of various stakeholders?
• What gaps in NIST guidance exist that should be filled?

Multi-dimensional Views:

• Should NIST expand this effort to include demonstrating the relationship between cybersecurity and privacy of AI?
• In what ways might NIST better represent the relationship across its cybersecurity, privacy, and AI resources?

Related Efforts:

• What groups and activities should we connect with to inform our efforts?
• Are there emerging standards activities we should consider? If so, which ones?