Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has officially launched version 2.0 of its influential AI Risk Management Framework (AI RMF). This major update introduces actionable controls and specific guidance for securing the entire AI development lifecycle, from data sourcing to model deployment and decommissioning. A key addition is the formalization of a 'Model Bill of Materials' (MBOM), a concept adapted from software supply chain security. The MBOM is designed to provide transparency into a model's training data, architectural dependencies, and pre-trained components, helping organizations identify and mitigate risks from upstream vulnerabilities. While voluntary, the AI RMF 2.0 is expected to set a new industry benchmark for secure and trustworthy AI development, influencing both corporate governance and future regulatory standards.