Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has released a draft of its updated AI Risk Management Framework (AI RMF 2.0) for public comment. This major revision incorporates lessons learned from the rapid deployment of generative AI and addresses emerging threats like sophisticated prompt injection, model inversion, and data poisoning attacks. Key changes include mandatory guidance on creating and securing training data supply chains, new controls for continuous model testing and red-teaming, and a framework for assessing and mitigating 'societal-scale' risks from powerful foundation models. The framework aims to provide a standardized, voluntary guideline for organizations to govern the risks associated with AI systems throughout their lifecycle. Industry feedback is being solicited before the final version is expected to be published in late 2025, which will heavily influence future U.S. AI policy and regulation.