Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has issued the 'AI Trust & Resilience Framework' (AITRF), establishing mandatory security and auditing requirements for AI systems used in critical infrastructure. Effective immediately for federal agencies and with a one-year grace period for private sector partners in energy, finance, and healthcare, the framework mandates several key practices. These include biannual third-party red teaming exercises, verifiable provenance for all training datasets, and continuous monitoring systems to detect and mitigate adversarial attacks, data poisoning, and significant model drift. Non-compliance will result in steep fines and potential loss of federal contracts. This policy shift represents the U.S. government's most significant step towards regulating AI safety and is expected to have a broad impact on how high-stakes AI systems are developed and deployed.