Overview
Severity: MEDIUM | Affected: US AI Industry | Category: policy
The White House has issued an executive order establishing the National AI Security and Testing (NAIST) Framework. This new policy mandates that companies developing or deploying AI in critical infrastructure sectors—including finance, energy, and healthcare—undergo rigorous, independent third-party security audits. The framework, to be administered by NIST and CISA, aims to standardize AI safety and security evaluations, covering model robustness, data privacy, and resilience against adversarial attacks. It introduces a 'secure by design' principle for AI and establishes a clear liability structure for damages caused by foreseeable security failures. While praised by safety advocates for creating accountability, some industry groups have raised concerns about potential compliance overhead and impacts on innovation speed. The initial standards under the NAIST framework are expected to be released for public comment within 90 days.