The National Institute of Standards and Technology has released a draft companion to its Cybersecurity Framework, specifically addressing the cybersecurity challenges posed by artificial intelligence. This new profile outlines how organizations can manage AI-related security risks, enhance their cybersecurity defenses using AI, and prevent AI-driven cyberattacks. Barbara Cuthill, one of the authors of the profile, noted that organizations are increasingly encountering AI in various capacities, necessitating a comprehensive approach to all three focus areas: secure, defend, and thwart. The profile details AI-specific considerations for each component of the Cybersecurity Framework, covering critical areas such as intrusion detection and supply chain security. Organizations are invited to provide feedback on the draft by January 30, 2026, following a virtual workshop scheduled for January 14.
New data reveals that while large language models are advancing, they are falling short in critical security aspects. A report by Giskard, titled “Potential Harm Assessment & Risk Evaluation,” highlights that models from major companies like OpenAI, Anthropic, and Google are still vulnerable to known exploitation techniques. In particular, Anthropic’s Claude models are outperforming others, scoring 75% to 80% against jailbreaks and nearly perfectly in avoiding harmful content generation. Contrastingly, many other models, including those from Gemini and Deepseek, scored below 50% in similar assessments. This discrepancy suggests that attention to safety and security during development phases is crucial for effective performance.
Why do we care?
NIST didn’t publish this because AI is coming.
They published it because AI is already inside security systems—and nobody agrees on who’s in charge when it does something wrong.
We’ve crossed a line where tools don’t just surface alerts. They influence—or directly trigger—responses. That’s not automation. That’s delegated judgment.
Now combine that with the Giskard data.
Some models are clearly better behaved than others. But that doesn’t solve the core problem, because behavior isn’t the same as authority. A model can be safe 80% of the time and still cause a business-ending incident at exactly the wrong moment.
Here’s the dangerous MSP behavior to watch for:
Adopting AI-powered security controls because they’re “aligned to NIST,” without redefining escalation paths, customer consent, or liability boundaries.
That’s how you end up owning a decision you didn’t explicitly make.
This matters now because frameworks like this don’t stay theoretical. They become the yardstick. When insurers ask questions. When auditors show up. When a customer’s lawyer wants to know why a system acted the way it did.
AI doesn’t reduce responsibility.
It concentrates it.
And unless MSPs are deliberate about where that responsibility lives, they’ll find themselves holding risk they never priced—and never intended to carry.