NIST AI 600-1 — Generative AI Profile
NIST AI 600-1 (Generative AI Profile, July 2024) extends the NIST AI RMF to address GenAI-specific risks. It maps risk categories to AI RMF Govern/Map/Measure/Manage functions and provides guidance on:
- Prompt injection: both direct (user-provided) and indirect (via external content)
- Data poisoning: training and fine-tuning data integrity
- Model extraction: intellectual property protection
Status (Q1 2026)
NIST AI 600-1 is unchanged as of Q1 2026. The publication remains at its July 2024 state. No updates or agentic AI extension has been announced.
Key gap: AI 600-1 addresses GenAI risks but does not extend to agentic AI. NIST’s CAISI initiative (February 2026) is the first signal that agentic AI guidance will follow, though no companion “Agentic AI Profile” has been announced or scheduled.
Companion Publications (Q1 2026)
- NIST IR 8605A (January 8, 2026): COSAiS annotated outline for predictive AI control overlays; adapts SP 800-53 controls for AI; generative and agentic AI overlays planned but unscheduled
- NIST AI 800-4 (March 6, 2026): first federal report mapping gaps in post-deployment AI monitoring; six monitoring categories with human factors as biggest blind spot
See Also
- NIST AI Risk Management Framework (AI RMF) — parent framework
- NIST — publisher
- Agentic AI Security Capability Maturity Model — AI 600-1 §2.4 (Data Privacy) → D6; §2.1 (CBRN Information) → D4; §2.2 (Confabulation) → D4; §2.7 (Human-AI Configuration) → D9; §2.8 (Information Integrity) → D6/D7; §2.9 (Information Security / exfil) → D5; §2.12 (Value Chain and Component Integration) → D8. Risk-category numbering and per-domain anchors verified clause-level in the NIST AI RMF review (2026-Q2).