NIST AI 600-1 — Generative AI Profile

NIST AI 600-1 (Generative AI Profile, July 2024) extends the NIST AI RMF to address GenAI-specific risks. It maps risk categories to AI RMF Govern/Map/Measure/Manage functions and provides guidance on:

• Prompt injection — both direct (user-provided) and indirect (via external content)
• Data poisoning — training and fine-tuning data integrity
• Model extraction — intellectual property protection

Status (Q1 2026)

NIST AI 600-1 is unchanged as of Q1 2026. The publication remains at its July 2024 state. No updates or agentic AI extension has been announced.

Key gap: AI 600-1 addresses GenAI risks but does not extend to agentic AI. NIST’s CAISI initiative (February 2026) is the first signal that agentic AI guidance will follow, but no companion “Agentic AI Profile” has been announced or scheduled.

Companion Publications (Q1 2026)

• NIST IR 8605A (January 8, 2026) — COSAiS annotated outline for predictive AI control overlays; adapts SP 800-53 controls for AI; generative and agentic AI overlays planned but unscheduled
• NIST AI 800-4 (March 6, 2026) — first federal report mapping gaps in post-deployment AI monitoring; six monitoring categories with human factors as biggest blind spot

See Also

• NIST AI Risk Management Framework (AI RMF) — parent framework
• NIST — publisher
• Agentic AI Security Capability Maturity Model — A 2026 Practical Proposal — AI 600-1 §2.4 (Data privacy) → D6; §2.5 (CBRN) / §2.7 (Confabulation) → D4 + D9; §2.8 (Information integrity) → D6; §2.10 (Excessive Agency) → D3; §2.11 (Information Security / exfil) → D5; §2.12 (Value Chain Integration) → D8