NIST IR 8596 Cyber AI Profile
NIST IR 8596 is an Initial Public Draft (published 16 December 2025; comment period closed 30 January 2026) that frames the AI–cybersecurity intersection as a profile of the NIST Cybersecurity Framework 2.0 (CSF 2.0). It organizes its guidance using the CSF 2.0 Core outcomes — Functions, Categories, and Subcategories — rather than defining a maturity model or a levels-of-autonomy ladder.
Three focus areas
The profile partitions the field into three focus areas, each mapping cleanly onto one of the wiki’s scope axes:
| Focus area | Verbatim title | Scope axis |
|---|---|---|
| Secure | ”Securing AI System Components” | sec-of-ai |
| Defend | ”Conducting AI-Enabled Cyber Defense” | ai-in-sec-defense |
| Thwart | ”Thwarting AI-enabled Cyber Attacks” | sec-against-ai |
The three-way split is itself useful: it is the same defender-side taxonomy the wiki uses, arriving from a U.S. federal standards body. The Defend focus area is the normative anchor for the agentic SOC — AI-enabled detection, triage, and response.
Relevance to the agentic SOC
IR 8596 is a crosswalk target, not a competing maturity model. Because it carries no maturity tiers or autonomy levels, it complements the autonomy-ladder prior art rather than overlapping it: the ladders supply the graded progression, while IR 8596 supplies CSF-anchored outcome statements an agentic-SOC capability model can map its domains against. This mirrors how the Agentic AI Security CMM crosswalks to external standards rather than restating them.
Verification note
Single-source extraction from the draft landing page
This page is built from one primary source: the IR 8596 Initial Public Draft landing page. The focus-area titles, the CSF 2.0 organization, the absence of maturity or autonomy tiers, and the publication dates were read from it. Subcategory-level detail, including any per-Subcategory prioritization scheme and the specific treatment of agentic, multi-agent defense, was not extracted and must be confirmed against the full draft before it is cited.
Relations
- Profiles the NIST Cybersecurity Framework 2.0 (CSF 2.0).
- The “Defend” focus area is the normative scaffolding referenced by Agentic SOC Autonomy Ladders.
- Grounds the standards-crosswalk layer of the planned agentic-SOC maturity model in Agentic SOC State of the Field.