NIST Releases AI Risk Management Framework 1.0

The US National Institute of Standards and technology (NIXTY) has released the first version of its risk management framework for artificial intelligence (AI). The guidance will be voluntary. Artificial Intelligence Risk Management Framework (AI RMF 1.0) has been created to be useful to organizations of all sizes and in all sectors. NIST will accept comments through the end of February.

Note

• We are not ready for a world with AI yet, but I’m very happy to see NIST working on how we can start to look at the risk around AI. One of the fallacies we have as humans can be to take a non-critical thinking approach to what the machines are outputting. Before we become super awed, we should have a skeptical look at the output to validate that what it is emitting is of good quality. Give this a look through, as you will likely see many security vendors attempting to hook things into AI-based systems to augment the work.
• While we all get that AI is a learning environment, changing as it goes, what we may miss is that environment or social changes ingested by the system can cause unexpected outcomes. This guidance is intended to help govern and normalize that behavior, as well as address risks of AI systems in practice. NIST is taking feedback on the framework email [email protected]
• Certainly timely. However, one wonders how much “govern, map, measure and manage” helps, since these require experience and skill which few organizations enjoy. Users should keep in mind that AI is a tool, neutral, not magic, but which may invite abuse and misuse. The role of users is to identify the applications, formulate the questions and tasks, evaluate and use the results.

Read more in

• NIST Risk Management Framework Aims to Improve Trustworthiness of Artificial Intelligence
• Artificial Intelligence Risk Management Framework (AI RMF 1.0 (PDF)
• AI RISK MANAGEMENT FRAMEWORK
• NIST Debuts Long-Anticipated AI Risk Management Framework