For years, US cybersecurity guidance rested on a reassuring premise: New technologies introduce new wrinkles, but not fundamentally new problems. Artificial intelligence, according to that view, is still software, just faster, more complex, and more powerful. The controls that protect traditional systems, the thinking went, can largely be adapted to protect AI, too. That assumption surfaced at a recent National Institute of Standards and Technology (NIST) workshop on AI and cybersecurity. “AI systems in many ways are just smart software, fancy software with a little bit extra,” Victoria Pillitteri, supervisory computer scientist in the Computer Security Division at NIST, told attendees as she summarized that long-standing view. “That means we can leverage the robust body of [cybersecurity] knowledge that already exists with some modifications, with some considerations, but we do not and should not start from scratch,” she added.

Full report : Emerging NIST guidance suggests that the long-standing practice of treating AI as “just software” for cybersecurity purposes is giving way to more novel approaches to managing AI risks.