AI Decipher File · Published July 26, 2024; cited as the working US federal baseline thereafter
NIST AI 600-1 (July 2024): The Generative AI Risk Profile Every Builder Now Inherits
NIST AI 600-1 is the federal companion to the NIST AI Risk Management Framework that gives Applied AI teams a named, citable risk taxonomy for generative AI. Published by the National Institute of Standards and Technology on July 26, 2024, the profile identifies twelve categories of risk unique to or exacerbated by generative AI, maps each to the four AI RMF functions (GOVERN, MAP, MEASURE, MANAGE), and lists hundreds of suggested actions. Federal contractors, regulated industries, and enterprises operating under state AI laws now cite NIST AI 600-1 as the working compliance baseline.
Failure pattern
Federal risk-framework publication establishing the named taxonomy of generative AI risks
Organizations involved
National Institute of Standards and Technology (NIST), United States Department of Commerce
Incident summary
On July 26, 2024, NIST published AI 600-1: Artificial Intelligence Risk Management Framework, Generative Artificial Intelligence Profile. The publication was directed by Executive Order 14110 (October 30, 2023) and extends the parent NIST AI 100-1 Risk Management Framework with generative-AI-specific content. The profile is the first federal document to enumerate, name, and structure risk categories that previously circulated under varied vocabulary across the industry.
The publication identifies twelve risk categories. The named taxonomy is CBRN information (chemical, biological, radiological, nuclear); confabulation; dangerous, violent, or hateful content; data privacy; environmental impacts; harmful bias and homogenization; human-AI configuration; information integrity; information security; intellectual property; obscene, degrading, or abusive content; and value chain and component integration. Each category is defined, illustrated with examples, and mapped to suggested actions under the four AI RMF functions.
AI 600-1 is voluntary at the federal level but functions as a working baseline for regulated industries, federal contractors, and any enterprise operating under state AI laws that reference NIST. Colorado AI Act, California's generative-AI laws, and the EU AI Act all reference NIST framing in some form, which makes AI 600-1 the practical reference for compliance teams even where it is not directly mandated.
Failure technique
NIST AI 600-1 is not an incident in the failure-mode sense. It is the publication that names the failure modes practitioners had been describing in inconsistent vocabulary. Before AI 600-1, terms such as hallucination, jailbreak, prompt injection, and bias were used loosely. The profile fixes vocabulary and ties each named risk to actions a team can take during GOVERN, MAP, MEASURE, and MANAGE phases.
The risk taxonomy reflects what frontier labs and AI safety practitioners had been reporting in the public record. CBRN information risks emerged from the testing literature on whether large language models reduce the difficulty of producing weapons of mass destruction. Confabulation, a term NIST chose deliberately over the colloquial 'hallucination,' was tied to the cognitive-science term and clarified that the model is constructing plausible content rather than reporting facts. The vocabulary stabilization is the operational contribution.
The profile does not prescribe specific control implementations. It enumerates suggested actions and leaves implementation choice to the team. This design choice is intentional: NIST is producing a framework that fits regulated and unregulated industries alike, not a control catalog like NIST SP 800-53.
Impact and consequences
Direct compliance impact is concentrated in federal contractors and regulated industries. Several federal agencies have begun citing AI 600-1 in procurement language. State AI laws and enforcement guidance increasingly reference NIST framing, and AI governance teams at large enterprises now produce risk registers indexed against the twelve named categories.
Industry impact is the vocabulary stabilization itself. Risk registers, model cards, and incident-response playbooks now use the AI 600-1 names. Cross-team conversations between AI engineering, AI safety, AI governance, and AI compliance are faster because everyone refers to the same taxonomy.
Engineering impact is in the MEASURE function. The profile lists specific evaluation activities under MEASURE-2 that AI engineering teams now build into eval harnesses: red-team testing for the named categories, monitoring for drift in named risk categories, and documented evidence retention. Teams that wrote eval suites before AI 600-1 are retrofitting them to align.
Lessons for builders
Adopt the AI 600-1 risk vocabulary in internal documentation. Even if your industry is not federally regulated, the taxonomy is now the dominant working vocabulary across AI governance roles. Internal documents that use the same names are easier to audit and easier to hand off across teams.
Map your existing risk register to the AI 600-1 categories. The map exposes gaps and overlaps. Many teams discover that they have strong measurement against three or four categories and almost no documented activity against the rest.
Build evals against each named risk where applicable to your product. The MEASURE function lists evaluation actions for each category. An eval suite tied to AI 600-1 categories produces audit-ready evidence with minimal additional work.
Treat the GenAI Profile as living. NIST updates the underlying AI RMF and produces additional profiles over time. The team needs a documented process for tracking framework updates and applying them rather than freezing on the first version they implemented.
Mitigations
What builders should put in place to address the failure pattern. Each mitigation maps to operational practice the relevant Applied AI roles own.
- ›Adopt the AI 600-1 vocabulary in internal risk registers, model cards, and incident-response playbooks. Standard vocabulary is the cheapest interoperability win.
- ›Map every AI deployment to the twelve named risk categories. The map produces a documented matrix that is the basis for both internal governance and external audit response.
- ›Build evaluation suites tied to each named category that applies to your product. The MEASURE function in AI 600-1 lists the specific evaluation activities; building against those activities produces audit-ready evidence.
- ›Maintain a NIST framework version-tracking process. The framework is updated; your implementation should reference a specific version and have a documented re-adoption cadence.
- ›Document the GOVERN function explicitly. AI 600-1 places significant weight on governance documentation including roles, escalation paths, and approval gates. Teams that ship the GOVERN documentation early are faster through subsequent functions.
- ›Train the cross-functional team on the framework. Product, engineering, legal, security, and operations need a shared understanding of which categories apply to their work and which controls they own.
Related Applied AI roles
The Applied AI roles whose day-to-day work would have prevented, detected, or contained this incident.
Related AI Decipher Files
Frequently asked questions
What is NIST AI 600-1?
NIST AI 600-1 is the Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, published by the National Institute of Standards and Technology in July 2024. The profile extends the parent NIST AI 100-1 framework with generative-AI-specific risk categories, suggested actions across the GOVERN, MAP, MEASURE, MANAGE functions, and a stabilized vocabulary for AI risk discussion.
Is NIST AI 600-1 mandatory?
Voluntary at the federal level but referenced by federal procurement language, state AI laws (Colorado AI Act, California generative-AI laws), and the EU AI Act framing. In practice, federal contractors, regulated industries, and enterprises operating under state AI laws treat AI 600-1 as the working compliance baseline even where it is not directly required.
What are the twelve risk categories named in AI 600-1?
CBRN information; confabulation; dangerous, violent, or hateful content; data privacy; environmental impacts; harmful bias and homogenization; human-AI configuration; information integrity; information security; intellectual property; obscene, degrading, or abusive content; and value chain and component integration. Each is defined and mapped to suggested actions in the primary publication.
How does NIST AI 600-1 relate to the EU AI Act?
The two are complementary but not equivalent. The EU AI Act is a binding regulation with risk tiers, conformity assessments, and penalties. NIST AI 600-1 is a voluntary US risk framework providing taxonomy and suggested actions. Many enterprises operating in both jurisdictions use AI 600-1 as the working risk vocabulary while satisfying EU AI Act obligations through the conformity-assessment route.
Which Applied AI roles implement NIST AI 600-1 controls?
AI Governance Lead owns the framework adoption decision and the risk register. AI Compliance Officer maps suggested actions to internal controls and prepares audit evidence. AI Risk Analyst maintains the residual-risk documentation. Responsible AI Engineer builds evaluation suites against the named risk categories.
Sources
- NIST AI 600-1: 'Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile' (NIST, July 2024). Primary publication PDF.
- NIST AI Risk Management Framework hub (parent framework, NIST AI 100-1, plus profile catalog)
- Executive Order 14110: Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the executive order that directed NIST to develop the GenAI Profile)
- NIST AI 100-1: AI Risk Management Framework 1.0 (parent framework the GenAI Profile extends)
DecipherU is not affiliated with, endorsed by, or sponsored by any company listed in this directory. Information compiled from publicly available sources for educational purposes.
Where to go next
Three next steps depending on where you are. The first two are free.
Free · 2 minutes
Start with the AI Risk Score
Two minutes. Tells you how exposed your current role is to AI automation and which defensive moves carry the best return.
Start the AI Risk Score →Paid program · $147-$597
Aligned course: SOC Analyst Fundamentals
Capstone reviewed by the founder, published rubric, Ed25519-signed verifiable credential on completion.
View the course →Free account
Save your results and track progress
A free account stores your assessments, recommendations, and an exportable copy of your Career DNA. No card needed.
Create your account →Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
By subscribing you agree to our privacy policy. Unsubscribe anytime.