Cyber Security Frameworks Demystified Part 14 - The NIST AI Risk Management Framework (AI RMF)

Show Notes

In this episode, we debate about the NIST AI Risk Management Framework (AI RMF), how it provides a structured approach to governing, mapping, measuring and managing the unique risks of artificial intelligence across its entire lifecycle and why it is essential for building AI systems that are secure, fair, transparent, resilient and accountable - helping organisations prevent bias, reduce security and privacy risks and maintain trust in an increasingly AI-driven world. 

Duration: 0:18:24

Visit https://www.wecyberyou.com for more cyber security education, resources and awareness content like this. 

Thank you for listening. 
WeCyberYou! Team

Like and follow us to be notified when a new episode is released on this channel.

Transcript

SPEAKER_02 0:00

Welcome to the debate airing here on the We Cyber You Unlocked podcast. You know, when we talk about engineering something really complex, let's say um a suspension bridge.

SPEAKER_00 0:13

Okay.

SPEAKER_02 0:14

There is this comforting predictability to it. Right? You calculate the tenson strength of the steel, you pour the concrete, you account for wind resistance, and well the physics cooperate.

SPEAKER_00 0:26

Yeah, the rules are static.

SPEAKER_02 0:28

Exactly. The rules are static. But when you step into the world of artificial intelligence, it is like trying to build a bridge out of living materials. Oh wow. Right? A bridge that fundamentally changes its structure depending on who is driving over it, uh, what the weather is like, and what it learned from the traffic yesterday.

SPEAKER_00 0:48

That is a fascinating way to picture it. And honestly, it is a terrifying bridge to drive across.

SPEAKER_02 0:55

Very terrifying.

SPEAKER_00 0:56

Because, you know, with traditional software, a bug is usually a definitive failure in the code. You find it, you patch it. But with AI, the system can be functioning exactly as designed, yet still produce an outcome that is completely unpredictable, biased, or uh highly insecure.

SPEAKER_02 1:16

Yeah, and yet companies are rushing to build these bridges faster than ever. So that is why today we are debating the National Institute of Standards and Technology's AI Risk Management Framework, the AIRMF. Right. The big question is you know, is a purely voluntary set of guidelines enough to keep that bridge from collapsing under the weight of automated fraud, systemic bias, and adversarial attacks?

SPEAKER_00 1:43

Or does the incredibly severe nature of these new AI threats demand binding, mandatory requirements? Because when we are talking about risks that impact society and fundamental trust, well, good intentions are rarely enough.

SPEAKER_02 1:59

I will be arguing that the framework's flexible, continuous life cycle approach is actually the most practical and effective blueprint we have for navigating these unpredictable risks.

SPEAKER_00 2:10

And I will argue that while it is a brilliant diagnostic tool, an explicitly voluntary framework lacking any enforcement power just cannot effectively counteract the dangerous build fast and deploy culture currently driving the industry.

SPEAKER_02 2:25

Before we dive into the deep end of AI governance, uh we want to ask our audience to follow the channel and visit weCyberU.com for more content exploring the critical intersection of technology and security.

SPEAKER_00 2:38

We definitely have a lot to unpack today.

SPEAKER_02 2:40

We do. So I will start by laying out my perspective. I view the NIST framework not as a silver bullet, but as an incredibly pragmatic blueprint for trustworthy AI.

SPEAKER_00 2:51

Pragmatic, okay.

SPEAKER_02 2:52

Yeah, because it correctly identifies that AI risks extend far beyond traditional IT. It treats AI as a complete paradigm shift. And the core of this approach is built on four interconnected functions govern, map, measure, and manage. Right. These are not a checklist you complete once for a compliance audit. They form a continuous loop across the entire life cycle of the model. My stance is that because AI risks are inherently unpredictable and constantly evolving, any rigid mandatory certification standard would just become obsolete the moment it was printed. I see. A flexible approach is really the only viable path.

SPEAKER_00 3:32

Well, I come at it from a different way. I agree completely with the severity of the risks we are facing. We are talking about lack of transparency in black box models, bias and automated decisions, and you know, the weaponization of AI for deepfakes.

SPEAKER_02 3:46

Yeah, the stakes are high.

SPEAKER_00 3:48

Exactly. We are protecting people, not just servers. But calling a voluntary framework the ultimate blueprint feels um a bit overly optimistic to me.

SPEAKER_02 4:01

How so?

SPEAKER_00 4:02

Because without binding requirements, this framework relies entirely on the goodwill of corporations. And right now, corporations are in an arms race. Billions of dollars are at stake. I mean, it is a well-designed map, but it does not ensure anyone actually follows it when the pressure is on.

SPEAKER_02 4:20

I get why you think that, but let's look at how governance actually operates inside a mature organization. It isn't just about goodwill, it is about systemic integration. Okay. The first function of the framework is govern. This establishes the organizational culture, risk tolerance, and leadership commitment. Now, the framework is designed to sit right on top of existing highly respected corporate standards. Like what? Like ISO 31,000 for general risk management and ISO 27,001 for information security.

SPEAKER_00 4:50

Right, the traditional compliance plumbing of a large corporation.

SPEAKER_02 4:54

Exactly. Organizations are already legally and financially motivated to uphold those ISO standards. They have entire teams dedicated to them. By integrating the AI RMF directly into that existing plumbing, you ensure AI is managed intentionally at the executive level. It leverages the risk management structures that companies already take very seriously.

SPEAKER_00 5:16

But executives can't govern what they can't see. And that leads to my biggest fear about this framework. How do you govern active malicious threats against a system you don't fully understand?

SPEAKER_02 5:28

Well, I mean, we aren't just talking about hackers guessing passwords anymore. We are facing entirely new attack services. Take model poisoning, for example.

SPEAKER_00 5:37

Right, the corruption of the training data itself. Exactly. Imagine a threat actor subtly changing a few pixels in thousands of pictures of stop signs in a training data set.

SPEAKER_02 5:47

Yeah.

SPEAKER_00 5:47

To a human looking at the data, it still looks like a stop sign. But to an autonomous vehicle's AI, that poison data makes the stop sign look like a green light.

SPEAKER_02 5:57

It is an adversarial attack, yeah.

SPEAKER_00 5:59

Right. If the risks involve sophisticated adversaries actively exploiting the blind spots of a neural network, does a reliance on a company's voluntary leadership commitment guarantee safety? I mean When a company is racing to get a generative AI product to market, voluntary governance is often the first thing compromised for speed.

SPEAKER_02 6:18

That is a compelling scenario, I'll give you that. But it actually highlights why mandatory certification fails. Think about the difference between traditional software and artificial intelligence. Okay. Traditional software is like a cookbook. If you follow the steps, you get the cake. If the cake tastes terrible, you just go back, find the typo and the recipe, and fix it. You can certify a cookbook. Right. The logic is linear and transparent. But AI is much more like raising a child. You can teach a child the rules, you can expose them to good environments, but you cannot guarantee exactly how they will behave on the playground next Tuesday. That's a fair point. When you have adversarial attacks, like your stop sign example, the AI is learning and reacting to new, malicious inputs in real time. If you impose strict mandatory certification processes, you force a company to lock their model into a specific state, just to pass the audit. The moment the model encounters a novel adversarial attack in the real world, that static certification is utterly meaningless. The flexibility of the NIST framework allows a company's governance to evolve at the speed of the actual threat.

SPEAKER_00 7:29

Raising a child is a great analogy, but let's push that further. If AI is like a child, you can't always measure their exact thought process. And that brings us to the measure and manage functions of the framework. Right. The framework asks organizations to evaluate these abstract risks, like fairness, reliability, and accuracy, and then manage them. But how do you actually measure a risk hidden inside a black box neural network?

SPEAKER_02 7:57

Well, you don't necessarily measure the internal pathways, the neurons of the model, because, as you said, it is a black box. You measure the outcomes, you measure the outputs under highly controlled conditions. Walk me through what that looks like in practice. Sure. Let's use a real-world scenario. A bank using AI for fraud detection. The framework explicitly guides them. First, they map the system. They identify that the AI will make decisions about freezing customer accounts. And the risk there is false positives. Exactly. Flagging innocent people as criminals. Next, they measure. To test for demographic bias, they don't look at the code. They feed the AI thousands of simulated customer profiles. Okay. They hold variables like income and transaction history constant, but change the demographic data. If the AI flags group B significantly more often than group A under the exact same financial conditions, well, you have mathematically measured the bias.

SPEAKER_00 8:55

Okay, so they have measured the bias. The diagnostic tool worked. But here's where the voluntary nature falls apart for me. How so? Let's shift the stakes to something even more severe, like a mortgage approval algorithm. If an AI denies you a mortgage because of a flawed bias data set, you don't care if the bank had a beautifully flexible governance framework. Well, no, of course not. You care that there was no legal requirement to audit that algorithm before it ruined your financial plans.

SPEAKER_02 9:25

But the framework tells them to move to the fourth function: manage. Once they measure the bias, they adjust the model thresholds or mandate human review for those decisions.

SPEAKER_00 9:35

If they choose to, that is my point. Mitigating these risks requires a massive continuous investment of time and engineering resources. Right. Because it is voluntary, companies might map the risks, acknowledging that their system could produce biased outcomes, but completely fail to manage them if doing so delays their launch. Measuring a problem doesn't fix it if the management phase is optional.

SPEAKER_02 10:00

I am not convinced by that line of reasoning because you are assuming organizations operate in a vacuum completely devoid of any market pressures.

SPEAKER_00 10:08

Market pressures?

SPEAKER_02 10:09

Yes. A bank is fundamentally motivated to fix a biased mortgage algorithm. Why? Because a system that arbitrarily denies qualified borrowers is a terrible product. It loses the bank money.

SPEAKER_00 10:21

I mean, sure, in that specific case.

SPEAKER_02 10:24

If they launch a fraud detection system that constantly freezes the accounts of legitimate customers, they will face a public relations nightmare and customer churn. The market punishes bad AI. The NIST framework provides the exact operational steps, map, measure, manage, to ensure the product actually works safely.

SPEAKER_00 10:43

I'm sorry, but I just don't buy that the market alone will punish bad AI quickly enough to prevent widespread harm. Yes, a bad fraud detection system hurts the bank's bottom line, but what about a social media algorithm optimized for user engagement? Okay, let's talk about that. Let's say that algorithm inadvertently promotes dangerous manipulation or highly convincing deepfakes. In that case, the harm actually drives user engagement, and engagement drives advertising revenue. You are saying the financial incentive points in the wrong direction. Exactly. The company has a massive financial disincentive to manage that risk. If an AI systematically discriminates against a marginalized group, the company might not feel the financial pain of that bias for years, if ever. But the individuals whose lives are impacted feel the pain immediately. By turning abstract risks into measurable insights without actually requiring the company to act on them, the framework essentially gives organizations a structured way to document their own negligence.

SPEAKER_01 11:52

Wow, that is a very cynical view of how these engineering teams operate.

SPEAKER_02 11:58

I think it's realistic. We are in a world of rapid adoption, surrounded by growing public concern. Definitely. By requiring continuous monitoring across the entire life cycle, design, training, testing, deployment, it forces organizations to abandon that reckless build fast and deploy model.

SPEAKER_00 12:26

But how does a voluntary framework force anything?

SPEAKER_02 12:29

By changing the culture from the inside out. When you give developers, data scientists, and internal risk officers a standardized shared vocabulary, words like safe, secure, fair, transparent, and accountable, you empower them.

SPEAKER_00 12:45

Okay.

SPEAKER_02 12:46

You give the internal risk officer the ammunition they need to walk into the CEO's office and say, according to the NIST framework, our measurement metrics show this model is not ready for deployment. It creates internal friction against recklessness.

SPEAKER_00 13:01

I don't disagree that it serves as an excellent diagnostic tool. It illuminates the path, and yes, it gives internal risk officers a vocabulary to articulate why a system is flawed. Exactly. But illuminating the path does not ensure that the CEO actually decides to walk it. You just mentioned the growing public concern. That public pressure exists exactly because everyday people recognize that voluntary measures are not enough to protect them from things like deep fakes, automated fraud, or biased hiring algorithms.

SPEAKER_02 13:29

But you can't regulate what you don't understand.

SPEAKER_00 13:31

And I completely agree with that. The framework does a phenomenal job of categorizing what trustworthy AI actually looks like. It is a brilliant piece of engineering philosophy. Right. But in an environment where we have tech giants openly racing to achieve artificial general intelligence, relying on a voluntary framework to single-handedly solve the industry's rush to market is dangerous. Diagnosing a disease does not cure it if the medicine is strictly optional. I hear what you were saying. It is a necessary first step, but it absolutely cannot be the final destination.

SPEAKER_02 14:04

I would argue that a universally accepted diagnostic tool is the absolute prerequisite for any effective regulation anyway.

SPEAKER_00 14:11

Okay, go on.

SPEAKER_02 14:12

If regulators try to enforce mandatory standards without a flexible blueprint like the AIRMF, already established and tested by the industry, what happens? They write bad laws. Exactly. They end up writing rigid laws that completely misunderstand the technology. They mandate audits that look at the code instead of the outcomes. The NIST guidelines establish what good looks like first. Right. They acknowledge that privacy risks, for example, might emerge months after a model is deployed based on new unforeseen data inputs. You need a living framework to handle a living technology.

SPEAKER_00 14:47

True. Corally written laws can be rigid and counterproductive. But we are facing a reality where AI systems are actively making decisions about healthcare triage, criminal justice sentencing, and financial stability today, not in 10 years, today.

SPEAKER_02 15:01

Yeah, the timeline is tight.

SPEAKER_00 15:03

If a framework only recommends minimizing harm but lacks the enforcement authority to demand it, we are leaving the most vulnerable populations exposed to those black box decisions. A lack of transparency in how a neural network weighs variables is a fascinating technical problem for the engineer. Right. But it is a civil rights problem for the citizen. We desperately need the comprehensive mapping and measuring that this framework provides, but we need it backed by binding legal obligations to manage those risks before the models are released into the wild.

SPEAKER_02 15:46

Let's summarize where we stand on this incredibly complex issue.

SPEAKER_00 15:49

Sounds good.

SPEAKER_02 15:50

My position remains that the NIST AI risk management framework, through its continuous loop of govern, map, measure, and manage, represents a massive and necessary evolution in how we handle risk. Because AI introduces unpredictable vulnerabilities that evolve long after deployment, a flexible, adaptable blueprint is far more effective at keeping systems secure than any static, mandatory certification could be.

SPEAKER_00 16:20

And my stance is that while the framework masterfully identifies the mechanics of these severe risks, from adversarial attacks to systemic bias, its non-mandatory nature limits its actual impact.

SPEAKER_01 16:35

Right.

SPEAKER_00 16:35

When the stakes involve fundamental fairness and societal trust, we simply cannot rely on corporate self-regulation to counter the massive financial incentives driving the AI arms race. We need binding constraints.

SPEAKER_02 16:48

Despite our different perspectives on enforcement, it is clear we have significant areas of convergence. We both fully agree that AI introduces unprecedented risks that make traditional IT security look incredibly simple by comparison. Oh, absolutely. The threats of model exploitation and complex societal impacts require entirely new ways of thinking.

SPEAKER_00 17:11

Spot on. And I think we also firmly agree that traditional risk management, the idea of treating security as a one-time compliance checklist, is completely dead. When it comes to AI, risk management has to be an ongoing, continuous process throughout the entire lifespan of the system.

SPEAKER_02 17:28

Yeah, it really does. As regulatory pressures increase globally, the true test will be how organizations choose to implement this blueprint in the real world. There is so much more to explore in the evolving landscape of AI governance, and we will undoubtedly be revisiting this topic as the technology continues to advance. Without a doubt. It brings us right back to that living bridge we talked about at the beginning. We are starting to understand how to build the foundation, but we are still figuring out how to keep it stable while the structure itself is constantly learning, shifting, and reacting to the environment.

SPEAKER_00 17:59

And the traffic on that bridge is getting heavier and moving faster every single day.

SPEAKER_02 18:04

A perfect way to leave it. You are listening to the WeCyber You Unlocked podcast. We want to thank our audience for joining us for this intellectual exchange.

SPEAKER_00 18:11

Thanks for listening, everyone.

SPEAKER_02 18:13

Please make sure to follow the channel and visit WeCyberU.com to dive deeper into multiple perspectives on critical security material. Until next time, keep questioning, keep analyzing, and keep exploring the complexities of our digital world.