ESProfiler now supports the NIST AI Risk Management Framework (RMF)

AI is embedded everywhere now — in your detection stack, your customer-facing apps, your supplier base, even your own engineers' workflows. The risk surface has changed, boards know it, and regulators are catching up fast. As of today, ESProfiler customers can map their entire security stack against NIST's flagship AI risk framework in a matter of minutes.

What is the NIST AI RMF?

Released by NIST in January 2023, the AI Risk Management Framework (AI RMF 1.0) is a voluntary framework for managing risks to individuals, organisations, and society from artificial intelligence systems. It has quickly become the de-facto baseline for AI governance — referenced by US executive orders, EU AI Act crosswalks, and the AI risk policies of most enterprises we talk to.

The Framework Core organises AI risk management into four continuous functions:

Govern — culture, policy, accountability
Map — context, AI system categorisation, risk identification
Measure — analysis, assessment, ongoing tracking
Manage — prioritisation, response, recovery

Underneath those sit seven characteristics of trustworthy AI: valid and reliable, safe, secure and resilient, accountable and transparent, explainable, privacy-enhanced, and fair with harmful bias managed.

NIST has continued to expand the framework with the Generative AI Profile (July 2024) and the new Trustworthy AI in Critical Infrastructure profile (April 2026) — both already mapped inside ESProfiler.

Why it matters for you

For security and risk teams, the AI RMF turns "are we doing AI safely?" from a vibes question into a measurable one. In practice that means:

A shared framework to align security, legal, data science, and the board
A defensible answer to regulators asking how AI risk is governed
A structured way to evaluate the AI inside your tools — not just AI you build

That last point is the one most teams underestimate. Your SIEM, EDR, fraud platform, and ticketing system all ship AI features now. The AI RMF is how you assess them on the same scale.

Map your stack in minutes — and see exactly where you stand

Mapping a security stack to a new framework by hand is usually a multi-week spreadsheet exercise. In ESProfiler, it isn't.

The AI RMF is now live alongside MITRE ATT&CK, MITRE F3, NIST CSF, and every other framework in the platform. Point ESProfiler at your existing tools and you'll see:

Coverage in minutes, not weeks — your stack mapped automatically across Govern, Map, Measure, and Manage
Gaps at a glance — the AI risk categories no tool in your environment addresses, surfaced and prioritised
Overlaps you're paying for twice — controls duplicated across vendors, ranked by spend

The same engine our customers use to rationalise their cyber stacks now does the same job through NIST's AI risk lens, in a single view.

Get started

If you're an existing customer, the AI RMF is already live in your tenant — open the Frameworks view to start mapping.

If you're not, book a demo and we'll show you your AI risk coverage gaps in the time it usually takes to schedule the kickoff meeting.