Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ayliea.com/llms.txt

Use this file to discover all available pages before exploring further.

NIST AI 600-1 — Generative AI Profile

The NIST Generative AI Profile (NIST AI 600-1, July 2024) extends the AI RMF core with specific guidance for generative AI systems. While the foundational AI RMF applies broadly across AI categories, the GAI Profile dives into the 12 risks that are unique to or amplified by generative AI — confabulation, CBRN information access, value-chain integrity, data privacy, and more. The GAI Profile is the right framework when your organization deploys generative AI (chatbots, copilots, content generation, code generation, document analysis) and needs a structured way to address risks specific to that class of system.
The GAI Profile complements rather than replaces the AI RMF. Most organizations using generative AI should run both: AI RMF for the lifecycle structure, AI 600-1 for the GAI-specific risk patterns.

What this framework covers

The assessment is organized around the 12 GAI-specific risks defined in the NIST publication, with actions drawn from the NIST AI 600-1 action catalog mapped to AI RMF Govern, Map, Measure, and Manage functions.
Eased access to or synthesis of materially nefarious information or design capabilities related to chemical, biological, radiological, or nuclear (CBRN) weapons or other dangerous materials or agents.
The production of confidently stated but erroneous or false content by which users may be misled or deceived.
GAI systems producing dangerous, violent, hateful, or otherwise harmful content.
Generative AI systems handling personal data, sensitive data, or information that could be used to re-identify individuals.
Energy consumption, water consumption, and broader environmental impacts of training and operating GAI systems.
Bias in GAI outputs, homogenization of outputs across similar prompts, and the disparate impact of those patterns.
The configurations of human roles and oversight around GAI systems, including reliance on outputs and erosion of human judgment.
Synthetic content provenance, deepfakes, and the integrity of information ecosystems GAI systems contribute to.
Security risks specific to GAI: prompt injection, model theft, evasion of safety measures, and supply-chain compromise of foundation models.
Copyright, trademark, and trade-secret considerations in GAI training data and outputs.
GAI systems used to produce content that is obscene, degrading, abusive, or otherwise socially harmful.
Risks introduced through the GAI value chain — foundation model providers, fine-tuning vendors, deployment platforms, and downstream integrators.

Why this matters for customers

The GAI Profile gives a structured way to answer “what could go wrong with our generative AI deployment, and what controls are we using to mitigate each risk?” — at a level of specificity that broader frameworks don’t reach. This assessment surfaces:
  • Whether your data-privacy controls account for prompts and retrieved context, not just training data
  • Whether your safety testing covers confabulation, jailbreak resistance, and disallowed-content production
  • Whether your value-chain assessment captures foundation-model provider risks
  • Whether human oversight in your GAI workflows reflects realistic reliance patterns

How it relates to other frameworks

The GAI Profile is the generative-AI specialization layered on NIST AI RMF. Pair it with:
  • NIST AI RMF — the foundational lifecycle framework (run both for comprehensive AI risk coverage)
  • AI Security (AISS) — control-level technical depth, including AC-3.7 (RAG/vector stores), AC-6.6 (provenance/deepfake disclosure), AC-10.6 (agentic guardrails)
  • OWASP LLM Top 10 — the community-standard catalog of LLM application security risks

Glass-Box scoring

Each question cites the specific GAI Profile risk category and the underlying NIST AI 600-1 action ID. The full action catalog (211 action IDs) is reflected in the scoring.