NIST Plans To Build Threat And Mitigation Taxonomy For AI Agents
Security Boulevard, December 10,2025
The U.S. National Institute of Standards and Technology (NIST) is building a taxonomy of attack and mitigations for securing artificial intelligence (AI) agents.
Speaking at the AI Summit New York conference, Apostol Vassilev, a research team supervisor for NIST, told attendees that the arm of the U.S. Department of Commerce is working with industry partners and the OWASP GenAI Security Project to identify the scope of the attack surface that deploying AI agents creates.
The overall goal is to strengthen cybersecurity frameworks for agentic AI applications and models that today are too weak to be used in enterprise IT environments, he added. In fact, organizations experimenting with AI agents today should only be using data they can live without, said Vassilev. In recent tests, security researchers were 100% successful in convincing large language models (LLMs) to share sensitive data, he added.