The rapid adoption of artificial intelligence has forced organizations to confront a hard truth: AI changes the cybersecurity equation.

New attack surfaces, new misuse patterns and new forms of automation require a different approach to managing risk.

That’s why NIST has stepped forward.

Through its draft AI cybersecurity profile, NIST CSF 2.0 and the AI Risk Management Framework, NIST makes one thing clear: AI security must be grounded in proven cybersecurity principles, adapted for an AI-driven world. That’s where a focus on data trust comes in.

NIST provides an effective structure that can be a helpful guide for teams. In practice, building data trust is one of the most effective steps teams can take to enable safe, effective AI usage.

What is NIST’s view of AI security?

NIST does not treat AI security as a standalone discipline. Instead, it extends existing cybersecurity frameworks to account for how AI systems consume data, make decisions and act autonomously.

Across both NIST CSF 2.0 and the AI Risk Management Framework, several themes are consistent:

• Organizations must govern AI use intentionally
• Data and system dependencies must be understood before deployment
• Risk must be measured continuously, not assumed
• Controls must adapt as behavior changes

At the center of all of these themes is a growing problem: organizations lack confidence in how their data is accessed and used. Without that confidence, they cannot meaningfully govern AI risk, because they don’t know whether data is being used safely, appropriately or at all as intended.

What is data trust?

Data trust is the degree of confidence an organization has that its systems use data safely and appropriately.

This aligns naturally with NIST’s intent. It’s not about perfection. It’s about having enough clarity and control to be confident that data use matches policy, regulatory obligations and business intent.

In an AI-driven environment, this matters because systems can move quickly and at scale. When data is overexposed or misunderstood, AI can spread that risk faster than most teams can react.

How NIST frameworks use data trust to secure AI systems

NIST CSF 2.0 establishes the operational backbone for data trust.

• Govern defines expectations for how data and AI systems should be used
• Identify creates visibility into sensitive data and data flows
• Protect enforces appropriate access and safeguards
• Detect validates that data is being used as intended
• Respond and Recover preserve confidence when incidents occur

The AI Risk Management Framework builds on this foundation by focusing on AI-specific risk.

• Govern aligns AI use with organizational values
• Map documents data inputs and dependencies
• Measure evaluates whether AI systems behave in trustworthy ways
• Manage adapts controls as risk changes

Taken together, these frameworks describe the path to data trust, even if they don’t always use the term explicitly.

What does data trust mean in the AI era?

Traditionally, data security focused on protecting data at rest or in transit. AI changes the model because data is now actively used and manipulated by humans, applications and other AI systems across cloud platforms, SaaS tools, endpoints and GenAI services.

In this context, a practical definition of data trust is straightforward: you can explain, with evidence, that AI systems are accessing and using data safely and appropriately.

That typically means:

• Sensitive data is identified before it enters AI workflows
• Access reflects least privilege, not convenience
• Usage aligns with organizational policy and compliance obligations
• Risk is monitored continuously, not discovered after the fact

Without this foundation, AI introduces uncertainty instead of value.

Why NIST-aligned data trust matters for AI security

AI doesn’t create new data security problems. It magnifies existing ones.

If organizations lack visibility into where sensitive data lives, AI will find it anyway. If access controls are overly permissive, AI will inherit those permissions. If teams rely on static rules, AI-driven workflows will outpace them.

NIST explicitly warns against treating AI security as an overlay bolted onto existing programs, a theme reinforced across its AI RMF guidance and broader cybersecurity publications. Instead, AI risk must be integrated into core cybersecurity practices. A focus on data trust is what makes that integration tangible.

When teams can demonstrate that data is used safely and appropriately, AI becomes easier to govern and safer to scale.

How organizations build data trust using NIST guidance

Data trust isn’t achieved through policy alone. It’s built by applying NIST principles to how data is actually used, then validating that those controls work over time.

1. Continuous data visibility: NIST emphasizes understanding assets and dependencies. For AI, that starts with continuous discovery and classification of sensitive data across SaaS, cloud, endpoints and GenAI tools. Visibility cannot be periodic. AI usage evolves too quickly.
2. Context-driven risk evaluation: NIST calls for improved signal quality and risk measurement. Context provides that signal. Understanding who is accessing data, what they are doing and whether behavior aligns with normal patterns reduces noise and surfaces real risk.
3. Data-centric enforcement: NIST frameworks assume controls follow risk. In AI environments, risk follows the data. Enforcing policy based on data sensitivity rather than application boundaries enables safe AI adoption without adding friction.
4. Responsible use of AI for security: NIST also highlights the defensive potential of AI. With trusted data and strong context, AI can help prioritize risk, detect anomalies faster and reduce manual remediation. Used this way, AI strengthens security instead of undermining it.
5. Continuous verification of appropriate data use: NIST frameworks emphasize that trust must be continuously validated, not assumed. In practice, this means organizations must regularly verify that data is being accessed and used in ways that remain safe, appropriate and aligned with policy as AI systems, users and workflows evolve.

The impact on data security and the business

Organizations that apply NIST guidance with a data trust focus often see benefits that extend beyond AI initiatives.

Security teams gain better visibility into real risk, fewer false positives and faster response times. The business gains safer AI adoption, reduced risk of data leakage and greater confidence in AI-driven outcomes.

Most importantly, security evolves from a reactive compliance function into an enabler of innovation.

Why NIST and data trust matter now

AI adoption is accelerating whether organizations are ready or not. Employees are using AI tools. Adversaries are exploiting automation. Regulators are paying close attention.

NIST provides the framework for navigating this shift. A deliberate focus on data trust is a practical way to put that framework into action.

If AI is going to deliver real value, organizations need confidence that their systems use data safely and appropriately. That confidence is built through governance, visibility and continuous verification.

In the AI era, NIST shows the way. A disciplined approach to data trust is one of the clearest paths to follow it.

*** This is a Security Bloggers Network syndicated blog from Top of MIND Blog | RSS authored by Landen Brown, Field CTO at MIND. Read the original post at: https://mind.io/blog/nist-blueprint-for-ai-security-how-data-trust-enables-ai-success