Navigating NIST’s GenAI Risk Management Framework
We discuss the NIST GenAI Risk Management Framework, a voluntary guide for mitigating enterprise Generative AI risk.
The National Institute of Standards and Technology (NIST) provides a specialized framework called the GenAI Risk Management Framework, specifically designed for managing risks associated with Generative AI (GenAI) systems. This framework builds upon their broader AI Risk Management Framework (AI RMF) but focuses on the unique risks posed by generative AI models due to their ability to create new realistic content.
In the GenAI RMF, risk is evaluated based on two main criteria: the probability of an event occurring and the potential severity of its consequences. Generative AI technologies magnify existing risks and introduce entirely new ones at various stages of the AI lifecycle: design, training, deployment, active use, and eventual decommissioning. These risks can affect individual models or entire systems. The complexity of managing risk for GenAI systems increases further due to multiple risk sources such as design decisions, training processes , and human misuse.
NIST highlights several key risk categories significantly amplified by generative AI. One notable and severe risk involves Chemical, Biological, Radiological, or Nuclear (CBRN) weapons. Generative AI can inadvertently simplify access to dangerous knowledge, such as instructions for creating harmful chemicals. Recent research demonstrated instances where generative AI systems unintentionally provided guidance on synthesizing hazardous materials.
AI hallucination (lying) has been one of the major AI issues in the public eye ever since ChatGPT was released. Generative AI models often confidently produce plausible yet entirely fabricated information. For instance, large language models sometimes produce false research citations or inaccurate facts, misleading users and potentially aiding in the spread of misinformation.
Privacy risks will be an increasingly significant concern over the next few years. Models trained on massive datasets can unintentionally leak sensitive personal information. For example, chatbots might reveal personal conversations or contact details for other users. Privacy concerns are also deeply tied into bias since you cannot measure or fix bias without accessing some sensitive data. Generative AI can unintentionally amplify stereotypes or unfair biases, associating specific traits or professions with certain demographics. Extensive reliance on a single generative model can lead to content favoring the majority group.
A viral example highlighting these risks involved a fake AI-generated image depicting an explosion at the Pentagon. This falsified image quickly spread online, briefly causing a stock market downturn. Incidents like this are becoming increasingly common, and underscore the urgent need for robust GenAI risk management strategies.
