Implementing NIST AI RMF for Third-Party Risk Management: A Guide for TPRM Programs
By
@mitratechlegal
Summary
The article discusses the growing cybersecurity risks posed by AI tools in third-party ecosystems, highlighting that AI-powered vendor applications are increasingly the vector for data breaches. It references the 2026 Black Kite Third-Party Breach Report, which found that for every vendor breached, an average of 5.28 downstream organizations were compromised. The piece provides an implementation guide for aligning Third-Party Risk Management (TPRM) programs with the NIST AI Risk Management Framework (RMF), noting that regulators are already acting on these risks, as seen in the Pennsylvania Attorney General's 2025 settlement with Home365 over AI platform issues.
Source
Key quotes
· 4 pulledIn a growing number of those incidents, the vector was an AI tool: a productivity application connected to corporate identity infrastructure, a generative AI service with access to sensitive data, a vendor-side model operating without visibility or governance on either end of the relationship.
The NIST AI RMF's guidance on third-party risk management is more explicit about this than most programs currently reflect.
In May 2025, the Pennsylvania Attorney General settled with Home365, a property management company, over allegations that its AI platform contributed to...
The 2026 Black Kite Third-Party Breach Report found that for every vendor breached, an average of 5.28 downstream organizations were compromised.
You might also wanna read
The Practical Cybersecurity Risks of AI Implementation
The article argues that AI systems, particularly LLM-based ones, will compromise cybersecurity not through sci-fi scenarios of superintellig
The security risk of combining private data access, untrusted content, and external communication in AI agents
This article warns users of LLM-based AI agents about a critical security vulnerability called the "lethal trifecta" — the combination of th
AI-Generated Vulnerability Reports Overwhelm Bug Bounty Platforms and Security Teams
A cybersecurity expert with nearly a decade of experience in bug bounty programs analyzes the growing problem of AI-generated vulnerability
Researchers Warn of Poor Security Practices in AI Development
The article discusses the alarming lack of robust security practices in the development and deployment of artificial intelligence (AI), as h

Security Risks of Malicious Backdoors in Large Language Models
The article explores the security risks associated with Large Language Models (LLMs), particularly the potential for embedding malicious bac
pub.aimind.so·10mo agoBenchmarking Local AI Models for Cybersecurity Vulnerability Detection
The article evaluates the effectiveness of local AI models for cybersecurity penetration testing and vulnerability research. The author benc

Comments
Sign in to join the conversation.
No comments yet. Be the first.