1.3.3 Industry standards (ISO/IEC 23053, NIST AI RMF)

2025.10.06.
AI Security Blog

While global regulations set the “what” and “why” of AI governance, industry standards provide the “how.” For an AI red teamer, these frameworks are not bureaucratic hurdles; they are your playbook. They provide a common language to articulate risk, a structure to guide your testing, and a direct line to demonstrate value to compliance, legal, and engineering teams. Engaging with these standards elevates your work from ad-hoc vulnerability discovery to a strategic function that helps the entire organization build trustworthy AI.

Two of the most influential frameworks you will encounter are the NIST AI Risk Management Framework (AI RMF) and ISO/IEC 23053. They approach the problem from different angles but share the common goal of operationalizing responsible AI development. Let’s dissect them from a red teamer’s perspective.

Kapcsolati űrlap - EN

Do you have a question about AI Security? Reach out to us here:

The NIST AI Risk Management Framework (AI RMF 1.0)

Developed by the U.S. National Institute of Standards and Technology, the AI RMF is a voluntary framework designed to be practical, adaptable, and integrated into an organization’s existing risk management processes. Its core strength is its focus on the socio-technical nature of AI risk—it considers not just technical failures but also societal impacts.

The framework is structured around four core functions: Govern, Map, Measure, and Manage. As a red teamer, your activities are most impactful in the latter three.

NIST AI RMF Functions and Red Teaming Input GOVERN MAP MEASURE MANAGE Red Team provides critical data for Measure & Manage
  • Govern: This is the foundation. It establishes the culture, policies, and structures for risk management. While you don’t typically operate here, the outputs of your work (e.g., a severe finding) can trigger major updates to governance policies.
  • Map: This function involves identifying the context, capabilities, and potential risks of an AI system. Your role here is to challenge the assumptions made during this mapping process. If a team maps a risk as “low likelihood,” your successful demonstration of an exploit provides concrete evidence to re-evaluate that mapping.
  • Measure: Here, you analyze, assess, and track the identified risks. This is a primary home for red teaming. Your engagements are a form of measurement—you are actively testing for flaws, biases, and security vulnerabilities. Your reports provide the qualitative and quantitative data needed to assess the true risk posture of a system.
  • Manage: Once risks are measured, they must be managed. This involves prioritizing and implementing risk treatments (e.g., mitigations, controls). Your work directly informs this function by identifying which risks are most urgent. Furthermore, you can be called upon to re-test a system after a fix has been implemented to validate its effectiveness.

ISO/IEC 23053:2022

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) offer a more formal, process-oriented standard. ISO/IEC 23053 provides a framework for establishing an AI system using machine learning. It describes a big picture view of the AI/ML lifecycle and defines the roles, processes, and data considerations within it.

Unlike the risk-centric NIST AI RMF, ISO/IEC 23053 is structured like a classic engineering standard. For a red teamer, the most relevant aspect is its heavy emphasis on Verification and Validation (V&V) activities throughout the lifecycle. Your work is a key component of V&V.

Key Red Teaming Touchpoints in ISO/IEC 23053:

  • System Requirements V&V: You test whether the system, as built, truly meets its stated goals, including negative requirements (e.g., “the system must not generate harmful content”).
  • Data V&V: You may be involved in testing the robustness of the system to data quality issues, such as identifying potential data poisoning vectors or biases inherent in the training set.
  • Model V&V: This is classic adversarial testing—evaluating the model for evasion, inference, and extraction vulnerabilities before it’s even integrated into a larger system.
  • System Integration V&V: You assess the security of the deployed system as a whole, including its APIs, infrastructure, and user interfaces, looking for weaknesses that arise from the interaction of different components.

Comparing the Frameworks: A Red Teamer’s View

While both frameworks aim for trustworthy AI, they serve different purposes. The NIST AI RMF is a flexible guide for managing risk, while ISO/IEC 23053 is a more rigid standard for building a system. You’ll often find organizations using the NIST RMF to guide their overall strategy and referencing ISO standards to structure their specific engineering processes.

Aspect NIST AI RMF 1.0 ISO/IEC 23053:2022
Focus Risk management across the AI lifecycle. Socio-technical and context-aware. Engineering process and lifecycle management for AI/ML systems.
Structure Four functions: Govern, Map, Measure, Manage. Flexible and adaptable. Formal, process-based. Defines roles, activities, and artifacts.
Nature Voluntary guidance framework. Meant to be tailored to an organization. Formal international standard. Can be used for certification purposes.
Primary Red Team Hook Providing evidence for the Measure function and validating controls in the Manage function. Executing formal Verification & Validation (V&V) activities across the development pipeline.

From Framework to Finding

Knowing these standards allows you to frame your findings in a language the organization understands. Instead of just reporting a technical flaw, you can map it directly to the organization’s risk management framework. This translation is a powerful tool for ensuring your work has impact.

Consider how you might document a prompt injection finding using the language of the NIST AI RMF.

// Pseudocode: Mapping a Red Team Finding to NIST AI RMF
FINDING_ID = "RT-2024-017"
DESCRIPTION = "LLM susceptible to prompt injection leading to PII disclosure."
REPLICATION_STEPS = "..."

// MAP the finding to the organization's risk profile
risk_profile.map_finding(
    finding_id=FINDING_ID,
    description=DESCRIPTION,
    nist_category="Security",
    nist_subcategory="Evasion Attacks (Prompt Injection)",
    potential_impact="Unauthorized access to customer PII, reputational damage.",
    likelihood="High (requires no special tools)"
)

// Propose actions for the MANAGE function
risk_register.propose_treatment(
    source_finding=FINDING_ID,
    action="Implement strict input sanitization and output filtering.",
    owner="AI Development Team",
    priority="Critical"
)

By presenting your findings this way, you are no longer just a tester; you are a direct contributor to the organization’s formal risk management process. You provide the ground truth that makes these frameworks effective, ensuring they are based on demonstrated risk, not just theoretical possibilities.

Key Takeaway

Industry standards like the NIST AI RMF and ISO/IEC 23053 are essential tools for the modern AI red teamer. They provide a shared vocabulary and structure that connect your technical testing activities to the organization’s broader goals of governance, risk, and compliance. Mastering them allows you to articulate the business impact of your findings and solidify red teaming as a critical component of trustworthy AI development.

1.3.2 Global regulatory environment

2025.10.06.

1.3.4 Professional communities and platforms

2025.10.06.

Contact

Attila Rácz-Akácosi, AI Security Strategy Consultant, Aiq.hu ©

Send an email with the details, and I will help you outline concrete steps toward safer AI operation.
Ai Red Teaming Hungary, Global Ai Safety / LLM Security Audit

Ai Red Teaming Dictionary

AI Security Audit - Checklist