The Hacking Policy Council (HPC) submits the following comments in response to the Request for Information (RFI) related to National Institute of Standards and Technology (NIST)’s responsibilities under Sections 4.1, 4.5, and 11 of the recent Artificial Intelligence (AI) Executive Order (EO) 14110. We thank NIST for the opportunity to provide input towards this important proposal.

The HPC is a group of industry experts dedicated to creating a more favorable legal, policy, and business environment for vulnerability management and disclosure, good faith security research, penetration testing, bug bounty programs, and independent repair for security. Many of our members are deeply involved in AI system deployment, testing, and red teaming.

HPC’s comments focus on AI testing and red teaming. As AI systems become increasingly common in a variety of environments, including critical and public applications, ensuring the security, safety, and trustworthiness of AI is a major priority. Testing AI for alignment with evaluation metrics is a key safeguard against poor security, discrimination, bias, inaccuracy, and other harmful or undesirable outputs. However, we also emphasize that testing should be only one component of a security and trustworthiness program that includes risk assessment, vulnerability management, incident response plans, and other safeguards.

Read Next

Japanese Regulator Balances Cybersecurity, Competition Concerns In MSCA Implementation Guidelines

Promoting robust competition in the digital space while ensuring cybersecurity protections is challenging. The Japan Fair Trade Commission strikes a crucial balance between these priorities in its May 2025 guidelines.

The Clock’s Ticking: Why CISA 2015 Must Be Renewed Now

As the September 2025 expiration of CISA 2015 looms, Congress faces a critical decision that will shape the future of national cyber defense. At a time when the U.S. is under near constant cyber attacks, government and industry need to share intel.

Cybersecurity Coalition, CR2 Comment on EU Cybersecurity Act Revision Consultation

The Cybersecurity Coalition and the Coalition to Reduce Cyber Risk submitted comments to the European Union Directorate-General for Communications Networks, Content and Technology’s open consultation on revisions to the Cybersecurity Act.