Russia’s Ministry of Digital Development, the EU and NIST set new rules for AI security and regulation

Security Vision published a major analysis of how a new system of rules, standards, and protective practices is rapidly taking shape around AI. What is coming to the forefront is not only legislation, but also very practical issues: data leaks, prompt injection, model theft, and control over agentic systems.

How AI is regulated

In Russia, the basic reference point remains Decree No. 490 of October 10, 2019, and the updated AI development strategy through 2030. That was followed by the experimental regime in Moscow, a draft concept for AI regulation through 2030 from the Ministry of Digital Development and the “AI Alliance,” as well as the central bank’s ethics code for the financial market. The overall direction is clear: encourage AI adoption while at the same time requiring transparency, data protection, risk management, and human oversight.

Abroad, the framework is becoming stricter. In the EU, the EU AI Act is already in force, dividing systems into unacceptable, high, and ordinary risk levels: from outright bans on social scoring and certain biometric practices to mandatory logs, human oversight, and cybersecurity requirements. In 2025, the US released its AI Action Plan with an emphasis on accelerating innovation, infrastructure, and secure by design. China is strengthening AI content labeling, South Korea and Kazakhstan have adopted their own laws, and the UN, UNESCO, and BRICS are building an international platform for common rules.

Standards and oversight

Alongside legislation, a layer of standards and frameworks is growing quickly. ISO and IEC already have documents covering terminology, risk management, the AI lifecycle, assessment of robustness, and data security. In Russia, new GOST standards correspond to them, while in the US NIST is developing the AI Risk Management Framework, which has become one of the most visible practical schemes for companies. Its logic is simple: do not argue about AI in a vacuum, but integrate risks into standard product, security, and development management.

• Govern — assign owners, policies, and processes for AI risks
• Map — understand the context, use cases, and potential harm
• Measure — test the reliability, validity, and effectiveness of protective measures
• Manage — prioritize risks, reduce damage, and document decisions

A separate layer of specialized frameworks is also taking shape: MITRE ATLAS catalogs AI attack tactics, OWASP compiles critical risks for LLM and agentic systems, Google is developing SAIF, and major vendors are publishing their own safety and preparedness frameworks.

This matters for one reason: AI security is no longer just about protecting a server or API. It now requires assessing model behavior, data quality, resilience to manipulation, and consequences for the user.

Where AI gets attacked

AI has its own attack surface. Large language models do a poor job of distinguishing data from instructions, so malicious text on a web page, in an email, or in a document can turn into a command for an agent. That is what drives direct and indirect prompt injection attacks, jailbreak, extraction, and data poisoning. If the system is connected to email, a CRM, file storage, or external services, the cost of an error rises sharply: an attacker may not just get a strange answer, but reach corporate data or force the agent to perform an unwanted action.

Another major risk area is the data itself. Companies are increasingly encountering Shadow AI, a scenario in which employees upload internal documents to public chatbots without approval. IBM cited an estimate according to which 13% of surveyed companies had already reported leaks through AI. Add the theft of API keys for LLM jacking, possible model copying via distillation, and the problem of hallucinations on synthetic data, and it becomes clear why grounding, zero data retention, MLSecOps, and DLP are no longer optional.

A separate trend is that attackers themselves are using agentic tools to automate hacking and lower the barrier to entry into cybercrime.

What it means

The AI market is entering a phase where the winner is not the one who simply deployed a model faster, but the one who can prove its reliability, explainability, and safety. For business, this means one thing: AI can no longer be launched like “just another SaaS service” — it needs separate access rules, data controls, integration audits, and regular attack testing.