The first dispatch left a claim open: NIST covers more of the MIT 24 than any other framework in this series, and still drops the same four risks.
Both halves are true, and the reason the second half is true is the more useful finding.
NIST is not one artifact. The AI RMF core works at the level of functions — Govern, Map, Measure, Manage — not named risks. The Generative AI Profile, NIST AI 600-1, sits on top of it and names twelve specific risk areas with more than two hundred suggested actions. A separate Agentic AI Profile addresses the autonomy layer — unintended goal pursuit, privilege escalation, shutdown resistance. Stacked, these cover thirteen of the MIT twenty-four with a named home, more than any other body here.
What NIST names
The breadth is real. AI 600-1 names confabulation, mapping cleanly to false information. It names information integrity for disinformation and consensus-reality erosion, data privacy for privacy loss, information security for AI vulnerabilities, harmful bias for both discrimination and unequal performance, human-AI configuration for overreliance. It names CBRN information for the content side of weapons and dangerous capabilities. And it names environmental impacts — the energy and hardware footprint of AI systems — which no other framework in this series touches at all.
That last one matters, because environmental harm is one of the five risks the MIT panel judged to stay above 10% catastrophic probability even after pragmatic mitigation. NIST sees it. So the reader is entitled to expect NIST sees the rest of the cluster that falls past every framework in this series too.
Where the sight ends
It does not. Power centralization, inequality and unemployment, competitive dynamics — none has a named home in any of NIST’s three layers. The RMF core is about governance, yet does not model governance failure as a risk.
Dangerous capabilities — Yes, as CBRN information, on the content side. Environmental harm — Yes, as Environmental Impacts. Power centralization — No. Inequality & unemployment — No. The framework names the two that touch model output and drops the two that do not.
The reason is structural, visible in the organizing question of AI 600-1: what harmful or undesirable content might a generative system produce? That question maps output risks densely — confabulation, toxic content, bias in a result, even the environmental cost of producing the output. It maps the non-technical risks nowhere, because power centralization is not a property of any model’s output. It is a property of market structure. Inequality is a property of labor economics. These are not things a system emits.
What this dispatch establishes
So NIST’s edge sits in a different place than OWASP’s. OWASP stops at the boundary of agentic security — the attack surface. NIST stops at the boundary of content harm — what the system produces. NIST can name the carbon cost of a data center because that is downstream of model output, and cannot name the concentration of power among the firms running those data centers because that is upstream of market structure. One framework drew its boundary at the agent. This one drew it at the output. The same four risks fall past both, for reasons that have nothing to do with each other.
The next dispatch takes the same 24 to MAESTRO — the deepest framework, built for exactly the agentic complexity OWASP and NIST reach only partway into. It has the largest gap of the three.
NIST names more of the MIT 24 than any framework in this series — and the boundary it stops at is not the agent but the output. It can name the carbon cost of a data center, because that is downstream of what a model produces; it cannot name the concentration of power among the firms running those data centers, because that is upstream of market structure. Same four risks fall past NIST as fall past OWASP — for an entirely unrelated reason.
One framework drew its line at the agent. This one drew it at the output. When two charters placed for two different reasons leave the same gap, the gap is not an accident. It is what happens when any technical framework meets a risk that is not technical.
