Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (IR) 8579, Developing the NCCoE Chatbot: Technical and Security Learnings from the Initial Implementation. The public comment period for the publication will close at 11:59 p.m. on August 4, 2025.
The NCCoE identified a potential application for a chatbot to support its mission and developed a secure, internal-use chatbot to assist NCCoE staff with discovering and summarizing cybersecurity guidelines tailored to specific audiences or use cases.
The chatbot was built using retrieval-augmented generation (RAG)-based LLM technology. This approach combines techniques from information retrieval and natural language generation, enabling the chatbot to provide more focused, contextually relevant responses by leveraging a repository of cybersecurity knowledge, including previous NCCoE publications. Compared to search engines, LLM-based chatbots provide more contextually relevant and precise responses by understanding the nuances of natural language queries.
This report provides a point in time examination of the NCCoE Chatbot, outlining the NCCoE’s approach to developing the tool, as well as the NCCoE’s response to specific security challenges. In addition, this report provides an overview of the chatbot and its supporting technologies so that other organizations might consider the benefits of their use.
We encourage you to review this document and provide comments by August 4, 2025. If you have any questions, please email the team at nlp-nccoe [at] nist.gov (nlp-nccoe[at]nist[dot]gov).