AI Cyber Directory: Purpose and Scope

The AI Cyber Authority directory catalogs professional service providers, firms, and specialized practitioners operating at the intersection of artificial intelligence and cybersecurity across the United States. This reference covers the directory's inclusion standards, maintenance protocols, scope boundaries, and relationship to adjacent resources within the broader cybersecurity information landscape. Understanding how this directory is structured — and what it does and does not index — enables service seekers, procurement officers, and industry researchers to use it with precision.

Standards for Inclusion

Inclusion in the AI Cyber Authority directory is governed by a defined set of qualification criteria tied to the professional and regulatory standards that structure the AI-integrated cybersecurity sector.

Providers are evaluated against four classification dimensions:

1. Service Category Alignment — The listed entity must operate in a recognized AI-cybersecurity service category. Recognized categories include AI-driven threat detection and response, machine learning security architecture, adversarial AI defense, AI model auditing, and automated security operations (SecOps) tooling. Providers whose primary activity falls outside these categories are not listed, regardless of ancillary AI or cybersecurity work.

2. Regulatory Touchpoint Verification — Service providers working with federal systems or regulated industries must demonstrate alignment with applicable frameworks. These include the NIST AI Risk Management Framework (AI RMF 1.0) published by the National Institute of Standards and Technology, and NIST SP 800-53 for security and privacy controls. Firms operating under FISMA obligations or serving financial sector clients subject to FFIEC cybersecurity guidance are categorized accordingly.

3. Geographic Scope — The directory covers US-based providers and US-licensed or US-operating divisions of international firms. Purely offshore entities without documented US service delivery are excluded.

4. Operational Status — Only active, commercially operating entities are indexed. Defunct firms, pre-revenue startups without client delivery records, and academic research units without commercial service arms fall outside listing scope.

A contrast worth noting: firms that deploy AI within their cybersecurity service delivery (e.g., AI-augmented penetration testing platforms) are categorized differently from firms that provide security services for AI systems themselves (e.g., adversarial robustness auditing, model integrity assessment). Both are indexed, but under distinct classification tags to prevent category conflation.

How the Directory Is Maintained

The directory operates on a structured review cycle rather than a continuous open-submission model. Listing data is verified against public business registrations, published service documentation, and regulatory filing records where available.

Maintenance follows three phases:

1. Initial Verification — New entries are cross-referenced against business registry data from the relevant state's Secretary of State office and against any published federal contractor registrations (SAM.gov for entities engaged in federal work). Service category claims are assessed against publicly available service descriptions.

2. Periodic Review — Existing listings are reviewed for continued operational status and category accuracy. The Federal Trade Commission's guidance on AI-related service representations (FTC guidance on AI claims) informs the review of how listed providers represent AI capabilities in their public-facing materials.

3. Category Reclassification — As the AI cybersecurity sector evolves — particularly as the Cybersecurity and Infrastructure Security Agency (CISA) updates its AI roadmap and threat taxonomy — listings may be reclassified to reflect new service category definitions. Reclassification does not constitute removal.

Providers are not ranked by quality, revenue, or client outcomes. The directory is a structured reference index, not a ratings platform.

What the Directory Does Not Cover

The scope of the AI Cyber Authority directory has defined exclusions that distinguish it from general IT service marketplaces or broad cybersecurity vendor registries.

The directory does not cover:

• General IT managed services that include cybersecurity features without AI-specific architecture or methodology
• Cybersecurity training and certification programs — those are addressed in adjacent educational resources within the network
• AI software vendors and platform developers where cybersecurity is incidental to the product's primary function (e.g., AI productivity tools with basic access controls)
• Academic, nonprofit, or government research units that do not deliver commercial professional services
• Insurance and risk transfer products, including standalone cyber insurance providers, even when AI-driven underwriting is involved

The directory also does not constitute a procurement endorsement, a licensing registry, or a regulatory compliance certification. Inclusion does not represent regulatory approval by NIST, CISA, the FTC, or any other named agency.

Relationship to Other Network Resources

The AI Cyber Authority directory functions as the primary provider index within a broader set of cybersecurity reference resources. The AI Cyber Listings page surfaces the indexed provider entries organized by service category and geography, and is the operational face of the directory for service seekers conducting active searches.

Contextual guidance on navigating provider categories, interpreting listing classifications, and understanding how AI cybersecurity services differ from traditional managed security providers is available through the How to Use This AI Cyber Resource page. That resource describes the classification logic and search methodology without duplicating the directory index itself.

The directory sits within a network hierarchy anchored at nationalcyberauthority.com, which addresses the broader US cybersecurity services landscape across all professional categories — not exclusively AI-integrated services. The AI Cyber Authority scope is intentionally narrower: it indexes only providers where artificial intelligence is a substantive, documented component of service architecture, distinguishing it from the wider national-scope registry. This specificity serves procurement researchers, compliance officers, and contracting personnel who need to identify AI-specific capability within the cybersecurity vendor market, rather than the cybersecurity sector at large.