AI in Cybersecurity Education

Faculty Development Summer Institute 2026

Guest Speaker: AI Governance

This morning session is the first of two visiting guest-speaker sessions on Wednesday 6/10. It focuses on the governance of AI systems and the limits of metrics-driven risk management under the NIST AI Risk Management Framework. The afternoon session examines AI abuse. There is no afternoon activity on this day.

David A. Broniatowski

David A. Broniatowski

Professor of Engineering Management and Systems Engineering, George Washington University; Research Director, GW Trustworthy AI Initiative; Deputy Director, NIST-NSF TRAILS Institute

Broniatowski is a systems engineer and behavioral scientist who studies how information flows through complex sociotechnical systems. His research integrates engineering with cognitive science to examine AI, platform architecture, public health, and governance, including empirical analyses of how system design shapes information spread and online discourse.

Beyond the Metrics: Navigating Systems Risk and Trustworthiness under the NIST AI RMF

As Artificial Intelligence systems scale across critical sectors, frameworks like the NIST AI Risk Management Framework (RMF) have emerged to define the core parameters of trustworthy AI—including validity, safety, fairness, resilience, and explainability. However, a major challenge in modern socio-technical systems engineering lies in how organizations attempt to operationalize these properties, frequently reducing complex system lifecycle behaviors to rigid, purely quantitative metrics that remain open problems to verify.

This talk explores the foundational limits of a metrics-only approach to AI risk management. Drawing on systems engineering, cognitive psychology, and risk theory, we will examine how relying strictly on “verbatim” data optimization can lead to catastrophic oversights, whereas human experts instinctively rely on context-dependent “gist interpretations” to navigate complex realities. We will dissect how simplistic proxy metrics fundamentally fail to capture systemic context, illustrating this through real-world algorithmic failures such as healthcare reimbursement models that mistakenly substitute commercial spending costs for actual medical utilization needs.

Furthermore, the presentation will address how information-centric systems are uniquely susceptible to power-law distributions, generating high-impact, low-probability “black swan” failures that traditional objective statistics fail to adequately predict or prevent. Ultimately, this presentation argues that managing AI risk requires shifting from an insular technocratic paradigm to an explicitly participatory framework. Attendees will discover how combining structured requirements elicitation with the active inclusion of marginalized voices and “lay experts” can bridge the gap between abstract compliance metrics and genuine, durable public trust.