The U.S. Nuclear Regulatory Commission has released a small business set-aside solicitation focused on one of the more emerging intersections in critical infrastructure security: the use of artificial intelligence and machine learning inside nuclear power plant environments.
Issued under Solicitation Number 31310026R0012, the effort centers on Cybersecurity of Novel Technology Implementations in Operating and New/Advanced Reactors – Artificial Intelligence and Machine Learning. The procurement seeks research and technical analysis to help the NRC better understand the cybersecurity implications of deploying AI/ML technologies within both existing and future reactor systems.
The solicitation reflects growing industry interest in using AI and machine learning to improve reactor operations, efficiency, monitoring, and automation, particularly as advanced reactor programs increasingly rely on digital systems. At the same time, the NRC is signaling concern that these technologies may introduce entirely new cyberattack surfaces and security risks that existing regulatory guidance may not fully address.
The work will examine how AI/ML technologies are currently being considered or deployed across nuclear environments, assess cybersecurity risks associated with those implementations, and evaluate whether existing NRC cybersecurity controls adequately address those risks. The research is also expected to support future regulatory guidance that is described as risk-informed, technology-inclusive, and performance-based.
A central theme throughout the requirement is the distinction between traditional software cybersecurity concerns and AI-specific risks, including model tampering, data poisoning, supply chain exposure, and vulnerabilities tied to training data integrity and third-party AI models.
The contractor will be responsible for identifying AI/ML use cases relevant to both operating reactors and advanced reactor designs, assessing cybersecurity implications for each use case, and developing draft evaluation frameworks and guiding principles for secure deployment. The final output will include a technical research report intended to help inform future NRC cybersecurity guidance and oversight approaches.
Importantly, the solicitation is set aside entirely for small businesses, creating an opportunity for specialized cybersecurity firms, AI security researchers, nuclear engineering consultancies, and research-focused small businesses with expertise in cyber-physical systems and critical infrastructure security.
The effort also highlights how federal regulators are beginning to move beyond theoretical discussions of AI safety and toward practical governance frameworks for AI deployment inside mission-critical operational technology environments.
