Risks of ignoring uncertainty propagation in AI-augmented security pipelines

TL;DR

This paper addresses the critical issue of uncertainty propagation in AI-augmented security pipelines, providing formal methods and a simulator to quantify and analyze error propagation, which is essential for safety-critical applications.

Contribution

It introduces a formal framework and a simulation tool to estimate uncertainty propagation in AI-integrated pipelines, a novel approach not previously explored.

Findings

The simulator effectively quantifies error propagation in AI pipelines.

Formal underpinnings enable systematic uncertainty analysis.

Case study demonstrates practical applicability.

Abstract

The use of AI technologies is being integrated into the secure development of software-based systems, with an increasing trend of composing AI-based subsystems (with uncertain levels of performance) into automated pipelines. This presents a fundamental research challenge and seriously threatens safety-critical domains. Despite the existing knowledge about uncertainty in risk analysis, no previous work has estimated the uncertainty of AI-augmented systems given the propagation of errors in the pipeline. We provide the formal underpinnings for capturing uncertainty propagation, develop a simulator to quantify uncertainty, and evaluate the simulation of propagating errors with one case study. We discuss the generalizability of our approach and its limitations and present recommendations for evaluation policies concerning AI systems. Future work includes extending the approach by relaxing the remaining assumptions and by experimenting with a real system.