Establishing Minimum Elements for Effective Vulnerability Management in AI Software

TL;DR

This paper proposes standardized protocols and minimum elements for AI vulnerability management, emphasizing the creation of an AI Vulnerability Database to improve security practices in AI systems.

Contribution

It introduces a framework for AI vulnerability documentation and discusses the development of an AI-specific vulnerability database and assessment tools.

Findings

Standardized formats for AI vulnerability disclosure

Identification of gaps in current AI security practices

Recommendations for AI-specific severity scoring systems

Abstract

In the rapidly evolving field of artificial intelligence (AI), the identification, documentation, and mitigation of vulnerabilities are paramount to ensuring robust and secure systems. This paper discusses the minimum elements for AI vulnerability management and the establishment of an Artificial Intelligence Vulnerability Database (AIVD). It presents standardized formats and protocols for disclosing, analyzing, cataloging, and documenting AI vulnerabilities. It discusses how such an AI incident database must extend beyond the traditional scope of vulnerabilities by focusing on the unique aspects of AI systems. Additionally, this paper highlights challenges and gaps in AI Vulnerability Management, including the need for new severity scores, weakness enumeration systems, and comprehensive mitigation strategies specifically designed to address the multifaceted nature of AI vulnerabilities.