CIA+TA Risk Assessment for AI Reasoning Vulnerabilities
Yuksel Aydin
TL;DR
This paper introduces a new framework for assessing and protecting AI reasoning processes from adversarial threats, emphasizing cognitive cybersecurity and extending traditional security models with trust and autonomy considerations.
Contribution
It establishes cognitive cybersecurity as a new discipline, extends the CIA model with trust and autonomy, and provides a quantitative risk assessment methodology for AI reasoning vulnerabilities.
Findings
Strong architecture dependence of defenses, with vulnerability effects ranging from 96% reduction to 135% amplification.
Mapping to OWASP LLM Top 10 and MITRE ATLAS facilitates operational integration.
Empirical validation with 151 human participants and 12,180 AI trials.
Abstract
As AI systems increasingly influence critical decisions, they face threats that exploit reasoning mechanisms rather than technical infrastructure. We present a framework for cognitive cybersecurity, a systematic protection of AI reasoning processes from adversarial manipulation. Our contributions are threefold. First, we establish cognitive cybersecurity as a discipline complementing traditional cybersecurity and AI safety, addressing vulnerabilities where legitimate inputs corrupt reasoning while evading conventional controls. Second, we introduce the CIA+TA, extending traditional Confidentiality, Integrity, and Availability triad with Trust (epistemic validation) and Autonomy (human agency preservation), requirements unique to systems generating knowledge claims and mediating decisions. Third, we present a quantitative risk assessment methodology with empirically-derived coefficients,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.