Skip to content

Proposed revisions to CNA rules to clarify inclusion rules for AI vulns #46

Description

@sromanoss

The purpose of this document is to proposed revisions to CNA rules regarding assignment of CVE-IDs or CWEs for vulnerabilities in AI systems. (edited) Specifically, these commments are designed to provide clarity when determining whether AI vulns warrant CVE or CWE assignment.

In determining whether to assign a new CVE-ID or CWE, the following criteria NEED NOT be taken into consideration:

  1. GenAI vulnerabilities that are impossible to patch, such as those that lead to hallucinations, or evasion attacks
  2. Whether the vulnerability occurs only probabilistically
  3. Whether or not the vulnerability is easy or difficult to reproduce
  4. Whether the vulnerability exists across many -- or all -- generative AI models
  5. Presence or absence of a vendor security statement shall not be a criterion for CWE creation
  6. Evasion attacks are still suitable for CWE classification, and per CNA rule 4.1.7, may (but not always) be assigned CVE-IDs.

There are still 2 issues which require further discussion:
7. Definition of integrity and whether it includes “trustworthiness” of model output.
8. Whether or not CVE or CWE assignment should consider the output of a generative AI model (as opposed to just data inputs).

Romanosky - Criteria for AI vuln inclusion as CWE or CVE - 7-10-2026.pdf

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions