The purpose of this document is to proposed revisions to CNA rules regarding assignment of CVE-IDs or CWEs for vulnerabilities in AI systems. (edited) Specifically, these commments are designed to provide clarity when determining whether AI vulns warrant CVE or CWE assignment.
In determining whether to assign a new CVE-ID or CWE, the following criteria NEED NOT be taken into consideration:
- GenAI vulnerabilities that are impossible to patch, such as those that lead to hallucinations, or evasion attacks
- Whether the vulnerability occurs only probabilistically
- Whether or not the vulnerability is easy or difficult to reproduce
- Whether the vulnerability exists across many -- or all -- generative AI models
- Presence or absence of a vendor security statement shall not be a criterion for CWE creation
- Evasion attacks are still suitable for CWE classification, and per CNA rule 4.1.7, may (but not always) be assigned CVE-IDs.
There are still 2 issues which require further discussion:
7. Definition of integrity and whether it includes “trustworthiness” of model output.
8. Whether or not CVE or CWE assignment should consider the output of a generative AI model (as opposed to just data inputs).
Romanosky - Criteria for AI vuln inclusion as CWE or CVE - 7-10-2026.pdf
The purpose of this document is to proposed revisions to CNA rules regarding assignment of CVE-IDs or CWEs for vulnerabilities in AI systems. (edited) Specifically, these commments are designed to provide clarity when determining whether AI vulns warrant CVE or CWE assignment.
In determining whether to assign a new CVE-ID or CWE, the following criteria NEED NOT be taken into consideration:
There are still 2 issues which require further discussion:
7. Definition of integrity and whether it includes “trustworthiness” of model output.
8. Whether or not CVE or CWE assignment should consider the output of a generative AI model (as opposed to just data inputs).
Romanosky - Criteria for AI vuln inclusion as CWE or CVE - 7-10-2026.pdf