Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Coordinated Flaw Disclosure for AI: Beyond Security Vulnerabilities

Sven Cattell, Avijit Ghosh, Lucie-Aimée Kaffee

TL;DR

The paper addresses the lack of a structured framework for disclosing and addressing AI flaws by proposing Coordinated Flaw Disclosure (CFD), an adaptation of Coordinated Vulnerability Disclosure (CVD) tailored to machine learning. The authors define Flaw as any unexpected model behavior outside the defined intent and scope, and introduce innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and automated verification. They outline a practical CFD workflow, including Complete Model/System Cards, a CFE issuance process, and a CFD governance structure, plus a plan for a real-world pilot at DEF CON 32 and a Common Use Enumeration (CUE) system. The framework aims to improve AI accountability and public trust by balancing vendor and community interests, while acknowledging limitations and outlining future work to realize wide adoption across AI systems.

Abstract

Harm reporting in Artificial Intelligence (AI) currently lacks a structured process for disclosing and addressing algorithmic flaws, relying largely on an ad-hoc approach. This contrasts sharply with the well-established Coordinated Vulnerability Disclosure (CVD) ecosystem in software security. While global efforts to establish frameworks for AI transparency and collaboration are underway, the unique challenges presented by machine learning (ML) models demand a specialized approach. To address this gap, we propose implementing a Coordinated Flaw Disclosure (CFD) framework tailored to the complexities of ML and AI issues. This paper reviews the evolution of ML disclosure practices, from ad hoc reporting to emerging participatory auditing methods, and compares them with cybersecurity norms. Our framework introduces innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and an automated verification process. We also outline a forthcoming real-world pilot of CFD. We argue that CFD could significantly enhance public trust in AI systems. By balancing organizational and community interests, CFD aims to improve AI accountability in a rapidly evolving technological landscape.

Coordinated Flaw Disclosure for AI: Beyond Security Vulnerabilities

TL;DR

The paper addresses the lack of a structured framework for disclosing and addressing AI flaws by proposing Coordinated Flaw Disclosure (CFD), an adaptation of Coordinated Vulnerability Disclosure (CVD) tailored to machine learning. The authors define Flaw as any unexpected model behavior outside the defined intent and scope, and introduce innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and automated verification. They outline a practical CFD workflow, including Complete Model/System Cards, a CFE issuance process, and a CFD governance structure, plus a plan for a real-world pilot at DEF CON 32 and a Common Use Enumeration (CUE) system. The framework aims to improve AI accountability and public trust by balancing vendor and community interests, while acknowledging limitations and outlining future work to realize wide adoption across AI systems.

Abstract

Harm reporting in Artificial Intelligence (AI) currently lacks a structured process for disclosing and addressing algorithmic flaws, relying largely on an ad-hoc approach. This contrasts sharply with the well-established Coordinated Vulnerability Disclosure (CVD) ecosystem in software security. While global efforts to establish frameworks for AI transparency and collaboration are underway, the unique challenges presented by machine learning (ML) models demand a specialized approach. To address this gap, we propose implementing a Coordinated Flaw Disclosure (CFD) framework tailored to the complexities of ML and AI issues. This paper reviews the evolution of ML disclosure practices, from ad hoc reporting to emerging participatory auditing methods, and compares them with cybersecurity norms. Our framework introduces innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and an automated verification process. We also outline a forthcoming real-world pilot of CFD. We argue that CFD could significantly enhance public trust in AI systems. By balancing organizational and community interests, CFD aims to improve AI accountability in a rapidly evolving technological landscape.
Paper Structure (43 sections, 2 figures, 1 table)

This paper contains 43 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. Coordinated Disclosure Conventions in Cybersecurity
  4. Differences between Traditional Software and ML in Disclosure
  5. ML Models are Expected to Make Mistakes
  6. Intent of ML Model is Hard to Quantify and Test
  7. Ethical and Safety Questions are Hard to Judge
  8. Absence of Unified Product or Weakness Enumeration
  9. Disclosure Practices in Machine Learning Systems: Evolving Trends
  10. Security Disclosures for ML Systems
  11. Infrastructure Reports
  12. Model Design Failure Reports
  13. Error Reports
  14. Reports that Depend on Context
  15. Disclosure of Ethical Issues in ML Systems
  16. ...and 28 more sections

Figures (2)

  • Figure 1: A potential template for a CFE report by a user.
  • Figure 2: Flowchart of the CFE issuance processes described in Section \ref{['sec:issuance']}.