Why CVEs Belong in Frameworks and Apps, Not AI Models

The Common Vulnerabilities and Exposures (CVE) system is the global standard for cataloging security flaws in software. Maintained by MITRE and backed by CISA…

Rich Harang
7 min readintermediate
--
View Original

Overview

The article discusses the relevance of the Common Vulnerabilities and Exposures (CVE) system in relation to AI models, arguing that CVEs should be focused on the frameworks and applications that utilize these models rather than the models themselves. It highlights the unique vulnerabilities associated with AI models and emphasizes the importance of addressing security at the application level.

What You'll Learn

1

Why CVEs should focus on frameworks and applications rather than AI models

2

How to identify vulnerabilities in applications that use AI models

3

When to consider a CVE for backdoored AI models due to poisoned training data

Key Questions Answered

What types of vulnerabilities are associated with AI models?
AI models are associated with vulnerabilities that typically reside in the frameworks and applications that utilize them, such as insecure session handling and supply chain issues. The article categorizes these vulnerabilities into application flaws, supply chain risks, and statistical behaviors that do not fit the CVE definition.
How do adversarial inputs affect AI models?
Adversarial inputs can manipulate AI models to produce misclassifications or unwanted outputs. The vulnerability lies not in the model itself but in the application's failure to detect or control these adversarial queries, highlighting the importance of robust application design.
When is it appropriate to issue a CVE for AI models?
Issuing a CVE for AI models is appropriate primarily in cases of deliberate training data poisoning that creates reproducible backdoors. In most other cases, vulnerabilities are better tracked at the application or framework level, as they do not represent flaws in the model itself.

Key Actionable Insights

1
Focus on securing the application layer that interacts with AI models to mitigate risks.
Since vulnerabilities often arise from the surrounding application rather than the AI model, enhancing security measures at this level can significantly reduce the risk of exploitation.
2
Implement supply chain security mechanisms to track risks associated with AI model training data.
By ensuring the integrity of training data and monitoring for tampering, organizations can better protect against vulnerabilities that may arise from compromised datasets.
3
Educate development teams on the unique security challenges posed by AI models.
Understanding the specific vulnerabilities associated with AI can help teams design more secure applications and frameworks that effectively manage these risks.

Common Pitfalls

1
Misattributing vulnerabilities to AI models instead of the applications that use them.
This mistake occurs when security teams focus on the AI model itself rather than the surrounding application code, which is often where the actual vulnerabilities lie.