Vulnerability Disclosure and Management for AI/ML Systems: A Working Paper with Policy Recommendations

36 Pages Posted: 16 Nov 2021 Last revised: 19 Nov 2021

See all articles by AJ Grotto

AJ Grotto

Stanford University - Freeman Spogli Institute for International Studies

James Dempsey

University of California, Berkeley - School of Law; Stanford University - Freeman Spogli Institute for International Studies

Date Written: November 15, 2021

Abstract

Artificial intelligence systems, especially those dependent on machine learning (ML), can be vulnerable to intentional attacks that involve evasion, data poisoning, model replication, and exploitation of traditional software flaws to deceive, manipulate, compromise, and render them ineffective. Yet too many organizations adopting AI/ML systems are oblivious to their vulnerabilities. Applying the cybersecurity policies of vulnerability disclosure and management to AI/ML can heighten appreciation of the technologies’ vulnerabilities in real-world contexts and inform strategies to manage cybersecurity risk associated with AI/ML systems. Federal policies and programs to improve cybersecurity should expressly address the unique vulnerabilities of AI-based systems, and policies and structures under development for AI governance should expressly include a cybersecurity component.

Keywords: Cyber, AI, artificial intelligence, vulnerability disclosure, vulnerability management

Suggested Citation

Grotto, AJ and Dempsey, James, Vulnerability Disclosure and Management for AI/ML Systems: A Working Paper with Policy Recommendations (November 15, 2021). Available at SSRN: https://ssrn.com/abstract=3964084 or http://dx.doi.org/10.2139/ssrn.3964084

AJ Grotto

Stanford University - Freeman Spogli Institute for International Studies ( email )

Encina Hall
Stanford, CA 94305
United States

James Dempsey (Contact Author)

University of California, Berkeley - School of Law ( email )

215 Boalt Hall
Berkeley, CA 94720-7200
United States

Stanford University - Freeman Spogli Institute for International Studies ( email )

Stanford, CA 94305
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
104
Abstract Views
563
rank
371,181
PlumX Metrics