Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2412.14855 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866914529055604736 |
|---|---|
| author | Bieringer, Lukas McGregor, Sean Nichols, Nicole Paeth, Kevin Stängler, Jochen Wespi, Andreas Alahi, Alexandre Grosse, Kathrin |
| author_facet | Bieringer, Lukas McGregor, Sean Nichols, Nicole Paeth, Kevin Stängler, Jochen Wespi, Andreas Alahi, Alexandre Grosse, Kathrin |
| contents | AI systems face a growing number of AI security threats that are increasingly exploited in the real world. Hence, shared AI incident reporting practices are emerging in industry as best practice and as mandated by regulatory requirements. Although non-AI cybersecurity and non-security AI reporting have progressed as industrial and policy norms, existing collections of practices do not meet the specific requirements posed by AI security reporting. we argue that established processes are not well aligned with AI security reporting due to fundamental shortcomings for the distinctive characteristics of AI systems. Some of these shortcomings are immediately addressable, while others remain unresolved technically or within social systems, like the treatment of IP or the ownership of a vulnerability. Based on this position, we examine the limitations of current AI security incident reporting proposals. We conclude that the advent of AI agents will further reinforce the need to advance specialized AI security incident reporting. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2412_14855 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Position: Mind the Gap-AI Security and the Limits of Current Reporting Standards Bieringer, Lukas McGregor, Sean Nichols, Nicole Paeth, Kevin Stängler, Jochen Wespi, Andreas Alahi, Alexandre Grosse, Kathrin Cryptography and Security AI systems face a growing number of AI security threats that are increasingly exploited in the real world. Hence, shared AI incident reporting practices are emerging in industry as best practice and as mandated by regulatory requirements. Although non-AI cybersecurity and non-security AI reporting have progressed as industrial and policy norms, existing collections of practices do not meet the specific requirements posed by AI security reporting. we argue that established processes are not well aligned with AI security reporting due to fundamental shortcomings for the distinctive characteristics of AI systems. Some of these shortcomings are immediately addressable, while others remain unresolved technically or within social systems, like the treatment of IP or the ownership of a vulnerability. Based on this position, we examine the limitations of current AI security incident reporting proposals. We conclude that the advent of AI agents will further reinforce the need to advance specialized AI security incident reporting. |
| title | Position: Mind the Gap-AI Security and the Limits of Current Reporting Standards |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2412.14855 |