Saved in:
Bibliographic Details
Main Authors: Bieringer, Lukas, McGregor, Sean, Nichols, Nicole, Paeth, Kevin, Stängler, Jochen, Wespi, Andreas, Alahi, Alexandre, Grosse, Kathrin
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.14855
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914529055604736
author Bieringer, Lukas
McGregor, Sean
Nichols, Nicole
Paeth, Kevin
Stängler, Jochen
Wespi, Andreas
Alahi, Alexandre
Grosse, Kathrin
author_facet Bieringer, Lukas
McGregor, Sean
Nichols, Nicole
Paeth, Kevin
Stängler, Jochen
Wespi, Andreas
Alahi, Alexandre
Grosse, Kathrin
contents AI systems face a growing number of AI security threats that are increasingly exploited in the real world. Hence, shared AI incident reporting practices are emerging in industry as best practice and as mandated by regulatory requirements. Although non-AI cybersecurity and non-security AI reporting have progressed as industrial and policy norms, existing collections of practices do not meet the specific requirements posed by AI security reporting. we argue that established processes are not well aligned with AI security reporting due to fundamental shortcomings for the distinctive characteristics of AI systems. Some of these shortcomings are immediately addressable, while others remain unresolved technically or within social systems, like the treatment of IP or the ownership of a vulnerability. Based on this position, we examine the limitations of current AI security incident reporting proposals. We conclude that the advent of AI agents will further reinforce the need to advance specialized AI security incident reporting.
format Preprint
id arxiv_https___arxiv_org_abs_2412_14855
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Position: Mind the Gap-AI Security and the Limits of Current Reporting Standards
Bieringer, Lukas
McGregor, Sean
Nichols, Nicole
Paeth, Kevin
Stängler, Jochen
Wespi, Andreas
Alahi, Alexandre
Grosse, Kathrin
Cryptography and Security
AI systems face a growing number of AI security threats that are increasingly exploited in the real world. Hence, shared AI incident reporting practices are emerging in industry as best practice and as mandated by regulatory requirements. Although non-AI cybersecurity and non-security AI reporting have progressed as industrial and policy norms, existing collections of practices do not meet the specific requirements posed by AI security reporting. we argue that established processes are not well aligned with AI security reporting due to fundamental shortcomings for the distinctive characteristics of AI systems. Some of these shortcomings are immediately addressable, while others remain unresolved technically or within social systems, like the treatment of IP or the ownership of a vulnerability. Based on this position, we examine the limitations of current AI security incident reporting proposals. We conclude that the advent of AI agents will further reinforce the need to advance specialized AI security incident reporting.
title Position: Mind the Gap-AI Security and the Limits of Current Reporting Standards
topic Cryptography and Security
url https://arxiv.org/abs/2412.14855