Identifying and Assigning AI Model Vulnerabilities
CVE/FIRST VulnCon 2025 · Main Stage
In an era defined by the rapid proliferation and integration of Artificial Intelligence (AI) across all sectors, understanding and managing its inherent vulnerabilities has become a critical challenge for the cybersecurity community. This talk, presented by Kyle Kian and D Ferguson from the Rand Corporation, delves into the evolving landscape of AI model vulnerabilities and the profound impact AI is having on the traditional vulnerability management ecosystem. They explore whether existing frameworks can adapt to these novel threats or if entirely new paradigms are required.
AI review
Rand Corporation researchers attempt to map the AI vulnerability landscape onto existing frameworks like CVE/CWE/CVSS, introduce two emerging disclosure frameworks (CFD and CDDC), and speculate on AI's dual-use offensive/defensive impact. The intentions are legitimate and the taxonomy work has value, but this is a literature survey and framework-comparison exercise dressed up as original research. There are no novel findings, no empirical data from Rand's own work, no demonstrated exploits, and no technical depth that security practitioners couldn't assemble in an afternoon from public…