OWASP AIVSS targets agentic AI risk
Assessing software risk is a crucial task for security operations (SecOps) teams, who are bombarded by more than 4,000 alerts a day. A key tool historically for this is the Common Vulnerability Scoring System (CVSS). However, while the CVSS has proven valuable in identifying risks associated with software bugs, it is less effective when applied to the complexities of artificial intelligence (AI) systems. With that in mind, OWASP has launched a new AI Vulnerability Scoring System (AIVSS) project.
Ken Huang, co-chair of the Cloud Security Alliance’s AI Safety Working Group, wrote in his Agentic AI substack, said to think of the AIVSS as an extension to the existing CVSS framework — a new framework to understand and score AI-specific risks.
“It’s an initiative born out of a critical need to standardize how we identify, assess, and communicate security vulnerabilities specific to AI systems.” - Ken Huang
Traditional vulnerability scoring systems were never designed with the intricacies of AI in mind, said Marko Simeonov, founder and CEO of the cybersecurity services firm Plainsea.
To read the complete article see: