English

Coordinated Flaw Disclosure for AI: Beyond Security Vulnerabilities

Artificial Intelligence 2024-07-29 v3 Cryptography and Security Computers and Society

Abstract

Harm reporting in Artificial Intelligence (AI) currently lacks a structured process for disclosing and addressing algorithmic flaws, relying largely on an ad-hoc approach. This contrasts sharply with the well-established Coordinated Vulnerability Disclosure (CVD) ecosystem in software security. While global efforts to establish frameworks for AI transparency and collaboration are underway, the unique challenges presented by machine learning (ML) models demand a specialized approach. To address this gap, we propose implementing a Coordinated Flaw Disclosure (CFD) framework tailored to the complexities of ML and AI issues. This paper reviews the evolution of ML disclosure practices, from ad hoc reporting to emerging participatory auditing methods, and compares them with cybersecurity norms. Our framework introduces innovations such as extended model cards, dynamic scope expansion, an independent adjudication panel, and an automated verification process. We also outline a forthcoming real-world pilot of CFD. We argue that CFD could significantly enhance public trust in AI systems. By balancing organizational and community interests, CFD aims to improve AI accountability in a rapidly evolving technological landscape.

Keywords

Cite

@article{arxiv.2402.07039,
  title  = {Coordinated Flaw Disclosure for AI: Beyond Security Vulnerabilities},
  author = {Sven Cattell and Avijit Ghosh and Lucie-Aimée Kaffee},
  journal= {arXiv preprint arXiv:2402.07039},
  year   = {2024}
}

Comments

Accepted to the 7th AAAI Conference on AI, Ethics, and Society (AIES) 2024

R2 v1 2026-06-28T14:45:05.105Z