Title: A robust and implementable approach for AI vulnerability risk scoring

Authors: R. Marshal

Addresses: Indian Computer Emergency Response Team (CERT-In), New Delhi, India

Abstract: Software vulnerabilities are one of the major threats often exploited by cyber threat actors to launch cyber-attacks. Vulnerability risk scoring and severity ratings help to understand the criticality of the risk and the possible scale of impact it can create if exploited by threat actors. With the evolution in AI (Artificial Intelligence), the cyber threat landscape has increased. At the same time, the threat against AI systems has also increased. However, no proper risk scoring mechanisms not available for vulnerabilities in AI systems. In this study, a detailed analysis on the existing vulnerability risk scoring mechanisms is explored and a robust vulnerability risk scoring mechanism is proposed for AI systems. The mechanism can be used as a fundamental framework and can be refined according to the business requirements.

Keywords: AI; artificial intelligence; CVE; cybersecurity; EPSS; risk; vulnerability.

DOI: 10.1504/IJCCPS.2024.145818

International Journal of Cybernetics and Cyber-Physical Systems, 2024 Vol.1 No.4, pp.349 - 358

Received: 05 Jan 2025
Accepted: 08 Feb 2025
Published online: 25 Apr 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article