Skip to content

Latest commit

 

History

History
25 lines (19 loc) · 7.27 KB

File metadata and controls

25 lines (19 loc) · 7.27 KB

AI Threat Taxonomies

This document provides a consolidated overview of ten prominent AI threat taxonomies that are instrumental in shaping the Artificial Intelligence Vulnerability Scoring System (AIVSS). These taxonomies offer a comprehensive understanding of the diverse landscape of vulnerabilities and attacks that can impact AI systems.

Taxonomy Description Link
MITRE ATLAS A knowledge base of adversary tactics and techniques based on real-world observations, specifically focused on threats to machine learning systems. It provides a framework for understanding the adversarial ML lifecycle and includes case studies of attacks. https://atlas.mitre.org/
NIST AI 100-2 E2023 A taxonomy of adversarial machine learning, including attacks, defenses, and consequences. It provides a detailed framework for understanding and categorizing threats to AI systems and offers guidance on risk management. https://csrc.nist.gov/pubs/ai/100/2/e2023/final
EU HLEG Trustworthy AI Ethics guidelines for trustworthy AI developed by the European Commission's High-Level Expert Group on Artificial Intelligence. It focuses on human-centric AI principles, including fairness, transparency, accountability, and societal well-being. https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai
ISO/IEC JTC 1/SC 42 An international standards body developing standards for artificial intelligence. It covers various aspects of AI, including risk management, trustworthiness, bias, and governance. https://www.iso.org/committee/6794475.html
AI Incident Database A database of real-world incidents involving AI systems, including failures, accidents, and malicious attacks. It provides valuable data for understanding the risks associated with AI and informing risk management strategies. https://incidentdatabase.ai/
DARPA's GARD The Guaranteeing AI Robustness against Deception (GARD) program aims to develop defenses against adversarial attacks on AI systems. It focuses on developing robust AI that can withstand attempts to deceive or manipulate it. https://www.darpa.mil/research/programs/guaranteeing-ai-robustness-against-deception
OECD AI Principles Principles for responsible stewardship of trustworthy AI, adopted by the Organisation for Economic Co-operation and Development (OECD). They cover aspects such as inclusive growth, human-centered values, transparency, robustness, and accountability. https://oecd.ai/en/ai-principles
MITRE Atlas Matrix Adversarial ML Threat Matrix is a framework that captures the tactics, techniques, and procedures used by adversaries to attack ML systems. It is structured similarly to the ATT&CK framework but specialized for the domain of machine learning. https://atlas.mitre.org/
CSA LLM Threat Taxonomy Defines common threats related to large language models in the cloud. Key categories include model manipulation, data poisoning, sensitive data disclosure, model stealing, and others specific to cloud-based LLM deployments. https://cloudsecurityalliance.org/artifacts/csa-large-language-model-llm-threats-taxonomy
MIT AI Threat Taxonomy Comprehensive classification of attack surfaces, adversarial techniques, and governance vulnerabilities of AI. It details various types of attacks and provides mitigation strategies. https://arxiv.org/pdf/2408.12622
OWASP Top 10 for LLMs Highlights the most critical security risks for large language model applications. It covers vulnerabilities like prompt injection, data leakage, insecure output handling, and model denial of service, among others. https://owasp.org/www-project-top-10-for-large-language-model-applications/

How to use this file:

  1. Save: Save the content above as a .md file (e.g., ai_threat_taxonomies.md).
  2. View: You can then open this file in any Markdown viewer or editor (like VS Code, Typora, or directly on GitHub) to see the formatted table.
  3. Add your new domain specific taxonomy here using PR request