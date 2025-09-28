The post CVE Allocation: Why AI Models Should Be Excluded appeared on BitcoinEthereumNews.com. James Ding Sep 26, 2025 19:58 Explore why Common Vulnerabilities and Exposures (CVE) should focus on frameworks and applications rather than AI models, according to NVIDIA’s insights. The Common Vulnerabilities and Exposures (CVE) system, a globally recognized standard for identifying security flaws in software, is under scrutiny concerning its application to AI models. According to NVIDIA, the CVE system should primarily focus on frameworks and applications rather than individual AI models. Understanding the CVE System The CVE system, maintained by MITRE and supported by CISA, assigns unique identifiers and descriptions to vulnerabilities, facilitating clear communication among developers, vendors, and security professionals. However, as AI models become integral to enterprise systems, the question arises: should CVEs also cover AI models? AI Models and Their Unique Challenges AI models introduce failure modes such as adversarial prompts, poisoned training data, and data leakage. These resemble vulnerabilities but do not align with the CVE definition, which focuses on weaknesses violating confidentiality, integrity, or availability guarantees. NVIDIA argues that the vulnerabilities typically reside in the frameworks and applications that utilize these models, not in the models themselves. Categories of Proposed AI Model CVEs Proposed CVEs for AI models generally fall into three categories: Application or framework vulnerabilities: Issues within the software that encapsulates or serves the model, such as insecure session handling. Supply chain issues: Risks like tampered weights or poisoned datasets, better managed by supply chain security tools. Statistical behaviors of models: Features such as data memorization or bias, which do not constitute vulnerabilities under the CVE framework. AI Models and CVE Criteria AI models, due to their probabilistic nature, exhibit behaviors that can be mistaken for vulnerabilities. However, these are often typical inference outcomes exploited in unsafe application contexts. For a CVE to be applicable,… The post CVE Allocation: Why AI Models Should Be Excluded appeared on BitcoinEthereumNews.com. James Ding Sep 26, 2025 19:58 Explore why Common Vulnerabilities and Exposures (CVE) should focus on frameworks and applications rather than AI models, according to NVIDIA’s insights. The Common Vulnerabilities and Exposures (CVE) system, a globally recognized standard for identifying security flaws in software, is under scrutiny concerning its application to AI models. According to NVIDIA, the CVE system should primarily focus on frameworks and applications rather than individual AI models. Understanding the CVE System The CVE system, maintained by MITRE and supported by CISA, assigns unique identifiers and descriptions to vulnerabilities, facilitating clear communication among developers, vendors, and security professionals. However, as AI models become integral to enterprise systems, the question arises: should CVEs also cover AI models? AI Models and Their Unique Challenges AI models introduce failure modes such as adversarial prompts, poisoned training data, and data leakage. These resemble vulnerabilities but do not align with the CVE definition, which focuses on weaknesses violating confidentiality, integrity, or availability guarantees. NVIDIA argues that the vulnerabilities typically reside in the frameworks and applications that utilize these models, not in the models themselves. Categories of Proposed AI Model CVEs Proposed CVEs for AI models generally fall into three categories: Application or framework vulnerabilities: Issues within the software that encapsulates or serves the model, such as insecure session handling. Supply chain issues: Risks like tampered weights or poisoned datasets, better managed by supply chain security tools. Statistical behaviors of models: Features such as data memorization or bias, which do not constitute vulnerabilities under the CVE framework. AI Models and CVE Criteria AI models, due to their probabilistic nature, exhibit behaviors that can be mistaken for vulnerabilities. However, these are often typical inference outcomes exploited in unsafe application contexts. For a CVE to be applicable,…

CVE Allocation: Why AI Models Should Be Excluded

Par : BitcoinEthereumNews
2025/09/28 01:59
WHY
WHY$0.00000002975+2.58%
Sleepless AI
AI$0.1211-1.94%
BRC20.COM
COM$0.011469-8.51%
Everclear
CLEAR$0.01572+6.14%
Notcoin
NOT$0.001563+0.06%


James Ding
Sep 26, 2025 19:58

Explore why Common Vulnerabilities and Exposures (CVE) should focus on frameworks and applications rather than AI models, according to NVIDIA’s insights.





The Common Vulnerabilities and Exposures (CVE) system, a globally recognized standard for identifying security flaws in software, is under scrutiny concerning its application to AI models. According to NVIDIA, the CVE system should primarily focus on frameworks and applications rather than individual AI models.

Understanding the CVE System

The CVE system, maintained by MITRE and supported by CISA, assigns unique identifiers and descriptions to vulnerabilities, facilitating clear communication among developers, vendors, and security professionals. However, as AI models become integral to enterprise systems, the question arises: should CVEs also cover AI models?

AI Models and Their Unique Challenges

AI models introduce failure modes such as adversarial prompts, poisoned training data, and data leakage. These resemble vulnerabilities but do not align with the CVE definition, which focuses on weaknesses violating confidentiality, integrity, or availability guarantees. NVIDIA argues that the vulnerabilities typically reside in the frameworks and applications that utilize these models, not in the models themselves.

Categories of Proposed AI Model CVEs

Proposed CVEs for AI models generally fall into three categories:

  1. Application or framework vulnerabilities: Issues within the software that encapsulates or serves the model, such as insecure session handling.
  2. Supply chain issues: Risks like tampered weights or poisoned datasets, better managed by supply chain security tools.
  3. Statistical behaviors of models: Features such as data memorization or bias, which do not constitute vulnerabilities under the CVE framework.

AI Models and CVE Criteria

AI models, due to their probabilistic nature, exhibit behaviors that can be mistaken for vulnerabilities. However, these are often typical inference outcomes exploited in unsafe application contexts. For a CVE to be applicable, a model must fail its intended function in a way that breaches security, which is seldom the case.

The Role of Frameworks and Applications

Vulnerabilities often originate from the surrounding software environment rather than the model itself. For example, adversarial attacks manipulate inputs to produce misclassifications, a failure of the application to detect such queries, not the model. Similarly, issues like data leakage result from overfitting and require system-level mitigations.

When CVEs Might Apply to AI Models

One exception where CVEs could be relevant is when poisoned training data results in a backdoored model. In such cases, the model itself is compromised during training. However, even these scenarios might be better addressed through supply chain integrity measures.

Conclusion

Ultimately, NVIDIA advocates for applying CVEs to frameworks and applications where they can drive meaningful remediation. Enhancing supply chain assurance, access controls, and monitoring is crucial for AI security, rather than labeling every statistical anomaly in models as a vulnerability.

For further insights, you can visit the original source on NVIDIA’s blog.

Image source: Shutterstock


Source: https://blockchain.news/news/cve-allocation-why-ai-models-should-be-excluded

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

Disney Pockets $2.2 Billion For Filming Outside America

Disney Pockets $2.2 Billion For Filming Outside America

The post Disney Pockets $2.2 Billion For Filming Outside America appeared on BitcoinEthereumNews.com. Disney has made $2.2 billion from filming productions like ‘Avengers: Endgame’ in the U.K. ©Marvel Studios 2018 Disney has been handed $2.2 billion by the government of the United Kingdom over the past 15 years in return for filming movies and streaming shows in the country according to analysis of more than 400 company filings Disney is believed to be the biggest single beneficiary of the Audio-Visual Expenditure Credit (AVEC) in the U.K. which gives studios a cash reimbursement of up to 25.5% of the money they spend there. The generous fiscal incentives have attracted all of the major Hollywood studios to the U.K. and the country has reeled in the returns from it. Data from the British Film Institute (BFI) shows that foreign studios contributed around 87% of the $2.2 billion (£1.6 billion) spent on making films in the U.K. last year. It is a 7.6% increase on the sum spent in 2019 and is in stark contrast to the picture in the United States. According to permit issuing office FilmLA, the number of on-location shooting days in Los Angeles fell 35.7% from 2019 to 2024 making it the second-least productive year since 1995 aside from 2020 when it was the height of the pandemic. The outlook hasn’t improved since then with FilmLA’s latest data showing that between April and June this year there was a 6.2% drop in shooting days on the same period a year ago. It followed a 22.4% decline in the first quarter with FilmLA noting that “each drop reflected the impact of global production cutbacks and California’s ongoing loss of work to rival territories.” The one-two punch of the pandemic followed by the 2023 SAG-AFTRA strikes put Hollywood on the ropes just as the U.K. began drafting a plan to improve its fiscal incentives…
Sidekick
K$0.1267-0.23%
Threshold
T$0.01529-0.45%
Union
U$0.010327-0.69%
Partager
BitcoinEthereumNews2025/09/18 07:20
Partager
SWIFT’s Stablecoin Pilot on Ethereum Sparks Buzz – Best Wallet Token ($BEST) Shows Big Potential

SWIFT’s Stablecoin Pilot on Ethereum Sparks Buzz – Best Wallet Token ($BEST) Shows Big Potential

They didn’t have the wild swings of meme coins or the promise of explosive gains that make headlines. But today, […] The post SWIFT’s Stablecoin Pilot on Ethereum Sparks Buzz – Best Wallet Token ($BEST) Shows Big Potential appeared first on Coindoo.
Hive AI
BUZZ$0.005512+2.72%
Ambire Wallet
WALLET$0.02226-0.13%
TokenFi
TOKEN$0.01181+0.68%
Partager
Coindoo2025/09/28 03:23
Partager
Layer Brett Picked As The Best Crypto To Buy Now By Experts Over Pi Coin & VeChain

Layer Brett Picked As The Best Crypto To Buy Now By Experts Over Pi Coin & VeChain

While Pi Coin (PI) and VeChain (VET) have long been part of the conversation, crypto analysts and early-stage investors are […] The post Layer Brett Picked As The Best Crypto To Buy Now By Experts Over Pi Coin & VeChain appeared first on Coindoo.
Solayer
LAYER$0.4204+0.09%
Pi Network
PI$0.26613-1.36%
VeChain
VET$0.02184-1.66%
Partager
Coindoo2025/09/18 00:13
Partager

Actualités tendance

Plus

Disney Pockets $2.2 Billion For Filming Outside America

SWIFT’s Stablecoin Pilot on Ethereum Sparks Buzz – Best Wallet Token ($BEST) Shows Big Potential

Layer Brett Picked As The Best Crypto To Buy Now By Experts Over Pi Coin & VeChain

Missed Out on SUI’s Explosion? Why BullZilla Is One of the Top Coins to Join for Short Term Right Now

BTC Dominance Rebounds While Experts Forecast Bitcoin Crash to $94K