Skip to main content

A new Bill that would improve how we track, define, and handle security vulnerabilities in artificial intelligence (AI) systems has been proposed in the US Senate. The AI Incident Reporting and Security Enhancement Act, would direct the Director of the National Institute of Standards and Technology (NIST) to update the National Vulnerability Database (NVD) to reflect vulnerabilities to artificial intelligence systems, study the need for voluntary reporting related to artificial intelligence security and safety incidents, and other purposes.

The AI Incident Reporting and Security Enhancement Act, introduced by Reps. Deborah Ross, D-N.C., Jay Obernolte, R-Calif., and Don Beyer, D-Va., was approved via voice vote by the House Science, Space and Technology Committee. If approved by the full Congress and signed into law, it would give NIST the mandate to incorporate AI systems in the National Vulnerability Database (NVD).

The bill contains activities to support voluntary vulnerability and incident tracking associated with AI. NIST will be required to:

  • Work with industry experts and federal agencies like CISA to create common definitions for AI security vulnerabilities.
  • They’ll also identify what makes these vulnerabilities different from others in the NVD.
  • Develop new ways to manage AI-specific vulnerabilities that don’t fit well within the current NVD system.
  • Support the creation of new standards and guidelines for managing technical vulnerabilities related to Artificial Intelligence.
  • Start a process to update the NVD and its associated procedures to include AI security vulnerabilities as much as possible.

NIST is expected to submit a report within three (3) years of the bill’s enactment to congress, stating their findings and recommendations on how different groups can voluntarily share information about AI incidents. The Director of NIST is not empowered with any enforcement authority as the system is meant to be voluntary.

All these actions will be carried out subject to available funding. However, this may be a challenge as NIST has faced challenges managing the number of vulnerabilities it is already responsible for tracking and analyzing, due to budget cuts, flat staff growth and an increase in database-related email traffic email traffic related to the database. Nevertheless, Reps. Deborah Ross assures that they are actively exploring solutions that will help NIST handle the issues.

This Bill aims to use a voluntary basis to create a framework and database for significant AI Safety and security issues. This one of many Bills that are being proposed by the legislative government with a focus on AI. It is very crucial that more laws, regulations and policies need to be created and adopted to curb the rising number of AI attacks and safety concerns.

About the author: