Paper ID: 2402.07039
Coordinated Disclosure for AI: Beyond Security Vulnerabilities
Sven Cattell, Avijit Ghosh, Lucie-Aimée Kaffee
Harm reporting in the field of Artificial Intelligence (AI) currently operates on an ad hoc basis, lacking a structured process for disclosing or addressing algorithmic flaws. In contrast, the Coordinated Vulnerability Disclosure (CVD) ethos and ecosystem play a pivotal role in software security and transparency. Globally, there are ongoing efforts to establish frameworks that promote transparency and collaboration in addressing AI-related issues, though challenges persist. Algorithmic flaws in machine learning (ML) models present distinct challenges compared to traditional software vulnerabilities, warranting a specialized approach. To address this gap, we propose the implementation of a dedicated Coordinated Flaw Disclosure (CFD) framework tailored to the intricacies of machine learning and artificial intelligence issues. This paper delves into the historical landscape of disclosures in ML, encompassing the ad hoc reporting of harms and the emergence of participatory auditing. By juxtaposing these practices with the well-established disclosure norms in cybersecurity, we argue that the broader adoption of CFD has the potential to enhance public trust through transparent processes that carefully balance the interests of both organizations and the community.
Submitted: Feb 10, 2024