OWASP AI Vulnerability Scoring System (AIVSS)

This initiative kicks off with the critical development of a ** scoring system specifically for the Agentic AI Core Risks. This initial, high-impact deliverable will then expand into a comprehensive **Artificial Intelligence Vulnerability Scoring System (AIVSS) Framework Package. The broader project aims to provide a structured and quantifiable methodology to identify, assess, and mitigate vulnerabilities specific to all types of AI systems – not just Large Language Models (LLMs), Generative AI, or Agentic AI. The ultimate goal is a complete AIVSS Framework Package that serves as a baseline for understanding and managing AI security risks across the entire AI landscape.

🚀 Try the AIVSS Calculator Demo

Experience our interactive AIVSS calculator in action! Calculate vulnerability scores, understand security impacts, and generate detailed reports.

Launch Demo Calculator

Key Deliverables

  1. AIVSS Scoring System For OWASP Agentic AI Core Security Risks
    • A quantifiable scoring methodology tailored to the unique risks identified in the OWASP Agentic AI Core Risks.
    • Rubrics and guidelines for assessing the severity and exploitability of these specific vulnerabilities.
  2. Comprehensive AIVSS Framework Package:
    • Standardized AIVSS Framework: A scalable framework validated across a diverse range of AI applications, including and extending beyond Agentic AI.
    • AIVSS Framework Guide: Detailed documentation explaining the metrics, scoring methodology, and application of the framework.
    • AIVSS Scoring Calculator: An open-source tool to automate and standardize the vulnerability scoring process.
    • AIVSS Assessment Report Templates: Standardized templates for documenting AI vulnerability assessments.

🚀 Get Involved: Sign Up as a Contributor

We welcome your expertise and enthusiasm!
To join the OWASP AIVSS project as a contributor, simply add your information to our public signup sheet and submit a pull request.

How to sign up:

  1. Open the contributors signup sheet using Google Doc with your information added
  2. Add your details as a new row in the table (see the example provided).

Example entry is provided in the signup sheet to help you get started.

We welcome contributors of all backgrounds and experience levels—OWASP membership is not required. If you’re new to GitHub or open source, feel free to ask for help—everyone is welcome!

Road Map

The following is the initial roadmap:

  1. AIVSS Scoring System For OWASP Agentic AI Core Security Risks(Months 1-3):
    • Define core AIVSS metrics, with an initial focus on metrics directly applicable to scoring the OWASP Agentic AI Core Risks. Ensure clarity and precision.
    • Develop initial scoring rubrics for these Agentic AI-focused metrics.
  2. AIVSS Framework Specialization & Expansion (Months 4-6):
    • Develop specialized scoring rubrics for other specific AI system types (beyond Agentic AI).
    • Identify factors unique to each AI type that influence vulnerability assessment.
    • Create templates for AIVSS assessment reports, adaptable to different AI system types.
  3. AIVSS Scoring Calculator Development (Months 7-9):
    • Develop the core functionality of the AIVSS scoring calculator, ensuring it supports core AIVSS metrics, and specialized rubrics.
    • Implement the ability to add new AIVSS metrics and scoring rubrics.
  4. AIVSS Tool Testing and Refinement (Months 10-12):
    • Test the AIVSS scoring calculator against a diverse set of AI systems (including Agentic AI test cases), generating assessment reports.
    • Refine metrics, rubrics, and the calculator based on user feedback and assessment results.
  5. Documentation and Release (Month 12):
    • Finalize the AIVSS Framework Guide (comprehensive, clear, easy to understand).
    • Release the AIVSS Scoring Calculator as an open-source project.
    • Publish AIVSS assessment report templates and example reports (including for Agentic AI) on the OWASP project website.
    • Create detailed project documentation, including an integration guide for existing SDLCs.

Multi-Year Project Roadmap

  • Year 2: Apply AIVSS to Financial and Healthcare Industries:
    • Develop industry-specific guidelines for applying AIVSS to AI systems in finance and healthcare.
    • Create case studies and assessment reports showcasing AIVSS application in these sectors.
    • Collaborate with industry experts for validation and alignment with best practices.
  • Year 2/3: Expand AIVSS for Emerging AI Threats:
    • Continuously update the AIVSS framework to address new AI security threats, including further evolutions in Agentic AI vulnerabilities beyond the initial core risks.
    • Develop new AIVSS metrics and scoring rubrics as needed.
  • Year 3+: AIVSS Certification Program:
    • Explore creating a certification program for professionals proficient in using the AIVSS framework to drive adoption and enhance AI security expertise.

Leadership & Founding Members

Project Leadership

Current Leaders

Ken Huang

Ken Huang - Project Lead

Michael Bargury

Michael Bargury - Project Lead

Vineeth Sai Narajala

Vineeth Sai Narajala - Project Lead

Vineeth Sai Narajala

Bhavya Gupta - Project Lead

Founding Members

Names are listed alphabetically by last name.

The OWASP AIVSS project was established through the collaborative efforts of security experts and AI specialists who recognized the need for a standardized vulnerability scoring system for AI systems. We are grateful to the following founding members for their contributions:

Sunil Agrawal

Sunil Agrawal

Chief Information Security Officer
Glean

David Ames

David Ames

Partner
PwC

Michael Bargury

Michael Bargury

Founder and CTO
Zenity

Joshua Beck

Joshua Beck

Application Security Architect
SAS

Manish Bhatt

Manish Bhatt

Security Researcher
Amazon Kuiper Security

Mark Breitenbach

Mark Breitenbach

Security Engineer
Dropbox

Anat Bremler-Barr

Anat Bremler-Barr

Professor of Computer Science
Tel Aviv University

Siah Burke

Siah Burke

HIPAA Security Officer
Siah.ai

David Campbell

David Campbell

AI Security
Scale AI

Ying-Jung Chen

Ying-Jung Chen

AI safety researcher, PhD
Georgia Institute of Technology

Anton Chuvakin

Anton Chuvakin

Security Solution Strategy
Google

Jason Clinton

Jason Clinton

CISO
Anthorphic

Adam Dawson

Adam Dawson

Staff AI Security Researcher
Dreadnode

Ron F. Del Rosario

Ron F. Del Rosario

VP-Head of AI Security
SAP

Walker Lee Dimon

Walker Lee Dimon

AI Security Researcher
MITRE

Marissa Dotter

Marissa Dotter

AI Security Researcher
MITRE

Leon Derczynski

Leon Derczynski

Principal Research Scientist
NVIDIA

Dan Goldberg

Dan Goldberg

ISO Market Lead
Omnicom

David Haber

David Haber

CEO
Lakera

Idan Habler

Idan Habler

Staff AI/ML Security Researcher
Intuit

Jason Haddix

Jason Haddix

Founder
Arcanum Information Security

Keith Hoodlet

Keith Hoodlet

Director of AI/ML & AppSec
Trail of Bits

Ken Huang

Ken Huang

AIVSS Project Lead
OWASP

Chris Hughes

Chris Hughes

CEO
Aquia

Charles Iheagwara

Charles Iheagwara

AI/ML Security Leader
AstraZeneca

Krystal Jackson

Krystal Jackson

Researcher
Center for Long-Term Cybersecurity, UC Berkeley

Sushmitha Janapareddy

Sushmitha Janapareddy

Director - Security Integrations
American Express

Rob Joyce

Rob Joyce

Former Cybersecurity Director of NSA, Advisor to PwC
PwC

Diana Kelley

Diana Kelley

CISO
Noma Security

Prashant Kulkarni

Prashant Kulkarni

Lead AI Security Research Engineer
Google Cloud

Mahesh Lambe

Mahesh Lambe

Founder
MIT, Unify Dynamics

Edward Lee

Edward Lee

Vice President, Lead AI Security
JP Morgan

Nate Lee

Nate Lee

CEO
Cloudsec.ai

Vishwas Manral

Vishwas Manral

CEO
Precize.ai

Daniela Muhaj

Daniela Muhaj

Executive-in-Residence for Research & Development
AI 2030

Om Narayan

Om Narayan

AI Security Researcher
AWS

Vineeth Sai Narajala

Vineeth Sai Narajala

Application Security
AWS

Advait Patel

Advait Patel

Senior Site Reliability Engineer (DevSecOps \+ Cloud \+ AIOps)
Broadcom, IEEE

Alex Polyakov

Alex Polyakov

CEO
adversa.ai

Ramesh Raskar

Ramesh Raskar

Professor & Director
MIT Media Lab

Tal Shapira

Tal Shapira

Co-Founder & CTO
Reco AI

Akram Sheriff

Akram Sheriff

Senior AI/ML Software Engineering Leader
Cisco

Samantha Siau

Samantha Siau

Security and Compliance
Anthropic

Kevin Simmonds

Kevin Simmonds

Partner on AI Offensive Security
PWC

Martin Stanley

Martin Stanley

NIST AI RMF Lead
Independent

Omar A. Turner

Omar A. Turner

General Manager of Security
Microsoft

Apostol Vassilev

Apostol Vassilev

AI Research Team Supervisor
NIST

Matthew Versaggi

Matthew Versaggi

AI Fellow
White House Presidential Innovation Fellow

David Webb

David Webb

Agency Cybersecurity Officer
Cybersecurity and Infrastructure Security Agency

Dennis Xu

Dennis Xu

Research VP, AI
Gartner

Xiaochen Zhang

Xiaochen Zhang

Executive Director and Chief Responsible AI Officer
AI 2030

Recognition

We extend our gratitude to all founding members who have contributed to establishing this crucial framework for AI security assessment. Their vision and dedication have been instrumental in shaping the AIVSS project.

Get Involved

Interested in contributing to the AIVSS project? We welcome new contributors and leaders. Please see our Contribution Guidelines for more information on how to get involved.

AIVSS Calculator Demo

Try the AIVSS Calculator

Experience the AIVSS scoring system in action with our interactive calculator. This demo allows you to:

  • Calculate vulnerability scores for AI systems
  • Understand the impact of different security factors
  • Generate detailed reports based on your inputs
Launch AIVSS Calculator Demo

Announcements

AIVSS Kickoff Meeting Summary

Our Co-Leader of the Project, Ken Huang wrote a blog post about our kickoff meeting with the link to the video. OWASP AIVSS: The Kickoff Meeting

Publications

AIVSS Scoring System For OWASP Agentic AI Core Security Risks v0.5

First page of AIVSS publication

đź“„ Download PDF: AIVSS v0.5

Overview

This foundational document introduces the OWASP AI Vulnerability Scoring System (AIVSS), a standardized framework for assessing and quantifying security risks in AI systems, with a specific focus on agentic AI architectures. Version 0.5 represents the initial release of our comprehensive scoring methodology.

Key Features

  • Standardized Risk Assessment: Provides a consistent methodology for evaluating AI vulnerability severity across different systems and contexts
  • Agentic AI Focus: Tailored specifically for the unique challenges and risk vectors present in autonomous AI agents
  • Industry Integration: Designed to complement existing security frameworks while addressing AI-specific vulnerabilities
  • Practical Implementation: Includes actionable guidelines and scoring criteria for security professionals

What’s Inside

  • Scoring Framework: Detailed methodology for calculating AIVSS scores based on multiple risk factors
  • Risk Categories: Comprehensive coverage of AI-specific vulnerabilities including model manipulation, data poisoning, and agent misalignment
  • Assessment Guidelines: Step-by-step instructions for conducting AIVSS evaluations
  • Case Studies: Real-world examples demonstrating the application of AIVSS in various scenarios
  • Integration Guidance: Best practices for incorporating AIVSS into existing security workflows

Target Audience

This document is designed for security professionals, AI developers, risk assessors, and organizations seeking to implement robust security measures for their AI systems, particularly those involving autonomous agents.

This publication is actively maintained by the OWASP AIVSS project team. For updates, contributions, or questions, please visit our project repository.

Watch Star