Bipartisan Senate bill on AI security would bolster voluntary cyber reporting processes
A bipartisan Senate bill released Wednesday would strengthen security measures around artificial intelligence, overhauling a series of actions including cyber vulnerability tracking and a public database for AI incident reports.
The Secure AI Act of 2024, introduced by Sens. Mark Warner, D-Va., and Thom Tillis, R-N.C., requires the National Institute of Standards and Technology to update the National Vulnerability Database (NVD) and the Cybersecurity and Infrastructure Security Agency to update the Common Vulnerabilities and Exposure (CVE) program, or create a new process, according to a summary of the bill.
Additionally, the bill would charge the National Security Agency with establishing an AI Security Center that would provide an AI test-bed for research for private-sector and academic researchers, and develop guidance to prevent or mitigate “counter AI-techniques.”
“Safeguarding organizations from cybersecurity risks involving AI requires collaboration and innovation from both the private and public sector,” Tillis said in a press release. “This commonsense legislation creates a voluntary database for reporting AI security and safety incidents and promotes best practices to mitigate AI risks.”
Under the legislation, CISA and NIST would have one year to develop and implement a voluntary database for tracking AI security and safety incidents, which would be available to the public.
Similarly, NIST would only have 30 days after the enactment of this legislation to initiate a “multi-stakeholder process” to evaluate if the consensus standards for vulnerability reporting accommodate AI security vulnerabilities. After establishing this process, NIST would have 180 days to submit a report to Congress about the sufficiency of reporting processes.
“By ensuring that public-private communications remain open and up-to-date on current threats facing our industry, we are taking the necessary steps to safeguard against this new generation of threats facing our infrastructure,” Warner said in the press release.