CVSS-inspired risk scoring and vulnerability classification for AI systems
The practice of adapting CVSS (Common Vulnerability Scoring System) methodology to create quantitative risk scores and qualitative severity classifications for vulnerabilities specific to artificial intelligence systems.
It enables organizations to objectively prioritize AI security threats, allocating limited resources to address the most critical risks to model integrity, data privacy, and operational continuity. This structured approach reduces subjective bias in security decision-making and is essential for meeting emerging AI governance and compliance mandates.
1Careers
1Categories
9.2 Avg Demand
25%
Avg AI Risk
How to Learn CVSS-inspired risk scoring and vulnerability classification for AI systems
1. Master CVSS 3.1/4.0 base metrics (Attack Vector, Attack Complexity, etc.) and their standard values. 2. Understand core AI vulnerabilities (data poisoning, model evasion, model inversion, prompt injection) and their unique impact vectors. 3. Study foundational AI risk frameworks like NIST AI RMF and MITRE ATLAS to map vulnerabilities to business impacts.
1. Practice by manually scoring known AI vulnerabilities from sources like OWASP Top 10 for LLMs or published CVEs. 2. Develop a custom scoring rubric that adds AI-specific metrics (e.g., Data Poisoning Scope, Model Integrity Degradation Rate) to the CVSS base. 3. Common mistake: Over-relying on technical severity without mapping to business impact (e.g., ignoring a high-severity prompt injection because the model is non-critical).
1. Architect an integrated risk scoring pipeline that ingests threat intelligence, vulnerability scan results, and asset criticality to produce dynamic, context-aware risk scores. 2. Align scoring outputs with strategic initiatives like model monitoring budgets, insurance underwriting, and regulatory reporting (e.g., EU AI Act). 3. Mentor teams by creating and evangelizing a standardized AI Vulnerability Classification Guide within the organization.
Practice Projects
Beginner
Project
Score a Known LLM Vulnerability
Scenario
Your company's customer service chatbot is vulnerable to prompt injection attacks that can leak internal API keys.
How to Execute
1. Identify the vulnerable component (the LLM's input processing layer). 2. Use the CVSS 3.1 calculator (e.g., FIRST.org's tool) to calculate a base score. 3. Document your reasoning for each metric choice (e.g., Attack Vector is Network, Scope is Changed because it affects backend systems). 4. Present the score with a remediation recommendation.
Intermediate
Case Study/Exercise
Prioritize a Vulnerability Backlog for a Fraud Detection Model
Scenario
Your security team has identified three vulnerabilities: 1) A data poisoning risk in the training pipeline, 2) A model extraction API that is too permissive, and 3) A bias drift issue that could cause discriminatory outcomes.
How to Execute
1. Create a simple spreadsheet with columns for CVSS Base Score, AI-Specific Impact (e.g., Financial Loss, Reputational Damage), and Asset Criticality. 2. Score each vulnerability using your customized rubric. 3. Rank them by a composite score (e.g., Base * Impact * Criticality). 4. Draft a one-page executive summary justifying the recommended fix order.
Advanced
Project
Design an AI Vulnerability Management Program
Scenario
As the new AI Security Lead, you must establish a repeatable process for identifying, scoring, and remediating vulnerabilities across 50+ production ML models.
How to Execute
1. Define an asset inventory (models, data pipelines, serving endpoints) and assign business criticality tiers. 2. Develop an automated or semi-automated vulnerability detection pipeline (SAST for ML code, DAST for APIs, data validation checks). 3. Implement a scoring engine that applies your custom CVSS-inspired rubric. 4. Integrate the output into your existing risk register and IT service management (e.g., Jira) for tracking remediation SLAs.
Tools & Frameworks
Vulnerability Scoring & Classification Frameworks
CVSS 3.1/4.0 (FIRST.org)OWASP Top 10 for Large Language Model ApplicationsMITRE ATLAS (Adversarial Threat Landscape for AI Systems)NIST AI Risk Management Framework (AI RMF)
CVSS provides the foundational scoring engine. OWASP Top 10 for LLMs and MITRE ATLAS provide the vulnerability taxonomy and attack patterns specific to AI/ML. NIST AI RMF provides the high-level risk context for classification and response.
Software & Platforms for Implementation
CVSS Calculator (first.org/cvss/calculator)Vulnerability Management Platforms (e.g., Tenable.io, Qualys VMDR - with AI extensions)ML Security Scanners (e.g., Protect AI, SydeLabs, Robust Intelligence)Custom Python Scripts (for data manipulation and scoring automation)
Use the official CVSS calculator for consistent scoring. Enterprise VMS platforms are evolving to include AI asset tracking. ML security scanners automate the discovery of model-specific flaws. Custom scripts are often needed to glue the process together.
Mental Models & Methodologies
Risk = Likelihood x ImpactDefense in Depth for AIThreat Modeling for ML Systems (e.g., STRIDE adapted for AI)
The core risk equation ensures scores translate to business decisions. Defense in Depth guides the selection of multiple controls (e.g., input validation, model monitoring, output filtering). Threat modeling helps proactively identify vulnerabilities before they are discovered.
Interview Questions
Answer Strategy
The interviewer is testing your ability to systematically apply a framework to an ambiguous problem. Use the CVSS base metrics as your structure, but explicitly adapt them to the AI context. Sample Answer: 'I would start by defining the Attack Vector as Network if the model is served via API, and Physical if it's an on-device camera. Attack Complexity is High because crafting effective adversarial patterns requires technical skill. The Scope would be Unchanged as it typically affects the model itself. The primary impact is Integrity (misclassification), which could have secondary Availability or Confidentiality impacts depending on the use case. I would also assign a custom AI Severity sub-score for 'Model Trust Degradation' to capture the broader risk to system reliability.'
Answer Strategy
This tests your business acumen and communication skills. The core competency is aligning technical risk with business impact. Sample Answer: 'We found a high-scoring (8.8) model inversion vulnerability in an internal R&D model used for feature experimentation. While technically severe, the model was air-gapped, not connected to PII, and the experimental data had low business value. I communicated that the raw CVSS score was misleading. I presented a business-adjusted risk score of Low, recommended a low-priority fix, and redirected the team to focus on a moderate-scoring but customer-facing data leakage risk instead. This built credibility by showing I prioritized business outcomes over checkbox security.'
Careers That Require CVSS-inspired risk scoring and vulnerability classification for AI systems