The Essential Role of AISIRT in Flaw and Vulnerability Management
The rapid expansion of artificial intelligence (AI) in 2023 introduced a new wave of security challenges. In response, the Carnegie Mellon University Software Engineering Institute's CERT Division established the first Artificial Intelligence Security Incident Response Team (AISIRT) in November 2023. AISIRT was created to identify, analyze, and respond to AI-related incidents, flaws, and vulnerabilities—particularly in systems critical to defense and national security. We recently collaborated with 33 experts across academia, industry, and government to emphasize the pressing need for better coordination in managing AI flaws and vulnerabilities. In this blog post, we provide background on AISIRT and what we have been doing over the last year, specifically in regard to coordination of flaws and vulnerabilities in AI systems.