MITER launches AI incident sharing initiative

MITER and industry are working together to improve collective AI defenses

MCLEAN, Va., October 2, 2024–(BUSINESS WIRE)–MITRE's Center for Threat-Informed Defense (Center) worked with more than 15 companies to expand the community's knowledge of threats and mitigations for AI-powered systems, with the launch of the AI ​​Incident Sharing initiative culminated.

Work on the incident sharing initiative is part of the Center's Secure AI project, based on MITER ATLAS™, launched in June 2024. The AI ​​Incident Sharing initiative aims to improve collective threat awareness and ultimately AI-powered defense systems by enabling rapid and protected exchange of information about attacks or accidents involving AI-enabled systems are involved. The initiative builds on two years of incident sharing collaboration across the broader MITER ATLAS community to enable faster characterization and sharing of anonymized incidents.

In parallel, the Secure AI collaboration also expanded the ATLAS threat framework to further update the adversarial threat landscape for generative AI-enabled systems. Similar to MITER ATT&CK®, the ATLAS Threat Framework is a community knowledge base about attacker behavior that security experts, developers and operators use to protect AI-enabled systems.

The project added several new generative AI-focused case studies and attack techniques to the public ATLAS knowledge base, as well as new methods for mitigating attacks on AI-powered systems. MITER had previously worked with Microsoft to increase the focus of the ATLAS knowledge base on generative AI with updates released in November 2023. Through these efforts, ATLAS remains representative of the latest proven threats to AI systems in the wild.

Collaborators on the Secure AI project include: AttackIQ, BlueRock, Booz Allen Hamilton, CATO Networks, Citigroup, Cloud Security Alliance, CrowdStrike, FS-ISAC, Fujitsu, HCA Healthcare, HiddenLayer, Intel, JPMorgan Chase Bank, Microsoft, Standard Chartered and Verizon business.

“As public and private organizations of all sizes and industries continue to integrate AI into their systems, the ability to manage potential incidents is critical,” said Douglas Robbins, vice president of MITER Labs. “The standardized and rapid exchange of incident information will enable the entire community to improve the collective defense of such systems and mitigate external damage.”

The MITER ATLAS AI Incident Sharing initiative provides a community of trusted contributors with protected and anonymized data on real-world AI incidents that occur in operational AI-enabled systems.

The story continues

Anyone can submit an incident via the public incident sharing site. Once submitted, your organization will be considered for membership in the trusted community of data recipients. Sharing and receiving this proprietary information will enable more data-driven risk intelligence and analysis to be conducted at scale across the community.

MITER operates other public-private information sharing partnerships, including the publicly available Common Vulnerabilities and Exposures (CVE) list, which it operates on behalf of the Cybersecurity and Infrastructure Security Agency to identify, define and catalog publicly disclosed cybersecurity vulnerabilities. MITER also follows this approach with the Aviation Safety Information Analysis and Sharing (ASIAS) database to exchange data and safety information to detect and prevent aviation hazards.

The AI ​​incident sharing website and submission form are available at https://ai-incidents.mitre.org/.

About MITER

MITER's mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded research and development centers, we work across government and in partnership with industry to address challenges to our nation's security, stability and well-being.

About the Center for Threat-Informed Defense

The Center is a nonprofit, privately funded research and development organization operated by MITER Engenuity™, a technology foundation for the public good. The Center's mission is to advance the state of the art and practice in threat-informed defense worldwide. Comprised of participating organizations from around the world with sophisticated security teams, the Center is built on MITER ATT&CK®, a critical foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center works for the common good, the results of its research and development are publicly available and benefit everyone. For further information please contact [email protected].

View source version on businesswire.com: https://www.businesswire.com/news/home/20241002197150/en/

Contacts

Jeremy Singer, [email protected]