VRT Revision for AI Application Security Category

[ChaoticCooties]

Hello,

Given the limited ratings we currently have in the AI Application Security category, I’d like to propose a revised set of vulnerability classes that better capture the current threat landscape in AI systems:

Severity	VRT Category	Specific Vulnerability Name	Variant/Affected Function
P1	AI Application Security	Training Data Poisoning	Backdoor Injection / Bias Manipulation
P1	AI Application Security	Model Extraction	API Query-Based Model Reconstruction
P1	AI Application Security	Sensitive Information Disclosure	Cross-Tenant PII Leakage/Exposure
P1	AI Application Security	Remote Code Execution	Full System Compromise
P1	AI Application Security	Sensitive Information Disclosure	Key Leak
P2	AI Application Security	Remote Code Execution	Sandboxed Container Code Execution
P2	AI Application Security	Prompt Injection	System Prompt Leakage
P2	AI Application Security	Vector and Embedding Weaknesses	Embedding Exfiltration / Model Extraction
P2	AI Application Security	Denial-of-Service (DoS)	Application-Wide
P3	AI Application Security	Vector and Embedding Weaknesses	Semantic Indexing
P3	AI Application Security	Improper Output Handling	Cross-Site Scripting (XSS)
P4	AI Application Security	Improper Output Handling	Markdown/HTML Injection
P4	AI Application Security	AI Safety	Misinformation / Wrong Factual Data
P4	AI Application Security	Insufficient Rate Limiting	Query Flooding / API Token Abuse
P4	AI Application Security	Denial-of-Service (DoS)	Tenant-Scoped
P4	AI Application Security	Adversarial Example Injection	AI Misclassification Attacks
P5	AI Application Security	Improper Input Handling	ANSI Escape Codes
P5	AI Application Security	Improper Input Handling	Unicode Confusables
P5	AI Application Security	Improper Input Handling	RTL Overrides

I’d love to hear your thoughts/feedback and whether we can formalize these changes.
Thanks.

[TimmyBugcrowd]

These have been added with the new release Version 1.16