人工智能网络安全合作行动手册

TLP:CLEAR

TLP:CLEAR

JCDCAICybersecurityCollaborationPlaybook

JointCyberDefenseCollaborative

CybersecurityandInfrastructureSecurityAgency

January14,2025

ThisdocumentismarkedTLP:CLEAR:Disclosureisnotlimited.FormoreinformationontheTrafficLightProtocol,see

/tlp.

JCDCAICybersecurityCollaborationPlaybookTLP:CLEAR

Page2of33

TLP:CLEAR

TableofContents

Acknowledgements 3

QuestionsandFeedback 5

Disclaimer 5

Audience 6

Background 6

Purpose 6

KeyDefinitions 7

InformationSharing:ProtectionsandMechanisms 8

Information-SharingProtections 8

Information-SharingMechanisms 9

InformationSharingWithinJCDC 9

NewlyIdentifiedVulnerabilityCoordination 10

IncidentReporting 10

ProactiveInformationSharing 11

InformationSharingRegardinganIncidentorVulnerability 12

CISA’sInformationAnalysisandOperationalUse 17

EnhancedCoordination 18

CalltoAction 19

AppendixA:PopulatedExampleofChecklistsforInformationHandlingRestrictionsandVoluntary

InformationSharing 21

AppendixB:CaseStudiesforProactiveInformationSharingandEnhancedCoordination 26

ProactiveInformationSharingExample:ClearviewAIMisconfigurationCaseStudy 26

EnhancedCoordinationExample:CompromisedPyTorchDependencyChain 27

AppendixC:AdditionalAvenuesforVoluntaryInformationSharing 29

AppendixD:AdditionalResources 32

Page3of33

TLP:CLEAR

Acknowledgements

TheCybersecurityandInfrastructureSecurityAgency(CISA)

1

ledthedevelopmentoftheArtificialIntelligence(AI)CybersecurityCollaborationplaybookincollaborationwithfederal,international,andprivatesectorpartnersthroughtheJointCyberDefenseCollaborative(JCDC).

2

JCDCisa

public-privatecollaborativewithinCISAthatleveragesauthoritiesgrantedbyCongressinthe

2021NationalDefenseAuthorizationAct(NDAA)tounitetheglobalcybercommunityindefenseofcyberspace.TheJCDClogoonthisdocumentsignifiesthecontributionstothisplaybookmadebyJCDCpartners

3

,particularlyJCDC.AIpartners

4

,incollaborationwithCISA.JCDCpartnersarelistedbelow.

TheJCDCAICybersecurityCollaborationPlaybookwasdevelopedasadirectresultoftwo

tabletop

exercises

(TTXs)heldin2024,whichbroughttogetherfederal,industry,andinternational

partners.ThefirstTTX,hostedinJune2024atMicrosoftinReston,Virginia,laidthegroundworkbyaddressingtheuniquechallengesposedbyartificialintelligence(AI)cybersecurityincidents.Thisfoundationalexerciseinformedtheearlystagesoftheplaybook’sdevelopment.ThesecondTTX,hostedinSeptember2024atScaleAI’sheadquartersinSanFrancisco,California,helpedparticipantsfurtherrefinetheplaybookbysimulatinganAIcybersecurityincidentinthefinancialservicessector.CISAincorporatedreal-timefeedbackintotheplaybookfromapproximately150participants,includingrepresentativesfromU.S.federalagencies,theprivatesector,and

internationalgovernmentorganizations.Theseexerciseshighlightedtheneedforenhancedoperationalcollaborationandinformationsharing,ultimatelyshapingthefinalversionoftheplaybook.

Thefollowingpartnerscontributedtothedevelopmentofthisplaybook:

FederalGovernmentPartners

•FederalBureauofInvestigation(FBI)

•NationalSecurityAgency(NSA)ArtificialIntelligenceSecurityCenter(AISC)

1“AboutCISA,”CybersecurityandInfrastructureSecurityAgency,accessedNovember20,2024,

/about.

2“JointCyberDefenseCollaborative,”CybersecurityandInfrastructureSecurityAgency,accessedNovember20,2024,

/topics/partnerships-and-collaboration/joint-cyber-defense-collaborative.

3EntitiesacrosstheU.S.federalgovernment;industry;state,local,tribal,andterritorial(SLTT)entities;andinternational

governmentsintegratedintoJCDCcorefunctions,suchascyberdefenseplanning,operationalcollaboration,andcybersecurityguidanceproduction.Email

cisa.jcdc@

tolearnmoreaboutbecomingaJCDCpartner.

4JCDC.AIisanoperationalcommunitythatincludesU.S.federalgovernmentagencies,privatesectorentities(suchasAIproviders,developers,andadopters),andinternationalgovernmentorganizationsfocusedoncollaborationregardingrisks,threats,

vulnerabilities,andmitigationsconcerningAI-enabledsystems.Tolearnmore,emailjcdc.ai@.

Page4of33

TLP:CLEAR

IndustryPartners

•Anthropic•AWS

•Cisco

•Cranium

•Fortinet

•GitHub

•Google

•HiddenLayer•IBM

•IntercontinentalExchange(ICE)

•JPMorganChase

•Microsoft

•NVIDIA

•OpenAI

•PaloAltoNetworks

•ProtectAI

•RobustIntelligence(nowpartofCisco)

•ScaleAI

•StabilityAI

•U.S.Bank

•Zscaler

InternationalPartners

•AustralianSignalsDirectorate’sAustralianCyberSecurityCentre(ASD’sACSC)

•UKNationalCyberSecurityCentre(NCSC)

Page5of33

TLP:CLEAR

QuestionsandFeedback

Thisplaybookwillbeupdatedasneededtoreflectstakeholderfeedback,changesinthethreatlandscape,orshiftsintheoperatingenvironment.Stakeholdersareencouragedtoprovide

feedbackaboutthisplaybookto

CISA.JCDC@

withthesubjectline:“Feedback:AICybersecurityCollaborationPlaybook.”

Disclaimer

AIsafetytopics,suchasriskstohumanlife,health,property,ortheenvironment,areoutsidetheintendedscopeoftheJCDCAICybersecurityCollaborationPlaybook.Stakeholdersshould

addressanyrisksorthreatsinvolvinghumanlife,health,property,ortheenvironmentinatimelyandappropriatemannerinaccordancewiththeirownapplicableprocessorproceduresforsuchevents.Similarly,issuesrelatedtoAIfairnessandethicsarealsooutsidethescopeofthis

playbook.Thisplaybookdoesnotcreatepolicies,imposerequirements,mandateactions,oroverrideexistinglegalorregulatoryobligations.Allactionstakenunderthisplaybookare

voluntary.

Thisdocumentisforinformationalpurposesonlyandisnotintendedtobindthepublicorcreateanyrequirementwithwhichthepublicmustcomply.Theauthoringagenciesdonotendorseanycommercialentity,product,company,orservice,includinganyentities,products,orservices

linkedorreferencedwithinthisdocument.Anyreferencetospecificcommercialentities,

products,processes,orservicesbyservicemark,trademark,manufacturer,orotherwise,doesnotconstituteorimplyendorsement,recommendation,orfavoringbytheauthoringagencies.

Note:Thecyberincidentreportinglandscapeisconstantlyevolving.

5

Thisguideisnotintendedtoprovideacomprehensiveoverviewofallpossiblereportingchannels.Instead,thisguideis

intendedtosupplementanorganization’sexistingcyberincidentresponseresourceswith

potentialillustrativeexamplesofkeyreportingavenuestoconsider.Organizationsshouldconsultwiththeirlegalcounseltoidentifyrelevantstatutory,contractual,regulatory,andotherlegal

reportingrequirementsthatmayapplyatthetimeofthecyberincident.

5FurtherinformationaboutU.S.federalcyberincidentreportingrequirementseitherineffectorproposedacrosstheU.S.federal

governmentasofSeptember2023isincludedatAppendixBoftheDHSReportonHarmonizationofCyberIncidentReportingto

theFederalGovernment,availableat

/publication/harmonization-cyber-incident-reporting-federal-

government.

Page6of33

TLP:CLEAR

Audience

Thisplaybookinformsoperationalcybersecurityprofessionals,includingincidentresponders,

securityanalysts,andothertechnicalstaff,onhowtocollaborateandshareinformationwithCISAandJCDCaboutAI-relatedcybersecurityincidentsandvulnerabilities.

Background

CISA,asAmerica’scyberdefenseagencyandtheNationalCoordinatorforcriticalinfrastructuresecurityandresilience,playsacriticalroleinaddressingAI-specificcybersecuritychallenges.ThroughJCDC.AI,CISAbuildspublic-privatepartnershipstoimproveinformationsharingand

developsplanstofacilitatecoordinatedresponsestocyberthreatstargetingsoftwaresystems,includingAIsystems.AsAIbecomesincreasinglyintegratedintocriticalinfrastructure,

understanding,andaddressingitsdistinctchallengesandcomplexitiesareessentialtobolsteringdefensesagainstmaliciouscyberactors.

AIsystemsintroduceuniquecomplexitiesduetotheirrelianceondata-driven,non-deterministicmodels,makingthemvulnerabletomaliciouscyberactivitysuchasmodelpoisoning,data

manipulation,andadversarialinputs.

6

Thesevulnerabilities,coupledwiththerapidadoptionofAIsystems,demandcomprehensivestrategiesandpublic-privatepartnershiptoaddressevolvingrisks.CISAcollaborateswithJCDCpartnersleveragingsharedknowledgeandcapabilitiesto

confrontmaliciouscyberactorsandstrengthencollectiveresiliency.

Purpose

TheJCDCAICybersecurityCollaborationPlaybookfacilitatesvoluntaryinformationsharingacrosstheAIcommunity,includingAIproviders,developers,andadopters,tostrengthencollectivecyberdefensesagainstemergingthreats.Theplaybookisintendedtofosteroperationalcollaborationamonggovernment,industry,andinternationalpartnersandwillbeperiodicallyupdatedto

ensureadaptabilitytothedynamicthreatlandscapeasAIadoptionaccelerates.

Thisplaybookaimsto:

•GuideJCDCpartnersonhowtovoluntarilyshareinformationrelatedtoincidentsandvulnerabilitiesassociatedwithAIsystems.

•OutlineCISA’sactionsuponreceivingsharedinformation.

6ApostolVassilevetal.,“AdversarialMachineLearning:ATaxonomyandTerminologyofAttacksandMitigations,”NationalInstituteofStandardsandTechnology,January2024,

/nistpubs/ai/NIST.AI.100-2e2023.pdf.

Page7of33

TLP:CLEAR

•Facilitatecollaborationbetweenfederalagencies,privateindustry,internationalpartners,andotherstakeholderstoraiseawarenessofAIcybersecurityrisksandimprovethe

resilienceofAIsystems.

WhilefocusedonstrengtheningcollaborationwithinJCDC,theplaybookdefineskeycategoriesofinformationapplicabletootherinformation-sharingmechanisms(AppendixC)suchasinformationsharingandanalysiscenters(ISACs).CISAencouragesorganizationstoadopttheplaybook’s

guidancetoenhancetheirowninformation-sharingpractices,contributingtoaunifiedapproachtoAI-relatedthreatsacrosscriticalinfrastructure.

KeyDefinitions

TheJCDCAICybersecurityCollaborationPlaybookincorporatesdefinitionsfromkeylegislativeandtechnicalframeworkstoestablishafoundationforaddressingAIcybersecuritychallenges.

•AIsystem:Machine-basedsystemthat,foragivensetofhuman-definedobjectives,makespredictions,recommendations,ordecisionsthatinfluencerealorvirtualenvironments.

TheseAIsystemsusebothmachine-andhuman-basedinputstoperceiveenvironments,abstractthoseperceptionsintomodelsthroughautomatedanalysis,andusemodel

inferencetoprovideoptionsforinformationoraction.

7

•Incident:Theterm‘‘incident’’meansanoccurrencethatactuallyorimminently

jeopardizes,withoutlawfulauthority,theintegrity,confidentiality,oravailabilityof

informationonaninformationsystem,oractuallyorimminentlyjeopardizes,withoutlawfulauthority,aninformationsystem.

8

Withthesedefinitions,CISAdevelopedthisworkingdefinitionforAIcybersecurityincidents:

“Anoccurrencethatactuallyorimminentlyjeopardizes,withoutlawfulauthority,the

confidentiality,integrity,oravailabilityoftheAIsystem,anyothersystemenabledand/orcreatedbytheAIsystem,orinformationstoredonanyofthesesystems.”

Cybersecurityincidentstypicallyresultfromvulnerabilitiesinsoftwareorsystems.Vulnerabilities,definedbytheNationalInstituteofStandardsandTechnology(NIST)as“weaknessesinan

informationsystem,systemsecurityprocedures,internalcontrols,orimplementationthatcould

715U.S.C.9401(3).

8Section2200oftheHomelandSecurityActof2002,asamended(P.L.107-296)(codifiedat6U.S.C.650).

Page8of33

TLP:CLEAR

beexploitedortriggeredbyathreatsource,”

9

arecentraltothecybersecurityofAIsystems.ThisplaybookalsofacilitatesthecoordinateddisclosureofvulnerabilitiesassociatedwithAIsystemsincriticalinfrastructure.

InformationSharing:ProtectionsandMechanisms

BysharinginformationthroughJCDC,companiesbenefitfromenhancedcoordination,

governmentsupport,andgaintheabilitytocollaborateonAIcybersecurityissueswithinatrustedenvironment.JCDCprovidesamechanismforcommunicationonvitalcybersecuritymatters

acrosscriticalinfrastructuresectors,enablingcompaniestodiscussandaddressshared

challengesonAIcybersecurity.JCDC’sconveningcapabilitieshelporganizationsaccessvaluablethreatintelligence,mitigationstrategies,andacollaborativecybersecurityenvironment.

Throughtheinformationshared,JCDCexpeditescoordinatedresponsestocyberthreatsand

helpsgovernmentpartnersgatherinformationnecessarytodeterminewhethernationalincidentresponsemechanismsshouldbeactivated.Additionally,JCDCproducesanddistributesrelevant

cyberthreatintelligence,vulnerabilitymanagementinsights,andmitigationstrategies,empoweringcompaniestobettermanageandneutralizeemergingthreats.

Information-SharingProtections

TheCybersecurityInformationSharingActof2015(CISA2015)(6U.S.C.§§1501-1533)createsprotectionsfornon-federalentitiestosharecyberthreatindicatorsanddefensivemeasuresforacybersecuritypurposeinaccordancewithcertainrequirementswiththegovernmentandprovidesthattheymaydosonotwithstandinganyotherlaw.Suchprotectionsincludethenon-waiverof

privilege,protectionofproprietaryinformation,exemptionfromdisclosureundertheFreedomofInformationAct(FOIA),prohibitiononuseinregulatoryenforcement,andmore.

10

CISA2015alsorequiresDHStooperateacapabilityandprocessforsharingcyberthreatindicatorswithboththefederalgovernmentandprivatesectorentitiesandprovidesforliabilityprotectionforinformationsharedthroughthisprocess.Thestatutealsocreatesprotectionsforcyberthreatindicatorsanddefensivemeasuressharedinaccordancewiththestatutoryrequirementswithstate,local,tribal,andterritorial(SLTT)entities,includingthattheinformationshallbeexemptfromdisclosure

underSLTTfreedomofinformationlaws.CISA2015doesnotcoverinformationsharedthatisnotacyberthreatindicatorordefensivemeasure,asdefinedbythelaw.AI-relatedinformationis

9JointTaskForce,“SecurityandPrivacyControlsforInformationSystemsandOrganizations.NISTSpecialPublication800-53r5,”NationalInstituteofStandardsandTechnology,September2020,

/10.6028/NIST.SP.800-53r5.

ThisdefinitionisusedacrossmanyotherNISTdocuments;seethe

vulnerabilityentryintheComputerSecurityResourceCenterGlossary.

10IntheeventthatCISAreceivesaFreedomofInformationAct(FOIA)requestforinformationthatisnotcoveredunderCISA2015,CISAwillnotdiscloseanyinformationthatmaybewithheldfromdisclosureunderFOIA’sexemptions.

Page9of33

TLP:CLEAR

coveredundertheActtotheextenttheinformationqualifiesasacyberthreatindicatoror

defensivemeasure.Theseaspectsarefurtherdetailedinmultipleguidancedocuments,

especiallytheDHS-DOJ

GuidancetoAssistNon-FederalEntitiestoShareCyberThreatIndicators

andDefensiveMeasureswithFederalEntitiesundertheCybersecurityInformationSharingActof

2015.

Information-SharingMechanisms

CISAhasestablishedprocessestomanageandsafeguarddatasharedbyJCDCpartners.

InformationSharingWithinJCDC

CISAleveragestheTrafficLightProtocol(TLP)

11

asitsprimarydisseminationcontrolmarkingsystem.AlldatasharedwithinJCDCviaemailshouldbeclearlymarkedwiththerelevantTLPdesignation.Similarly,otherstakeholderscanshareinformationwithJCDCviaemailat

CISA.JCDC@

followingtheTLPmarkingsystem.SomeTLPdesignationsrequire

obtainingpermissionfromthesourcebeforedisseminatingoutsideone’sorganization.All

organizationsshouldseekappropriatepermissionsbeforesharing.Additionalguidanceonthe

typesofinformationthatarevaluabletosharewithJCDCisprovidedinthe

ProactiveInformation

Sharing

and

InformationSharingRegardingandIncidentorVulnerability

sectionsbelow.

Attimes,JCDCpartnersmaywishtoshareinformationwithoutattribution.Insuchcircumstances,thesepartnerscansharedirectlywithCISA,forCISAtoshareonwardswithoutattribution.

Partnersshouldprovidedetailedinstructionsonhowtheirinformationshouldbehandledand

specifyanyrestrictionsonitsusewhensharingitwithCISA,asoutlinedin

Checklist1.

Withthesesafeguardsandprotocols,CISAfostersasecureenvironmentforsharingcriticalcybersecurity

informationwithinJCDC,encouragingactiveparticipation,andsafeguardingsensitivedata.

AppendixA

providesapopulatedexampleofChecklist1.

Checklist1:Information-HandlingRestrictionsandContext

ChecklistforInformationHandlingRestrictions

Expectedfeedbackrequested

oIncludespecificquestionsforCISA.

oProvideexpectationsaboutfeedback(i.e.,foractionorforawarenessonly).

oAreyousharinginformationorsubmittingarequestforinformation(RFI)?

11“TrafficLightProtocol(TLP)DefinitionsandUsage,”

/news-events/news/traffic-light-protocol-tlp-definitions-

and-usage.

Page10of33

TLP:CLEAR

ChecklistforInformationHandlingRestrictions

TLPmarkingandcaveats

oIncludeTLPmarking.

oMayCISA/JCDCsharewithotherindustrypartners,otherU.S.federalgovernmentpartners,and/orinternationalpartners?

oAreyourequestingunattributedsharing?

oDetailanycaveatstosharingwithotherpartners(i.e.,industry,international,and/orU.S.federalgovernment).

NewlyIdentifiedVulnerabilityCoordination

Toreportnewlyidentifiedcybersecurityvulnerabilitiesinproductsandservices,JCDCpartners

shoulduseCISA’scoordinatedvulnerabilitydisclosureprocess.Partnerscansecurelysubmitthevulnerabilitythroughthe

“ReportaVulnerability”

linkon

CISA’sCoordinatedVulnerability

Disclosurepage.

JCDCpartnerswhohavequestionsorconcernsrelatedtothisprocessare

encouragedtocontactaJCDCrepresentative.TherepresentativecanconnectpartnerswithCISAVulnerabilityManagementstaff.

Othervulnerabilitycoordinationbestpracticestoconsider:

•Establishandoperateavulnerabilitydisclosurepolicy(VDP)sosecurityresearchersandotherscanunderstandwhattypesoftestingareauthorizedforwhichsystemsandwheretosendvulnerabilityreports.See

BindingOperationalDirective20-01

foranexampleofaVDPthatCISAsharedwithfederalagencies.JCDCpartnersshouldmodifythetemplateVDPasappropriate.

•IfavulnerabilityisfoundinasystemoperatedbyaJCDCpartner,entitiesshouldfollowthatpartner’sVDPtoreporttheissueaccordingtotheirspecificguidelines.

•IfaJCDCpartnernoticesavulnerabilityinadeployedfederalgovernmentsystem,notify

thesystemownerasrequestedintheirVDP.Asalastresort,theseissuesmaybereportedtoCISAthroughthe

CarnegieMellonUniversitySoftwareEngineeringInstitute(SEI)CERT

CoordinationCenter.

IncidentReporting

Toreportanincident,JCDCpartnersshoulduse

CISA’sVoluntaryCyberIncidentReporting

portal.ReportingentitiesshoulddescribeanyAI-relatedaspectsoftheincidentintheexplanatorytextboxesprovidedintheform.

Page11of33

TLP:CLEAR

ProactiveInformationSharing

JCDCstronglyencouragespartnerstoproactivelyshareactionableinformationasearlyas

possibleforanAIcybersecurityincidentorvulnerability.GiventhecomplexityofAIsystemsandthechallengesinidentifyingsecurityissuesandtheirrootcauses,JCDCpartnersshould

consistentlyandproactivelysharekeyinformationonmaliciousactivity,trends,pre-release

publications,andassessments.Ongoinginformationsharingallowsallpartnerstomaintain

situationalawarenessoftheevolvinglandscape,enablingtheearlydetection,identification,andremediationofcriticalthreats.Byfosteringawell-informedandcollaborativecyberdefense

network,JCDCstrengthenstheprotectionandresilienceofAIsystemsacrossallcriticalinfrastructuresectors.

Proactiveinformation-sharingcategoriesasoutlinedin

Table1

helpCISAandJCDCpartners

evaluaterelevantinformationthathasbeenobserved,understandthecomplexityoftheoperatingenvironment,andmakeinformeddecisionsaboutpotentialdefensiveactions.Seealso

AppendixB

foranexampleofanincidentwherepartnerswouldbeencouragedtoshareinformationproactively.

Table1:ProactiveInformationCategories

ProactiveInformationCategories

Ifsharing

Thenprovidedetailsabout

Observedmaliciousactivitytargeting

JCDCpartnerorothers

Attemptedintrusionsorattacks.

Malwareartifacts.

Claimsmadebymaliciousactorsrelatedtotargeting,plannedattacks.

Maliciousactorindicatorsofcompromise(IOCs)and

tactics,techniques,andprocedures(TTPs)discovered

throughthreatintelligence,observedactivity/targeting,orothermeans.

Otherobservablesand/orevidencerelatedtomaliciousactivity.

Page12of33

TLP:CLEAR

ProactiveInformationCategories

Suspiciousbehavior

Activitythatappearspotentiallymaliciousbutmaynotbeconfirmedasmalicious.Forexample,anIPaddressthatisobservedconductingabnormalactivitythatcannotbe

explained,evenafterinternalreviews.

JCDCpartner

priorities(tellCISAwhatyoucare

about)

Maliciousactorsthatarebeingtrackedclosely.

Incidentsofconcern.

Threatactivityofconcern(i.e.,aspecificthreatactoridentifiedthroughknowntargetingofAIinfrastructure).

Incidentandvulnerabilitytrends(i.e.,commonlytargeteddigitaltrends,numberofincidentshandledin-house).

Threatassessments

Yearlyreviewsandretrospectives.

Threatactorprofiles.

System

configurationinformation

Softwarebillsofmaterials(SBOM)foryourorganization’srespectiveproducts.

Blogsandpublications

RelatedtoAIcybersecurityissuesandconcerns.

RelatedtoorincludingmaliciousactivityorthreatactorIOCs/TTPs.

Relatedtoknownincidentsorvulnerabilities.

★Newbestsecuritypracticesand

lessonslearned

Publishedguidance,bestpractices,post-mortems,andlessonslearnedbyaJCDCpartneronAIcybersecurityissues.

InformationSharingRegardinganIncidentorVulnerability

JCDCpartnersshouldconsult

Checklist2

tovoluntarilyshareinformationregardinganAI

cybersecurityincidentorvulnerability.OtherstakeholderscansharevoluntaryinformationwithJCDCviaemailat

CISA.JCDC@.

Thischecklisthelpshighlightactionabledatato

streamlinethesharingprocessamongstJCDCandpartners.

AppendixA

providesapopulatedexampleofChecklist2.WhileJCDCencouragespartnerstofollowthechecklist,itwelcomesanyrelevantsharedinformation,evenifnotallchecklistpointsaremet.

Page13of33

TLP:CLEAR

Additionally,usingthewebformto

voluntarilyreportanincident

ora

vulnerabilityinaproductor

service

isagoodwaytoprovideallrelevantinformationtoCISAviaanencryptedchannel.Ifusingthewebform,JCDCpartnersshouldnotifyaJCDCrepresentativeviaemail.

Checklist2:VoluntaryInformationSharing

ChecklistforVoluntaryInformationSharing

Descriptionoftheincidentor

vulnerability

oIsthisinformationrelatedtoanincident,anattemptedattack,scanningactivity,orsuspiciousactivity?

oIsthisinformationrelatedtoavulnerability?Includethe

CommonVulnerabilitiesandExposures(CVE)assignment,ifavailable.

oWasthisinformationobtaineddirectlyorindirectly(viaanotherorganization)?

oWasthisinformationobtainedfromaprivilegedornon-publicsource?

oWhatistheconfidencelevelofthisinformation?Isthis

informationconfirmedtoberelatedtomaliciousactivityorisitunconfirmed(i.e.,suspiciousactivity)?

Howtheincidentorvulnerability

wasfirstdetected

oInitialaccessvector.

oDetectionmethod(e.g.,STIXindicators).

oIOCs.

oIndicatorsofattack.

oSampleattackinformationorscreenshots.

oIP(InternetProtocol)addresses,domains,andhashes.

oTimestampstoincludedates/timesrelatedtowhentheinformationwasactiveorobserved.

oWhataretheIOCsbeingusedfor(e.g.,initialaccess,commandandcontrol[C2]infrastructure)?

Page14of33

TLP:CLEAR

ChecklistforVoluntaryInformationSharing

Systemandnetwork

vulnerabilities

oKnownandpreviouslydisclosedvulnerabilitiesbeingmaliciouslyexploitedinthewild.

oVulnerabilitiesofcriticalconcern(fromaJCDCpartner’sperspective),evenifexploitationevidencehasnotbeenfoundyet.

oPubliclyknownproofsofconceptinopen-sourceplatforms(i.e.,newsreporting,socialmedia).

oNote:Duetosensitivityconcerns,non-publicorlesser-knownproofsofconceptshouldbesharedwithCISAthroughthe

“ReportaVulnerability”linkon

CISA’sCoordinated

VulnerabilityDisclosureProcesspage,

whichincludesa

sectiontoreportexploitationinformation.Seealsothe

“NewlyIdentifiedVulnerabilityCoordination”

section.

AffectedAI

artifact(s)andsystems

oAnyknownmodelinformationaboutthetrainingdataset:

modelname,modelversion,modeltask,modelarchitecture,modelsource(authororlocation),andlifecyclephase.

oAnyknowninformationabouttheAImodeldeveloper.

oAnyagentic,copilot,orthird-partyplatformsinuse.

oAnyknowninformationaboutApplicationProgrammingInterface(API)andlibraries.

oSoftware/hardwareconfigurationandaccessspecifictotheAImodel.

oThesoftwareunderpinningtheaffectedsystem(s).

oAIapplicationinformation(i.e.,authorinformation,AIapplicationaccesses).

Page15of33

TLP:CLEAR

ChecklistforVoluntaryInformationSharing

Affectedusersorvictims

oIfknown,specificortype(i.e.,sector)ofvictimstargetedbasedonJCDCpartner’sinteractionsand/orcampaignattribut