Official name: Intelligence Authorization Act for Fiscal Year 2025, Title V, Section 510 ("Management of artificial intelligence security risks")
Requires the National Institute of Standards and Technology to update vulnerability management processes for AI security risks. Establishes a voluntary database to track AI security and safety incidents. Evaluates standards for AI vulnerability reporting. Encourages best practices for AI supply chain risks.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding federal statute enacted by the United States Congress with mandatory obligations on federal agencies (NIST, CISA) to establish processes, databases, and reporting mechanisms within specified timeframes.
The document has good coverage of approximately 6-8 subdomains, with strong focus on AI system security vulnerabilities (2.2), privacy compromise (2.1), malicious actors using AI for cyberattacks (4.2), lack of robustness (7.3), lack of transparency (7.4), and governance failure (6.5). Coverage is concentrated in security, privacy, and AI safety domains.
This document does not govern specific economic sectors but rather establishes cross-sectoral federal processes for AI security vulnerability management and incident tracking. It mentions critical infrastructure and safety-critical systems as priority areas for incident tracking, suggesting broad applicability across multiple sectors.
The document primarily addresses the Deploy and Operate and Monitor lifecycle stages, with some coverage of Build and Use Model through supply chain risk considerations. It focuses on post-deployment vulnerability management, incident tracking, and ongoing monitoring of AI security and safety risks.
The document explicitly mentions AI systems and AI models throughout. It does not specifically reference frontier AI, general purpose AI, task-specific AI, foundation models, generative AI, predictive AI, or compute thresholds. It addresses open-source datasets and does not mention open-weight models specifically.
This is a federal statute enacted by Congress as part of the Intelligence Authorization Act for Fiscal Year 2025, Title V, Section 510.
NIST and CISA are designated to implement and oversee the vulnerability management processes, databases, and reporting mechanisms. Congressional committees receive reports and provide oversight.
NIST and CISA are responsible for tracking and processing security and safety incidents through databases and reporting mechanisms. Congressional committees monitor implementation through required reports.
The document mandates actions by federal agencies (NIST, CISA) and establishes voluntary mechanisms for private sector entities, public sector organizations, civil society groups, and academic researchers to participate in incident reporting.
9 subdomains (5 Good, 4 Minimal)