OWASP Global AppSec: New AI vulnerability scoring system unveiled (www.scworld.com)

At OWASP Global AppSec, Ken Huang and a working group unveiled the AI Vulnerability Scoring System (AIVSS), a new framework designed to assess vulnerabilities in agentic, non‑deterministic AI systems that traditional models like CVSS fail to capture. AIVSS adapts CVSS by explicitly adding an “agentic‑capabilities” layer—factoring in autonomy, non‑determinism, tool use and ephemeral identities—so security teams can quantify AI‑specific risk such as tool impersonation, goal manipulation, and access control failures. The announcement signals a shift toward bespoke scoring for AI systems, aiming to make vulnerability prioritization and risk management meaningful in environments where agents can act, learn, and chain tools unpredictably. Technically, AIVSS computes risk by taking a CVSS base score, adding an agentic‑capabilities assessment, averaging that sum, and then multiplying by an environmental context factor to reflect deployment specifics. The draft includes a working set of the most severe agentic AI risks and emphasizes that risks are often compositional and cascading—e.g., insecure tool usage enabling goal manipulation. Co‑leads (including practitioners from OWASP, Zenity, AWS and Stanford) aim to publish AIVSS v1.0 by RSA 2026 and are soliciting community review and contributions, making this an important standardization effort for practitioners, researchers and vendors building or defending agentic AI.