Overview
Severity: MEDIUM | Affected: Global AI Safety Consortium (GAISC) | Category: policy
The newly formed Global AI Safety Consortium (GAISC), comprised of representatives from the US, EU, UK, and Japan, has officially released the 'AI Command and Control (AI C2) Security Framework'. This landmark policy mandates stringent security requirements for companies developing or deploying 'critical AI systems,' defined as models used in infrastructure, finance, and defense. Key provisions include mandatory, continuous red teaming by independent third-party auditors, a standardized AI Vulnerability and Exploit (AIVE) disclosure program akin to CVE for traditional software, and strict data provenance requirements to mitigate data poisoning attacks. Non-compliance will result in significant fines and potential restrictions on market access within member nations. The framework is seen as a major step towards standardizing AI safety practices and holding developers accountable for the security of their systems.