Overview
Severity: MEDIUM | Affected: Major AI Developers | Category: policy
The U.S. National Telecommunications and Information Administration (NTIA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), has finalized the AI Vulnerability and Disclosure (AI VAD) mandate. This new regulation requires developers of 'frontier' AI models, defined by specific computational thresholds, to implement a formal, continuous red-teaming program and adhere to a structured vulnerability disclosure process. Under the new rules, companies must establish a public-facing system for security researchers to report vulnerabilities, such as jailbreaks or data privacy leaks. They are also required to publish transparency reports detailing discovered vulnerabilities and mitigation steps. The mandate aims to standardize security practices across the industry and create a safer ecosystem by incentivizing proactive vulnerability discovery, mirroring established practices in traditional cybersecurity. Non-compliance could result in significant fines.