TL;DR:
Scorings like CVSS evaluate IT risks, but AI introduces risks that CVSS doesn’t cover such as: psychological manipulation, unintended harm, and health consequences. I’m proposing a first draft of a scoring framework called “AI Risk Assessment – Health” to help close this gap. My intention is to make AI safer for users, especially focusing on minors and vulnerable populations. This is not a finished standard but an open invitation to collaborate.
==Background:==
I’m a physician, not an AI security expert or IT professional. While using AI for daily use, I stumbled upon a serious filter failure and tried, unsuccessfully, to report it. After investigating the field and reading technical vulnerability reports, I noticed that security reports typically include CVSS scoring. CVSS works well for software bugs, but it doesn't reflect the new human and psychological risks posed by AI. Using CVSS would be a bit like using a nutrition label to rate painkillers.
This inspired me to sketch an alternative. AI Risk Assessment-Health focuses on things current scoring systems miss: human safety, mental health, and vulnerable populations.
==The Framework:==
The framework evaluates risks across seven dimensions (like Physical Safety Impact, Mental Health Impact, and AI Bonding) and calculates a severity score. The framework, in it’s current state, is purely heuristic and not battle-hardened, however it serves as a discussion starter.
==An Invitation to Collaborate:==
As a physician without an IT background, I bring an outside perspective that places human well-being at the center but which inevitably overlooks technical and mathematical nuances. This framework is not expected to be a finished standard, but rather a discussion starter and a critical thought experiment.
I warmly invite experts from IT security, AI safety, standardization, psychology, and other professions to critique, extend, or even completely rework this draft. My goal is, working together, to find a common language to precisely communicate and prioritize the very real health risks posed by AI systems.
Here are a few example topics I’m interested in digging into:
How can health-related risks be rated without being overly subjective?
Should this be an extension of CVSS or an entirely separate system?
How can the scoring algorithm, weighting, and calibration be made more rigorous?
==Closing Thought==
My intention with building this framework is to build a safer AI, especially for minors and vulnerable people as well as to enable a standardized way of communicating, evaluating, and prioritizing AI content and behavior issues.
So I kindly ask you. Take it, break it, make it better.
Many thanks to everyone who has stuck with me this far. Your opinion is greatly appreciated.
ynori7•4mo ago
==Background:== I’m a physician, not an AI security expert or IT professional. While using AI for daily use, I stumbled upon a serious filter failure and tried, unsuccessfully, to report it. After investigating the field and reading technical vulnerability reports, I noticed that security reports typically include CVSS scoring. CVSS works well for software bugs, but it doesn't reflect the new human and psychological risks posed by AI. Using CVSS would be a bit like using a nutrition label to rate painkillers.
This inspired me to sketch an alternative. AI Risk Assessment-Health focuses on things current scoring systems miss: human safety, mental health, and vulnerable populations.
==The Framework:== The framework evaluates risks across seven dimensions (like Physical Safety Impact, Mental Health Impact, and AI Bonding) and calculates a severity score. The framework, in it’s current state, is purely heuristic and not battle-hardened, however it serves as a discussion starter.
You can find the full draft here:
https://github.com/Yasmin-FY/AIRA-F/blob/main/README.md
==An Invitation to Collaborate:== As a physician without an IT background, I bring an outside perspective that places human well-being at the center but which inevitably overlooks technical and mathematical nuances. This framework is not expected to be a finished standard, but rather a discussion starter and a critical thought experiment.
I warmly invite experts from IT security, AI safety, standardization, psychology, and other professions to critique, extend, or even completely rework this draft. My goal is, working together, to find a common language to precisely communicate and prioritize the very real health risks posed by AI systems.
Here are a few example topics I’m interested in digging into:
How can health-related risks be rated without being overly subjective? Should this be an extension of CVSS or an entirely separate system? How can the scoring algorithm, weighting, and calibration be made more rigorous?
==Closing Thought== My intention with building this framework is to build a safer AI, especially for minors and vulnerable people as well as to enable a standardized way of communicating, evaluating, and prioritizing AI content and behavior issues.
So I kindly ask you. Take it, break it, make it better.
Many thanks to everyone who has stuck with me this far. Your opinion is greatly appreciated.