Download the guide here.
The OWASP AI Vulnerability Scoring System (AIVSS) v0.5 introduces a quantitative scoring methodology tailored to assess security risks in agentic AI systems—autonomous agents that act, plan, and interact with other agents or external systems. It adapts traditional vulnerability metrics (like attack vector, complexity, privileges required, user interaction, and scope) and extends them with AI‑specific metrics such as:
- Model Robustness (resistance to adversarial manipulation),
- Data Sensitivity, Ethical Implications, Decision Criticality, Adaptability, Adversarial Attack Surface, Lifecycle Vulnerabilities, Governance & Validation, and Cloud‑based LLM threats (from CSA taxonomy),
- Modified by a model complexity multiplier for more sophisticated models.
AIVSS also includes Environmental Metrics (like confidentiality, integrity, availability, and societal impact requirements) and allows adjusting base metrics based on deployment context. The document provides detailed scoring rubrics, practical guidelines, real‑world case studies, and integration guidance for embedding AIVSS in existing security workflows
Share This
