As AI systems become more powerful and more deeply integrated into critical infrastructure, the question of how we identify and address their flaws has never been more urgent. Today, the process of reporting vulnerabilities and failures in AI systems is fragmented, inconsistent, and often discouraged. If we are serious about building trustworthy AI, that needs to change.
In the world of traditional software, coordinated vulnerability disclosure has become standard practice. Security researchers discover a bug, report it to the vendor through an established channel, and the vendor has a reasonable window to fix it before the flaw is made public. This process, refined over decades, has made software significantly more secure.
AI systems enjoy no such infrastructure. When researchers or users discover that an AI model produces harmful, biased, or dangerous outputs, there is no standardized way to report the issue. Some companies have ad hoc bug bounty programmes; most do not. The result is a patchwork of informal channels, social media disclosures, and academic papers that may take months to reach the teams who can actually fix the problem.
Consider the case of GPT-3.5: independent researchers discovered that the model could be manipulated into generating harmful content through carefully crafted prompts. Without a formal reporting mechanism, these findings circulated publicly before OpenAI could address them, simultaneously alerting bad actors and leaving users exposed. This is not an isolated incident; it is the norm in an industry that has grown far faster than its accountability infrastructure.
The consequences of this Wild West environment are serious. Flaws persist longer than they should. Researchers face legal uncertainty when probing AI systems. Companies lack visibility into the vulnerabilities in their own products. And the public is left to bear the risks of systems that have not been adequately scrutinized.
A group of researchers from MIT, Stanford, CMU, and Princeton has proposed a comprehensive framework to address this gap. Their proposal draws on the lessons of cybersecurity vulnerability disclosure and adapts them to the unique challenges of AI. It rests on three pillars:
The proposal calls for the creation of standardized formats and processes for reporting AI flaws. Just as the Common Vulnerabilities and Exposures (CVE) system provides a universal language for software bugs, AI needs its own taxonomy and reporting standards. This would include clear categories for different types of flaws (bias, safety, robustness, privacy leakage), severity ratings, and structured templates that ensure reports contain the information needed for effective remediation.
Standardization serves multiple purposes: it makes reports actionable, enables trend analysis across the industry, and creates a shared vocabulary that bridges the gap between researchers, developers, and regulators.
One of the greatest barriers to AI flaw reporting is legal risk. Researchers who probe AI systems for vulnerabilities may inadvertently violate terms of service, intellectual property protections, or computer fraud statutes. This chilling effect means that many flaws go unreported.
The proposal advocates for safe harbor provisions that protect good-faith security researchers from legal retaliation. Companies would commit to not pursuing legal action against researchers who follow responsible disclosure protocols, and governments would clarify that bona fide AI security research is protected activity. Without these protections, the entire reporting ecosystem will remain stunted.
Perhaps the most ambitious element of the proposal is the creation of a centralized Disclosure Coordination Center for AI flaws. This body would serve as a trusted intermediary between researchers and AI developers. It would receive reports, verify and triage them, coordinate with affected companies, and manage the timeline for public disclosure.
A centralized center would also aggregate data across reports, enabling the identification of systemic patterns that no single company could see on its own. It could publish anonymized trend reports, inform regulatory policy, and provide early warning of emerging risk categories. The center would need to be independent, trusted by both industry and the research community, and adequately funded to handle the volume of reports that a maturing AI ecosystem will generate.
Coordinated flaw reporting is not just a technical nicety; it is a cornerstone of responsible AI governance. The EU AI Act explicitly requires providers of high-risk AI systems to establish processes for post-market monitoring and incident reporting. A well-functioning disclosure ecosystem makes compliance with these requirements practical rather than theoretical.
More broadly, transparency about AI flaws strengthens the entire governance chain. It gives regulators the information they need to calibrate oversight. It gives companies the feedback they need to improve their systems. And it gives the public confidence that AI is being held to account.
Organizations that embrace coordinated disclosure, rather than treating vulnerability reports as threats, will build more resilient systems and stronger reputations. In a market where trust is increasingly a differentiator, this is a strategic advantage.
If your organization develops or deploys AI systems, the shift toward coordinated flaw reporting has immediate implications:
The AI industry is at an inflection point. The tools and practices we put in place today will determine whether AI earns and keeps the trust of the societies it serves. Coordinated flaw reporting is a critical piece of that puzzle.
If you want to strengthen your organization's approach to responsible AI, get in touch. We can help you build governance frameworks that are ready for this evolving landscape.