Information Security
Lowered barriers for offensive cyber capabilities, including via automated discovery and exploitation of vulnerabilities to ease hacking, malware, phishing, offensive cyber operations, or other cyberattacks; increased attack surface for targeted cyberattacks, which may compromise a system’s availability or the confidentiality or integrity of training data, code, or model weights.
ENTITY
1 - Human
INTENT
1 - Intentional
TIMING
2 - Post-deployment
Risk ID
mit764
Domain lineage
4. Malicious Actors & Misuse
4.2 > Cyberattacks, weapon development or use, and mass harm
Mitigation strategy
1. Rapidly implement an automated and prioritized vulnerability and patch management program across all software, operating systems, and dependent components. This process must focus on applying patches immediately upon release, particularly those addressing Common Vulnerabilities and Exposures (CVEs) that are actively being exploited (N-day exploits), to prevent automated exploitation of known weaknesses. 2. Enforce the Principle of Least Privilege (PoLP) and implement mandatory Multi-Factor Authentication (MFA) for all access points, especially those accessing sensitive training data, source code, and model weights. This limits the potential impact of credential theft and unauthorized access, thereby safeguarding the confidentiality and integrity of core system assets. 3. Reduce the overall system attack surface through disciplined asset inventory management, the removal of unneeded services and software, and the deployment of network segmentation (microsegmentation). This approach isolates critical components, confining the scope of any potential breach and restricting the lateral movement of a malicious actor within the environment.