BaseDraft

CWE-1434Insecure Setting of Generative AI/ML Model Inference Parameters

Category: other

Description

The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of erroneous or unexpected outputs.

Common consequences· 2

  • Integrity / Other — Varies by Context, Unexpected State
    The product can generate inaccurate, misleading, or nonsensical information.
  • Other — Alter Execution Logic, Unexpected State, Varies by Context
    If outputs are used in critical decision-making processes, errors could be propagated to other systems or components.

Potential mitigations· 3

  • [Implementation, System Configuration, Operation]Develop and adhere to robust parameter tuning processes that include extensive testing and validation.
  • [Implementation, System Configuration, Operation]Implement feedback mechanisms to continuously assess and adjust model performance.
  • [Documentation]Provide comprehensive documentation and guidelines for parameter settings to ensure consistent and accurate model behavior.

References

  1. https://cwe.mitre.org/data/definitions/1434.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Validation of Generative AI Output
CWE
Improper Neutralization of Input Used for LLM Prompting
CWE
Use of Insufficiently Random Values
CWE
Dependency on Vulnerable Third-Party Component
CWE
Insecure Storage of Sensitive Information
CWE
Reliance on Insufficiently Trustworthy Component
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.