Details of a vulnerability or report are structured in a few auxiliary data classes that are used in one or both base classes.
Below we describe the main auxiliary classes and their usage. For an exhaustive list, refer to our API documentation or the respective JSON schema.
description
High-level description of a vulnerability or report. This is relevant for both report and vulnerability.
problemtype
Information on the problem a report or vulnerability is concerned with. This has three components:
classof: class of a report or vuln, can take values AIID Incident, ATLAS Case Study, CVE Entry, LLM Evaluation, or Undefined.
type: whether a report is an Issue, Advisory, Measurement, or Detection.
description: details of the problem that has occurred.
affects
Information about the AI artifact(s) that have been affected.
developer: information about the developer of the affected artifact(s)
deployer: information about the deployer of the affected artifact(s)
artifacts: list of name and type (dataset, model, or system) of artifacts affected.
metrics
This class is only relevant in reports. It is strucured as a list of objects that store quantitative evaluation results for a specific metric.
Each such object has the following components.
The name of the metric being measured
The detection_method if any to determine if the metric value is risky enough, and its type (static_threshold or statistical_test)
references
This class contains a list of references about a vulnerability or report, that contain relevant information about the problem. A reference can be the link to an article, code in an online repository, an uploaded screenshot, or freeform text giving additional details.
impact
This class stores impact information, such as different taxonomy mappings, harm and severity scores.
Currently it contains a single field avid, which encodes the AVID taxonomy mappings of the vulnerability or report.
credit
This class stores information about person(s) or entity(s) that can be credited with finding out a report or vulnerability.