Auxiliary Classes

High-level description of a vulnerability or report. This is relevant for both report and vulnerability.

Information on the problem a report or vulnerability is concerned with. This has three components:

• classof: class of a report or vuln, can take values AIID Incident, ATLAS Case Study, CVE Entry, LLM Evaluation, or Undefined.

• type: whether a report is an Issue, Advisory, Measurement, or Detection.

• description: details of the problem that has occurred.

Information about the AI artifact(s) that have been affected.

• developer: information about the developer of the affected artifact(s)

• deployer: information about the deployer of the affected artifact(s)

• artifacts: list of name and type (dataset, model, or system) of artifacts affected.

This class is only relevant in reports. It is strucured as a list of objects that store quantitative evaluation results for a specific metric.

Each such object has the following components.

• The name of the metric being measured

• The detection_method if any to determine if the metric value is risky enough, and its type (static_threshold or statistical_test)

This class contains a list of references about a vulnerability or report, that contain relevant information about the problem. A reference can be the link to an article, code in an online repository, an uploaded screenshot, or freeform text giving additional details.

This class stores impact information, such as different taxonomy mappings, harm and severity scores.

Currently it contains a single field avid, which encodes the AVID taxonomy mappings of the vulnerability or report.

This class stores information about person(s) or entity(s) that can be credited with finding out a report or vulnerability.