Base Classes


Vulnerabilities are linked to the taxonomy through multiple tags, denoting the AI risk domains (Security, Ethics, Performance) this vulnerability pertains to, (sub)categories under that domain, as well as AI lifecycle stages. A vulnerability in AVID can pertain to one or more of the three levels: Dataset, Model, or System.


Reports are occurrences of a vulnerability. Based on the references provided in a specific report, reports can potentially more granular and reproducible than vulnerabilities. We classify reports in four types, in increasing degree of quantitative evidence:

  1. Issue: qualitative evaluation based on a single sample or handful of samples,

  2. Advisory: qualitative evaluation based on multiple Incidents,

  3. Measurement: quantitative evaluation with associated data and metric,

  4. Detection: A Measurement deemed critical by a threshold or statistical test.

These types are reminiscent of the three levels of AI Auditing, and accommodate diverse AI evaluation scenarios from the user perspective.

Last updated