AIVSS is the OWASP standard for scoring vulnerabilities in AI systems — the AI counterpart to CVSS. AiEGIS authored the race-test fixture for the enforcement-effectiveness dimension. This page explains what AIVSS measures, where the spec lives, and how to apply it to your own AI agents.
The AI Vulnerability Scoring System (AIVSS) is an OWASP project that gives security teams a standardised, vendor-neutral way to score vulnerabilities specific to AI systems — prompt-injection, training-data poisoning, multi-agent governance gaps, time-to-enforce, model-supply-chain integrity. It is the AI counterpart to CVSS.
Unlike CVSS, AIVSS has to account for risks that don't exist in traditional software: a vulnerability in a base model propagates to every fine-tune; a prompt-injection becomes a privilege escalation; an agent's autonomy means the time between detection and enforcement is itself a scorable dimension.
The OWASP project page is at github.com/OWASP/www-project-artificial-intelligence-vulnerability-scoring-system.
AiEGIS authored the audit-pack-signing v0.5 race-test fixture for the AIVSS enforcement-effectiveness dimension. The fixture was merged into the OWASP working text on 2026-05-09. It is not a vendor claim — it is a public GitHub artifact with a deterministic SHA-256.
Verify the cite yourself:
AiEGIS participates in two open AIVSS working-group threads at the canonical OWASP project repo:
Both issues are public. Read, comment, or submit fixtures of your own.
The enforcement-effectiveness dimension of AIVSS rewards architectures that emit signed, layer-attributed decisions with a measurable time-to-enforce. AiEGIS' /api/protect endpoint maps directly to that contract:
Decisions persist to an append-only ledger with a 5-year retention floor (SQL-enforced via BEFORE DELETE / BEFORE UPDATE triggers; verify at /grid/ledger/retention). That ledger is the AIVSS evidence chain.
AIVSS (AI Vulnerability Scoring System) is an OWASP project that provides a standardised scoring methodology for security vulnerabilities in AI systems, analogous to how CVSS scores traditional software vulnerabilities. It evaluates AI-specific risk dimensions such as prompt-injection susceptibility, training-data poisoning impact, multi-agent governance gaps, and time-to-enforce.
CVSS scores traditional software vulnerabilities along dimensions like attack vector, privileges required, and impact on confidentiality / integrity / availability. AIVSS adds AI-specific dimensions: how a vulnerability propagates across fine-tunes of a base model, how an agent's autonomy widens the blast radius, and how quickly a runtime layer can detect and enforce against the exploit (time-to-enforce).
AiEGIS authored the audit-pack-signing v0.5 race-test fixture for the AIVSS enforcement-effectiveness dimension. It was merged into OWASP's working text on 2026-05-09 in commit 9c72ca06. The fixture spec has SHA-256 c5f62c9fce6e08b5… and is byte-for-byte cited in the working text. AiEGIS also participates in AIVSS Issue #31 (Runtime Enforcement Effectiveness) and #32 (Multi-Agent Governance Gaps).
Route every agent action through a runtime governance layer that emits signed evidence — for example, POST /api/protect on aiegis.ie, which returns layer-attributed decisions with a decision_ms field that maps directly to the AIVSS time-to-enforce dimension. Persist the decisions to an append-only audit log with a 5-year retention floor to satisfy the enforcement-effectiveness evaluation.
No — AIVSS is an active OWASP project. The dimensions, fixtures, and scoring rubrics are still being shaped through open issues. AiEGIS' contribution is to one specific dimension (enforcement-effectiveness) via the race-test fixture; the full spec is iterating in public.