CWE-1426 - Improper Validation of Generative AI Output
- 摘要:Base
- 结构:Simple
- 状态:Incomplete
- 发布日期:2024-07-16
- 更新日期:2026-04-30
名称
Improper Validation of Generative AI Output
描述
The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insufficiently validates the outputs to ensure that they align with the intended security, content, or privacy policy.
常见后果
范围:Integrity
影响:Execute Unauthorized Code or Commands, Varies by Context
注释:In an agent-oriented setting, output could be used to cause unpredictable agent invocation, i.e., to control or influence agents that might be invoked from the output. The impact varies depending on the access that is granted to the tools, such as creating a database or writing files.