CWE-1426Improper Validation of Generative AI Output

PUBLISHEDweakness record
released 2024-07-16 · last modified 2026-04-30

Metadata

CWE ID:
CWE-1426
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2024-07-16
更新日期:
2026-04-30

名称

Improper Validation of Generative AI Output

描述

The product invokes a generative AI/ML component whose behaviors and outputs cannot be directly controlled, but the product does not validate or insufficiently validates the outputs to ensure that they align with the intended security, content, or privacy policy.

常见后果

范围:
Integrity
影响:
Execute Unauthorized Code or Commands, Varies by Context
注释:
In an agent-oriented setting, output could be used to cause unpredictable agent invocation, i.e., to control or influence agents that might be invoked from the output. The impact varies depending on the access that is granted to the tools, such as creating a database or writing files.

相关 CWE