CWE-1434β€”Insecure Setting of Generative AI/ML Model Inference Parameters

PUBLISHEDweakness record
released 2025-09-09 Β· last modified 2026-04-30

Metadata

CWE ID:
CWE-1434
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2025-09-09
Latest Modification Date:
2026-04-30

Weakness Name

Insecure Setting of Generative AI/ML Model Inference Parameters

Description

The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of erroneous or unexpected outputs.

Generative AI/ML models, such as those used for text generation, image synthesis, and other creative tasks, rely on inference parameters that control model behavior, such as temperature, Top P, and Top K. These parameters affect the model's internal decision-making processes, learning rate, and probability distributions. Incorrect settings can lead to unusual behavior such as text "hallucinations," unrealistic images, or failure to converge during training. The impact of such misconfigurations can compromise the integrity of the application. If the results are used in security-critical operations or decisions, then this could violate the intended security policy, i.e., introduce a vulnerability.

Common Consequences

Scope:
Integrity, Other
Impact:
Varies by Context, Unexpected State
Notes:
The product can generate inaccurate, misleading, or nonsensical information.
Scope:
Other
Impact:
Alter Execution Logic, Unexpected State, Varies by Context
Notes:
If outputs are used in critical decision-making processes, errors could be propagated to other systems or components.

Related Weaknesses