CWE-1434Insecure Setting of Generative AI/ML Model Inference Parameters

PUBLISHEDweakness record
released 2025-09-09 · last modified 2026-04-30

Metadata

CWE ID:
CWE-1434
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2025-09-09
更新日期:
2026-04-30

名称

Insecure Setting of Generative AI/ML Model Inference Parameters

描述

The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of erroneous or unexpected outputs.

Generative AI/ML models, such as those used for text generation, image synthesis, and other creative tasks, rely on inference parameters that control model behavior, such as temperature, Top P, and Top K. These parameters affect the model's internal decision-making processes, learning rate, and probability distributions. Incorrect settings can lead to unusual behavior such as text "hallucinations," unrealistic images, or failure to converge during training. The impact of such misconfigurations can compromise the integrity of the application. If the results are used in security-critical operations or decisions, then this could violate the intended security policy, i.e., introduce a vulnerability.

常见后果

范围:
Integrity, Other
影响:
Varies by Context, Unexpected State
注释:
The product can generate inaccurate, misleading, or nonsensical information.
范围:
Other
影响:
Alter Execution Logic, Unexpected State, Varies by Context
注释:
If outputs are used in critical decision-making processes, errors could be propagated to other systems or components.

相关 CWE