Cisco Enhances Vulnerability Disclosure for Artificial Intelligence Security
Cisco Refines Vulnerability Disclosure Approach in AI Era
As artificial intelligence accelerates vulnerability discovery and increases the volume of findings for security teams to review, Cisco has refined its risk-based vulnerability disclosure approach.
The company aims to focus on issues under active exploitation or those most likely to be used in attacks, rather than publishing every identified vulnerability.
According to Russ Smoak, Vice President of Information Security: “Cisco is leveraging advanced AI models to rapidly identify and mitigate vulnerabilities,” he said. “However, we acknowledge that adversaries will also exploit these emerging AI capabilities, intensifying the challenge of cybersecurity defense.”
Modified Disclosure Strategy
- Cisco has modified its disclosure strategy for lower-risk findings.
- Internally discovered vulnerabilities that were once issued as standalone advisories may no longer receive separate announcements.
- The company will provide high-level information about software updates containing security patches and direct customers to hardened versions.
- Further details regarding software modifications addressing specific vulnerabilities will be published following the initial release.
Continued Transparency on Critical Findings
Critical findings, issues under active exploitation, and vulnerabilities deemed likely to be exploited will continue to receive detailed disclosures.
Cisco’s treatment of third-party and open-source vulnerabilities remains unchanged, driven by the company’s goal of promoting practical adjustments within the industry to accommodate the anticipated surge in vulnerability volumes.