AIVSS
AIVSS is... TODO WRITE ME
Outcome
The outcome set for AIVSS is the basic SSVC priority levels: Defer, Scheduled, Out-of-Cycle, and Immediate.
Defer, Scheduled, Out-of-Cycle, Immediate (ssvc:DSOI:1.0.0)
The original SSVC outcome group.
| Value | Key | Definition |
|---|---|---|
| Defer | D | Defer |
| Scheduled | S | Scheduled |
| Out-of-Cycle | O | Out-of-Cycle |
| Immediate | I | Immediate |
Defer, Scheduled, Out-of-Cycle, Immediate (ssvc:DSOI:1.0.0) JSON Example
{
"namespace": "ssvc",
"key": "DSOI",
"version": "1.0.0",
"name": "Defer, Scheduled, Out-of-Cycle, Immediate",
"definition": "The original SSVC outcome group.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "D",
"name": "Defer",
"definition": "Defer"
},
{
"key": "S",
"name": "Scheduled",
"definition": "Scheduled"
},
{
"key": "O",
"name": "Out-of-Cycle",
"definition": "Out-of-Cycle"
},
{
"key": "I",
"name": "Immediate",
"definition": "Immediate"
}
]
}
Decision Points
The Decision Points for AIVSS include:
- Exploitation
- Agentic Impact Level
- Systemic Impact
Exploitation (ssvc:E:1.1.0)
The present state of exploitation of the vulnerability.
| Value | Key | Definition |
|---|---|---|
| None | N | There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. |
| Public PoC | P | One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation. |
| Active | A | Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting. |
Exploitation (ssvc:E:1.1.0) JSON Example
{
"namespace": "ssvc",
"key": "E",
"version": "1.1.0",
"name": "Exploitation",
"definition": "The present state of exploitation of the vulnerability.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "N",
"name": "None",
"definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability."
},
{
"key": "P",
"name": "Public PoC",
"definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation."
},
{
"key": "A",
"name": "Active",
"definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting."
}
]
}
Agentic Impact Level (x_org.owasp#aivss:AIL:1.0.0)
Determines the agentic impact level of a vulnerability based on its characteristics and potential effects.
| Value | Key | Definition |
|---|---|---|
| Copilot | C | The agent is primarily a copilot or assistant. Its actions are heavily constrained, requiring human oversight. The agent explicitly does not have rights to execute code. |
| Specialist | S | The agent is a specialist with significant autonomy within a defined domain.It can use powerful tools and may learn from interactions. |
| Prime Mover | P | The agent is a prime mover with broad autonomy. It can orchestrate other systems, modify its own logic, and interact with critical infrastructure. |
Agentic Impact Level (x_org.owasp#aivss:AIL:1.0.0) JSON Example
{
"namespace": "x_org.owasp#aivss",
"key": "AIL",
"version": "1.0.0",
"name": "Agentic Impact Level",
"definition": "Determines the agentic impact level of a vulnerability based on its characteristics and potential effects.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "C",
"name": "Copilot",
"definition": "The agent is primarily a copilot or assistant. Its actions are heavily constrained, requiring human oversight. The agent explicitly does not have rights to execute code."
},
{
"key": "S",
"name": "Specialist",
"definition": "The agent is a specialist with significant autonomy within a defined domain.It can use powerful tools and may learn from interactions."
},
{
"key": "P",
"name": "Prime Mover",
"definition": "The agent is a prime mover with broad autonomy. It can orchestrate other systems, modify its own logic, and interact with critical infrastructure."
}
]
}
Systemic Impact (x_org.owasp#aivss:SI:1.0.0)
Measures the mission-criticality and blast radius of the systems, data, and processes the agent can affect.
| Value | Key | Definition |
|---|---|---|
| Contained | C | The impact of a compromise is limited to the agent itself, a single user's data, or a non-critical system. The business or mission impact is negligible. |
| Significant | S | A compromise would impact a major business function, a critical internal system, or cause cascading failures within a business unit. It could result in moderate financial loss, reputational damage, or operational disruption. |
| Critical | R | A compromise would pose a threat to the entire organization's viability, public safety, or critical infrastructure. It could lead to severe financial loss, widespread data breach, regulatory failure, or physical harm. |
Systemic Impact (x_org.owasp#aivss:SI:1.0.0) JSON Example
{
"namespace": "x_org.owasp#aivss",
"key": "SI",
"version": "1.0.0",
"name": "Systemic Impact",
"definition": "Measures the mission-criticality and blast radius of the systems, data, and processes the agent can affect.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "C",
"name": "Contained",
"definition": "The impact of a compromise is limited to the agent itself, a single user's data, or a non-critical system. The business or mission impact is negligible."
},
{
"key": "S",
"name": "Significant",
"definition": "A compromise would impact a major business function, a critical internal system, or cause cascading failures within a business unit. It could result in moderate financial loss, reputational damage, or operational disruption."
},
{
"key": "R",
"name": "Critical",
"definition": "A compromise would pose a threat to the entire organization's viability, public safety, or critical infrastructure. It could lead to severe financial loss, widespread data breach, regulatory failure, or physical harm."
}
]
}
Agentic Impact Level is a Composite Decision Point
Although the Agentic Impact Level (AIL) can be assessed directly, we recommend it be assessed by combining the results of a few supporting decision tables. See AIVSS Agentic Impact Level for more details.
Decision Table
Decision Model Visualization
---
title: AIVSS Decision Table Decision Table (x_org.owasp#aivss:DT_AIVSS:1.0.0)
---
graph LR
subgraph inputs[Inputs]
n1(( ))
subgraph s1["ssvc<br/>#<br/>E:1.1.0"]
N_L0([N])
P_L0([P])
A_L0([A])
end
subgraph s2["x_org.owasp<br/>#aivss<br/>AIL:1.0.0"]
N_C_L1([C])
N_S_L1([S])
N_P_L1([P])
P_C_L1([C])
P_S_L1([S])
P_P_L1([P])
A_C_L1([C])
A_S_L1([S])
A_P_L1([P])
end
subgraph s3["x_org.owasp<br/>#aivss<br/>SI:1.0.0"]
N_C_C_L2([C])
N_C_S_L2([S])
N_C_R_L2([R])
N_S_C_L2([C])
N_S_S_L2([S])
N_S_R_L2([R])
N_P_C_L2([C])
N_P_S_L2([S])
N_P_R_L2([R])
P_C_C_L2([C])
P_C_S_L2([S])
P_C_R_L2([R])
P_S_C_L2([C])
P_S_S_L2([S])
P_S_R_L2([R])
P_P_C_L2([C])
P_P_S_L2([S])
P_P_R_L2([R])
A_C_C_L2([C])
A_C_S_L2([S])
A_C_R_L2([R])
A_S_C_L2([C])
A_S_S_L2([S])
A_S_R_L2([R])
A_P_C_L2([C])
A_P_S_L2([S])
A_P_R_L2([R])
end
end
subgraph outputs[Outcome]
subgraph s4["ssvc<br/>#<br/>DSOI:1.0.0"]
N_C_C_D_L3([D])
N_C_S_S_L3([S])
N_C_R_O_L3([O])
N_S_C_S_L3([S])
N_S_S_S_L3([S])
N_S_R_O_L3([O])
N_P_C_S_L3([S])
N_P_S_O_L3([O])
N_P_R_I_L3([I])
P_C_C_S_L3([S])
P_C_S_S_L3([S])
P_C_R_O_L3([O])
P_S_C_S_L3([S])
P_S_S_O_L3([O])
P_S_R_O_L3([O])
P_P_C_O_L3([O])
P_P_S_O_L3([O])
P_P_R_I_L3([I])
A_C_C_O_L3([O])
A_C_S_O_L3([O])
A_C_R_I_L3([I])
A_S_C_O_L3([O])
A_S_S_I_L3([I])
A_S_R_I_L3([I])
A_P_C_I_L3([I])
A_P_S_I_L3([I])
A_P_R_I_L3([I])
end
end
n1 --- N_L0
n1 --- P_L0
n1 --- A_L0
N_L0 --- N_C_L1
N_C_L1 --- N_C_C_L2
N_C_C_L2 --- N_C_C_D_L3
N_C_L1 --- N_C_S_L2
N_C_S_L2 --- N_C_S_S_L3
N_C_L1 --- N_C_R_L2
N_C_R_L2 --- N_C_R_O_L3
N_L0 --- N_S_L1
N_S_L1 --- N_S_C_L2
N_S_C_L2 --- N_S_C_S_L3
N_S_L1 --- N_S_S_L2
N_S_S_L2 --- N_S_S_S_L3
N_S_L1 --- N_S_R_L2
N_S_R_L2 --- N_S_R_O_L3
N_L0 --- N_P_L1
N_P_L1 --- N_P_C_L2
N_P_C_L2 --- N_P_C_S_L3
N_P_L1 --- N_P_S_L2
N_P_S_L2 --- N_P_S_O_L3
N_P_L1 --- N_P_R_L2
N_P_R_L2 --- N_P_R_I_L3
P_L0 --- P_C_L1
P_C_L1 --- P_C_C_L2
P_C_C_L2 --- P_C_C_S_L3
P_C_L1 --- P_C_S_L2
P_C_S_L2 --- P_C_S_S_L3
P_C_L1 --- P_C_R_L2
P_C_R_L2 --- P_C_R_O_L3
P_L0 --- P_S_L1
P_S_L1 --- P_S_C_L2
P_S_C_L2 --- P_S_C_S_L3
P_S_L1 --- P_S_S_L2
P_S_S_L2 --- P_S_S_O_L3
P_S_L1 --- P_S_R_L2
P_S_R_L2 --- P_S_R_O_L3
P_L0 --- P_P_L1
P_P_L1 --- P_P_C_L2
P_P_C_L2 --- P_P_C_O_L3
P_P_L1 --- P_P_S_L2
P_P_S_L2 --- P_P_S_O_L3
P_P_L1 --- P_P_R_L2
P_P_R_L2 --- P_P_R_I_L3
A_L0 --- A_C_L1
A_C_L1 --- A_C_C_L2
A_C_C_L2 --- A_C_C_O_L3
A_C_L1 --- A_C_S_L2
A_C_S_L2 --- A_C_S_O_L3
A_C_L1 --- A_C_R_L2
A_C_R_L2 --- A_C_R_I_L3
A_L0 --- A_S_L1
A_S_L1 --- A_S_C_L2
A_S_C_L2 --- A_S_C_O_L3
A_S_L1 --- A_S_S_L2
A_S_S_L2 --- A_S_S_I_L3
A_S_L1 --- A_S_R_L2
A_S_R_L2 --- A_S_R_I_L3
A_L0 --- A_P_L1
A_P_L1 --- A_P_C_L2
A_P_C_L2 --- A_P_C_I_L3
A_P_L1 --- A_P_S_L2
A_P_S_L2 --- A_P_S_I_L3
A_P_L1 --- A_P_R_L2
A_P_R_L2 --- A_P_R_I_L3Table of Values
The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above.
| Row | Exploitation v1.1.0 | Agentic Impact Level v1.0.0 (x_org.owasp#aivss) | Systemic Impact v1.0.0 (x_org.owasp#aivss) | Defer, Scheduled, Out-of-Cycle, Immediate v1.0.0 |
|---|---|---|---|---|
| 0 | none | copilot | contained | defer |
| 1 | none | copilot | significant | scheduled |
| 2 | none | copilot | critical | out-of-cycle |
| 3 | none | specialist | contained | scheduled |
| 4 | none | specialist | significant | scheduled |
| 5 | none | specialist | critical | out-of-cycle |
| 6 | none | prime mover | contained | scheduled |
| 7 | none | prime mover | significant | out-of-cycle |
| 8 | none | prime mover | critical | immediate |
| 9 | public poc | copilot | contained | scheduled |
| 10 | public poc | copilot | significant | scheduled |
| 11 | public poc | copilot | critical | out-of-cycle |
| 12 | public poc | specialist | contained | scheduled |
| 13 | public poc | specialist | significant | out-of-cycle |
| 14 | public poc | specialist | critical | out-of-cycle |
| 15 | public poc | prime mover | contained | out-of-cycle |
| 16 | public poc | prime mover | significant | out-of-cycle |
| 17 | public poc | prime mover | critical | immediate |
| 18 | active | copilot | contained | out-of-cycle |
| 19 | active | copilot | significant | out-of-cycle |
| 20 | active | copilot | critical | immediate |
| 21 | active | specialist | contained | out-of-cycle |
| 22 | active | specialist | significant | immediate |
| 23 | active | specialist | critical | immediate |
| 24 | active | prime mover | contained | immediate |
| 25 | active | prime mover | significant | immediate |
| 26 | active | prime mover | critical | immediate |