New AI Flaw Reporting System Fills Crucial Security Gap
• Article
July 1, 2026—As artificial intelligence (AI) systems proliferate, a flaw in one could be quietly replicated across many AI products and services. Until now, the AI community has lacked a formal pathway to report flaws to organizations equipped to coordinate a response, leaving AI systems vulnerable to failure or exploitation.
To fill this gap, researchers and engineers from the Software Engineering Institute (SEI), alongside collaborators from academia and industry, helped develop Flaw Reporting for AI (FLARE-AI). The open source system, which went live today, allows anyone to report an AI flaw to model developers, incident databases, and government agencies for formal, coordinated disclosure and remediation.
Broadening AI Flaw Evaluation
Without a formal reporting structure, it is likely that many AI flaws and vulnerabilities have gone unreported, according to Lauren McIlvenny, technical director of threat analysis at the SEI and an advisor to the FLARE-AI project. When flaws are reported, they are often sent to a single vendor.
“A reporter might spot a problem in a particular model or system, but they’re not looking across all the vendors and third-party integrators to see if they share the same structural weakness,” McIlvenny said.
Using the FLARE-AI website, anyone can complete a form that generates a standardized, machine-readable report about an AI flaw, vulnerability, or incident. The user can then tell the system to submit the report to independent third parties such as the SEI, government agencies, incident databases, AI model-hosting platforms, or AI model developers. From there, the receiving organization can address the flaw directly or coordinate disclosure and remediation among affected vendors.
Bringing Proven Cybersecurity Practices to AI
The system mirrors longstanding mechanisms for reporting software vulnerabilities, such as the Vulnerability Information and Coordination Environment (VINCE) platform run by the SEI’s CERT Coordination Center (CERT/CC).
VINCE is one of the reporting pathways that FLARE-AI connects to, thanks to the back-end work of Greg Strom, an SEI software engineer who was also an advisor to the project. Once VINCE receives a flaw report from FLARE-AI, experts from the CERT/CC and the SEI’s AI Security Incident Response Team (AISIRT) will review the report and, if warranted, arrange disclosure with affected developers, vendors, and integrators.
“By integrating FLARE-AI into VINCE and our coordinated vulnerability disclosure process, we’ll be able to provide cross-platform examination,” said McIlvenny. “We can issue CVE [Common Vulnerabilities and Exposures] IDs and vulnerability notes to make sure all affected tool vendors, third-party integrators, and users know about the flaw. That’s what traditional cybersecurity processes are going to bring to the table.”
An Inflection Point for AI Risk
FLARE-AI is launching at a critical time for the technology community. Private-sector and government organizations are rapidly developing AI and machine-learning systems and integrating them into operations.
The risks are piling up as fast as the tools emerge. Prompt injection and remote code execution, improper authentication, path traversal, and vulnerabilities in the model context protocol (MCP) represent real risk of AI system failure or exploitation by malicious actors.
The recent Executive Order Promoting Advanced Artificial Intelligence Innovation and Security acknowledges the increased risk that accompanies AI innovation. Part of the order directs the creation of an AI cybersecurity clearinghouse to coordinate vulnerability scanning, discovery, validation, and remediation.
FLARE-AI and the organizations connected to it, including the CERT/CC, are positioned to be critical links in that reporting chain.
Community Approach, Collective Security
FLARE-AI is the culmination of work by a group of AI and security researchers from academia, industry, and non-profits. The seeds for the system were planted at a 2024 workshop on the future of third-party AI evaluation.
McIlvenny, who spoke at the workshop, was a coauthor on the resulting paper. It recommended, among other things, standardized AI flaw reports, AI flaw disclosure programs, and improved infrastructure for coordinated distribution of flaw reports. Many of the workshop participants carried these recommendations into the development of FLARE-AI. McIlvenny advised the FLARE-AI team on how to adapt cybersecurity and reporting practices to the kinds of AI vulnerabilities she sees as leader of the SEI’s AISIRT.
The collective approach to AI security is critical for the field, said McIlvenny. “The whole community recognizes the importance of AI. Now AI researchers need to come into the security field, learn what they can, and change it where it needs to be changed.”
As a trusted partner for government, industry, and academia, the SEI has previously sought to bring together the often disconnected AI and cybersecurity communities. Merging these disciplines represents an important step in the maturity of AI, one experienced by previous technology innovations such as industrial control systems and cloud computing, says McIlvenny. “The AI community is starting to learn the cybersecurity processes that they could adopt or adapt. FLARE-AI is a place for them to find out how AI flaws fit into the world of coordinated vulnerability disclosure.”
Submit AI flaw reports at the FLARE-AI website or directly to VINCE. Learn more about the FLARE-AI project in a new paper and blog post. Visit the SEI website to learn more about the AISIRT and CERT/CC.