On September 20, Representatives Deborah Ross, Jay Obernolte, and Don Beyer introduced the AI Incident Reporting and Security Enhancement Act, which has now been advanced by a House committee.

This legislation aims to establish a formal process for reporting security vulnerabilities in artificial intelligence systems, assigning the National Institute of Standards and Technology (NIST) the responsibility for this task.

If enacted, the bill will require NIST to update the National Vulnerability Database (NVD) to include vulnerabilities associated with AI systems and assess the need for voluntary reporting of AI security incidents.

NIST will also collaborate with stakeholders, including the Cybersecurity and Infrastructure Security Agency (CISA), to develop standardized definitions and reporting protocols for AI security incidents.

However, the bill's implementation may increase NIST's workload, which is already strained due to budget cuts and staffing limitations.

Representative Deborah Ross has emphasized that finding funding solutions is a priority, as the bill's provisions will depend on available appropriations.

The initiative has garnered bipartisan support, with a companion Senate bill, the Secure AI Act of 2024, introduced by Senators Mark Warner and Thom Tillis in May.

During committee discussions, Representative Obernolte highlighted significant cybersecurity incidents, underscoring the vulnerabilities of AI systems, which can be complex and unpredictable.

The legislation addresses critical risks, including the potential for re-identification of private information from AI training datasets and the misuse of AI by cybercriminals for phishing and deepfakes.

In addition to this act, NIST has launched a new program focused on AI's role in cybersecurity and privacy, which includes developing community profiles tailored to specific industry needs.

NIST has faced challenges with an increasing number of vulnerabilities and has previously paused updates to the NVD due to budget constraints and a surge in email traffic related to database management.

Ranking Member Zoe Lofgren praised the committee's bipartisan efforts in advancing AI policies and capabilities through the passage of this bill.