Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers
Summary: Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best practices for software manufacturers and online service providers to design and implement a coordinated vulnerability disclosure (CVD) program for working with external security researchers that includes a clear vulnerability disclosure policy (VDP) …
Why it matters: This matters if it changes how teams think about model governance, safety work, monitoring, or regulatory exposure around deployed AI systems.
What to watch: Watch for follow-on technical guidance, deployment constraints, evaluation details, or signs that the announcement changes actual production practice rather than just policy language.