Hi AVID team,
I am Adam Lin, maintainer of Agent Threat Rules (https://github.com/Agent-Threat-Rule/agent-threat-rules) and a v0.3 OSCAL catalog of NIST AI RMF (https://github.com/Agent-Threat-Rule/ai-rmf-oscal-catalog). While building the catalog I cross-checked the AI RMF Playbook structured export against the AI RMF Core HTML rendering and found that 41 of 72 subcategories drift between the two surfaces. Inventory is at https://github.com/Agent-Threat-Rule/ai-rmf-oscal-catalog/blob/main/source/PLAYBOOK_VS_CORE_DIVERGENCES.md.
Headline cases worth registering as their own AVID record. GOVERN 5.2 is a semantic divergence where the Playbook uses "AI actors" but the Core uses "the team that developed or deployed AI systems", which point to overlapping but distinct stakeholder sets in AI RMF terminology and would change the auditable subject of any control implementation that quotes Playbook text. GOVERN 3.1 carries a typo, "Decision-makings" instead of "Decision-making", that propagates into downstream tooling that copies the Playbook description verbatim. Seven subcategories drift on function-name capitalisation only (MAP function vs map function in MEASURE 2.4, 2.7, 2.8, 2.10, 2.11, 2.12, 2.13). Thirty-two more carry minor wording or punctuation differences.
The semantic divergence at GOVERN 5.2 is the headline. The typo at GOVERN 3.1 is a second discrete record. The capitalisation cluster could be one batch record. The 32 minor-wording cases could be one further batch record. That is roughly four AVID-IDs total, governance and process category rather than adversarial ML category.
Two questions before submitting structured records.
First, does AVID accept governance and standards-document drift records, or is the database scoped to model and pipeline vulnerabilities only? If the latter I would not file PRs and would instead leave this issue as a public reference.
Second, if accepted, what risk_domain and sep_view tags would best fit. Existing reports use Security with sep_view entries like S0301 Information Leak and S0502 Model theft. A standards-drift record might warrant a new sep_view code under a Process or Documentation risk_domain, or it may map to an existing tag I have not surfaced.
Materials for review: full inventory at the divergence link above. ATR repo is Apache 2.0; the OSCAL catalog is CC0. Microsoft agent-governance-toolkit and Cisco AI Defense skill-scanner reference ATR as an upstream rule source, mentioned only as factual context.
Happy to draft the structured records once scope is confirmed.
Thanks,
Adam Lin (adam@agentthreatrule.org)
Hi AVID team,
I am Adam Lin, maintainer of Agent Threat Rules (https://github.com/Agent-Threat-Rule/agent-threat-rules) and a v0.3 OSCAL catalog of NIST AI RMF (https://github.com/Agent-Threat-Rule/ai-rmf-oscal-catalog). While building the catalog I cross-checked the AI RMF Playbook structured export against the AI RMF Core HTML rendering and found that 41 of 72 subcategories drift between the two surfaces. Inventory is at https://github.com/Agent-Threat-Rule/ai-rmf-oscal-catalog/blob/main/source/PLAYBOOK_VS_CORE_DIVERGENCES.md.
Headline cases worth registering as their own AVID record. GOVERN 5.2 is a semantic divergence where the Playbook uses "AI actors" but the Core uses "the team that developed or deployed AI systems", which point to overlapping but distinct stakeholder sets in AI RMF terminology and would change the auditable subject of any control implementation that quotes Playbook text. GOVERN 3.1 carries a typo, "Decision-makings" instead of "Decision-making", that propagates into downstream tooling that copies the Playbook description verbatim. Seven subcategories drift on function-name capitalisation only (MAP function vs map function in MEASURE 2.4, 2.7, 2.8, 2.10, 2.11, 2.12, 2.13). Thirty-two more carry minor wording or punctuation differences.
The semantic divergence at GOVERN 5.2 is the headline. The typo at GOVERN 3.1 is a second discrete record. The capitalisation cluster could be one batch record. The 32 minor-wording cases could be one further batch record. That is roughly four AVID-IDs total, governance and process category rather than adversarial ML category.
Two questions before submitting structured records.
First, does AVID accept governance and standards-document drift records, or is the database scoped to model and pipeline vulnerabilities only? If the latter I would not file PRs and would instead leave this issue as a public reference.
Second, if accepted, what risk_domain and sep_view tags would best fit. Existing reports use Security with sep_view entries like S0301 Information Leak and S0502 Model theft. A standards-drift record might warrant a new sep_view code under a Process or Documentation risk_domain, or it may map to an existing tag I have not surfaced.
Materials for review: full inventory at the divergence link above. ATR repo is Apache 2.0; the OSCAL catalog is CC0. Microsoft agent-governance-toolkit and Cisco AI Defense skill-scanner reference ATR as an upstream rule source, mentioned only as factual context.
Happy to draft the structured records once scope is confirmed.
Thanks,
Adam Lin (adam@agentthreatrule.org)