CWE-1434: Insecure Setting of Generative AI/ML Model Inference Parameters

The product has a component that relies on a generative AI/ML model configured with inference parameters that produce an unacceptably high rate of erroneous or unexpected outputs.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Generative AI/ML models, such as those used for text generation, image synthesis, and other creative tasks, rely on inference parameters that control model behavior, such as temperature, Top P, and Top K. These parameters affect the model's internal decision-making processes, learning rate, and probability distributions. Incorrect settings can lead to unusual behavior such as text "hallucinations," unrealistic images, or failure to converge during training. The impact of such misconfigurations can compromise the integrity of the application. If the results are used in security-critical operations or decisions, then this could violate the intended security policy, i.e., introduce a vulnerability.

CWE-1434: Insecure Setting of Generative AI/ML Model Inference Parameters

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Dynamic Analysis

Manual Dynamic Analysis

Code examples

Frequently asked questions

What is CWE-1434?

How do you prevent CWE-1434?

How is CWE-1434 detected?

What are the consequences of CWE-1434?

References

Stay ahead of CWE-1434

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Dynamic Analysis

Manual Dynamic Analysis

Code examples

Related weaknesses

Parent

Peer

Can precede

Frequently asked questions

What is CWE-1434?

How do you prevent CWE-1434?

How is CWE-1434 detected?

What are the consequences of CWE-1434?

References

Stay ahead of CWE-1434