456 – AI misinformation
Description
The model may generate inaccurate, misleading, or false information that is perceived as factual, and there is not a warning message in the user output.
Impact
- Spread false content that may create legal obligations for the organization based on the LLM's output.
Recommendation
- Display a disclaimer stating that LLM responses may contain mistakes, and important information should be verified.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: A
- Confidentiality (VC): H
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: U