Department of Defense AI incident and vulnerability reporting program

1502. Department of Defense AI incident and vulnerability reporting program Chapter 131 of title 10, United States Code, is amended by inserting after section 2224a the following new section: 2224b. Artificial intelligence incident and vulnerability reporting program (a) In general The Secretary of Defense shall establish a centralized Department-wide program for the reporting, tracking, analysis, and remediation of covered AI incidents and covered AI vulnerabilities arising from the development, testing, procurement, fielding, or operation of artificial intelligence systems within the Department of Defense. (b) Purpose The purpose of the program established under subsection (a) shall be to— (1) identify recurring risks, failure modes, vulnerabilities, and systemic weaknesses in artificial intelligence systems, including risks or failure modes arising from human-machine teaming; (2) support mitigation of significant risks; and (3) inform testing, procurement, cybersecurity, and deployment decisions to improve the safety, security, reliability, and operational effectiveness of such systems. (c) Requirements for program The program shall— (1) be designed using practices drawn from established safety incident reporting programs, vulnerability disclosure programs, and programs to identify and develop lessons learned; (2) emphasize non-punitive reporting, protection of sensitive and proprietary information, and dissemination of lessons learned, as appropriate; and (3) include a mechanism to enable timely access to and sharing of relevant logs, system data, and model information as necessary to support analysis and response. (d) Designation of official The Secretary shall designate an appropriate official for the reporting, tracking, analysis, and remediation of covered AI incidents and covered AI vulnerabilities under this section. The Secretary, acting through such official, shall receive and standardize reports, conduct trend analysis, identify recurring risks and failure modes, and issue guidance, alerts, and recommendations, as appropriate. (e) Reporting and categorization (1) The Secretary shall require prompt reporting to the official designated under subsection (d) of— (A) any covered AI incident; and (B) any covered AI vulnerability. (2) The Secretary, acting through the official, shall categorize each incident or vulnerability reported to the official according to whether the incident or vulnerability requires— (A) a Department-wide response; (B) a response at the program level; or (C) a response at a local level. (f) Department-wide and program-level matters (1) In the case of any incident or vulnerability categorized under subsection (e)(2)(A) or (B), the Secretary, acting through the official designated under subsection (d), shall coordinate any responses that the Secretary considers appropriate, such as remediation, retesting, mitigation measures, or deployment restrictions. (2) In addition, in the case of any incident or vulnerability described in subsection (e)(2)(A), the Secretary, acting through the official, shall require— (A) a documented corrective action plan; and (B) validation that the mitigation measures, if any, in such plan have been implemented before continued operational use. (g) Protection of reports (1) The Secretary shall establish a protected disclosure process, informed by established vulnerability disclosure practices, through which members of the Armed Forces, civilian employees, contractors, and subcontractors at any tier may report covered AI incidents and covered AI vulnerabilities in good faith. (2) The Secretary shall ensure that a person making a report in good faith under paragraph (1) is not, on the basis of that report alone, subject to adverse contract action, subject to adverse personnel action, or otherwise retaliated against by the Department. (h) Protection of information The Secretary shall establish procedures to protect sensitive, proprietary, and classified information submitted through the protected disclosure process under subsection (g). (i) Annual report (1) In each of years 2027 through 2031, the Secretary shall submit to the congressional defense committees an annual report on the program. The report shall include— (A) the number of reports made of incidents and vulnerabilities and the categorizations of such reports; (B) a summary of significant trends, recurring risks, systemic issues, and corrective actions taken in response; (C) in the case of any covered AI incident resulting in the loss of life of, or in bodily harm to, a member of the Army, Navy, Marine Corps, Air Force, or Space Force— (i) a description of the incident, including the system or systems involved and the operational context; (ii) the date and time the incident occurred; (iii) an assessment of the cause and operational consequence of the incident; and (iv) any corrective actions taken; and (D) any recommendations for changes to testing, procurement, cybersecurity, or deployment policies relating to artificial intelligence systems. (2) Each report under this subsection shall be submitted in unclassified form but may include a classified annex. (j) Definitions In this section: (1) The term artificial intelligence has the meaning given such term in section 5002 of the National Artificial Intelligence Initiative Act of 2020 ( 15 U.S.C. 9401 ). (2) The term covered AI incident means an event in which an artificial intelligence system— (A) causes unintended operational, safety, or security harm; (B) operates outside authorized parameters or approved safety, legal, or mission guardrails; (C) materially degrades mission performance or reliability in a real-world or operationally representative environment; (D) fails to respond to an operator disengage command; (E) operates in a manner that, under reasonably foreseeable circumstances, could have resulted in significant unintended operational, safety, or security harm; or (F) operates in a manner that raises concerns regarding system control and autonomy. (3) The term covered AI vulnerability means an exploitable weakness, vulnerability, or systemic issue in an artificial intelligence system or related component that could materially affect mission performance, compromise system integrity, create safety risk, or result in unauthorized or unintended behavior. .