The AI Act of 2024 from Sens. Warner and Tillis calls on NIST and CISA to update databases and NSA to launch an AI security center.

Sen. Thom Tillis, R-N.C., speaks during a hearing at the Dirksen Senate Office Building on April 30, 2024 in Washington, D.C. (Photo by Shannon Finney/Getty Images for RIAA)

A bipartisan Senate bill released Wednesday would strengthen security measures around artificial intelligence, overhauling a series  of actions including cyber vulnerability tracking and a public database for AI incident reports.

The Secure AI Act of 2024, introduced by Sens. Mark Warner, D-Va., and Thom Tillis, R-N.C., requires the National Institute of Standards and Technology to update the National Vulnerability Database (NVD) and the Cybersecurity and Infrastructure Security Agency to update the Common Vulnerabilities and Exposure (CVE) program, or create a new process, according to a summary of the bill

Additionally, the bill would charge the National Security Agency with establishing an AI Security Center that would provide an AI test-bed for research for private-sector and academic researchers, and develop guidance to prevent or mitigate “counter AI-techniques.”

“Safeguarding organizations from cybersecurity risks involving AI requires collaboration and innovation from both the private and public sector,” Tillis said in a press release. “This commonsense legislation creates a voluntary database for reporting AI security and safety incidents and promotes best practices to mitigate AI risks.” 


Under the legislation, CISA and NIST would have one year to develop and implement a voluntary database for tracking AI security and safety incidents, which would be available to the public. 

Similarly, NIST would only have 30 days after the enactment of this legislation to initiate a “multi-stakeholder process” to evaluate if the consensus standards for vulnerability reporting accommodate AI security vulnerabilities. After establishing this process, NIST would have 180 days to submit a report to Congress about the sufficiency of reporting processes. 

“By ensuring that public-private communications remain open and up-to-date on current threats facing our industry, we are taking the necessary steps to safeguard against this new generation of threats facing our infrastructure,” Warner said in the press release.

Caroline Nihill

Written by Caroline Nihill

Caroline Nihill is a reporter for FedScoop in Washington, D.C., covering federal IT. Her reporting has included the tracking of artificial intelligence governance from the White House and Congress, as well as modernization efforts across the federal government. Caroline was previously an editorial fellow for Scoop News Group, writing for FedScoop, StateScoop, CyberScoop, EdScoop and DefenseScoop. She earned her bachelor’s in media and journalism from the University of North Carolina at Chapel Hill after transferring from the University of Mississippi.

Latest Podcasts

FedScoop TV