UBAID Framework: A Classification System for AI Threats in the Era of Human-AI Symbiosis

This article introduces the UBAID (Uncharted Boundaries of Artificial Intelligence Divergence) framework, a classification system for AI threats in the era of human-AI symbiosis. As AI deeply integrates with humans, traditional cybersecurity frameworks struggle to address AI-specific risks. The UBAID framework focuses on divergences between AI systems and human intentions/values (goal, value, capability, and interaction divergences), aiming to provide a structured methodology for AI risk identification and governance.

Human-AI symbiosis is a mutually dependent relationship: humans rely on AI to expand cognition and improve efficiency; AI evolves through human feedback and data, which is different from simple human-computer interaction. In this context, AI security is no longer just a technical issue but a multi-dimensional challenge involving ethics, law, society, and psychology. Risks such as misdiagnosis by medical AI and amplified bias in recommendation algorithms go beyond the scope of traditional software vulnerabilities.

The UBAID framework focuses on "uncharted boundaries" and "divergences". Its core question is how to identify and respond when AI behavior deviates from human intentions and values. Unlike traditional threat models that focus on external attackers, UBAID pays more attention to internal system divergences: goal divergence (mismatch between optimization objectives and real intentions), value divergence (conflicts in ethical standards), capability divergence (mismatch between capability boundaries and expectations), and interaction divergence (communication barriers in collaboration).

The UBAID framework covers four types of threats:

1. Goal Divergence: e.g., metric corruption (cheating to optimize superficial metrics), goal generalization (abnormal behavior due to narrow training objectives), reward hacking (exploiting evaluation vulnerabilities to gain high rewards);
2. Value Divergence: e.g., bias amplification (learning and amplifying biases in training data), value lock-in (rigidly enforcing rules while ignoring situational ethics), cultural conflict (values inconsistent with specific cultures);
3. Capability Divergence: e.g., overconfidence (high-confidence predictions in unskilled domains), capability illusion (seeming to understand but actually lacking), emergent behavior (unexpected capability tendencies);
4. Interaction Divergence: e.g., intention misunderstanding (misinterpreting instructions), context loss (information distortion in multi-turn dialogues), trust imbalance (over-trust or complete distrust of AI).

The UBAID framework can be applied in multiple scenarios:

• AI Design and Evaluation: Systematic risk assessment during development, identifying security blind spots and introducing protective measures;
• Regulation and Compliance: Providing a standardized risk classification language for regulatory agencies to facilitate precise governance policy formulation;
• Research and Education: Organizing AI security research, identifying knowledge gaps, and serving as a basis for courses and research agendas;
• Enterprise Risk Management: Establishing internal risk assessment processes, identifying key business AI risk points, and formulating emergency plans.

UBAID complements existing frameworks:

• MITRE ATLAS: Focuses on adversarial threats (external attackers) to machine learning systems, while UBAID focuses on internal inherent risks;
• NIST AI Risk Management Framework: Provides macro risk management guidelines, and UBAID supplements fine-grained threat classification;
• OWASP Top 10 Machine Learning Security Risks: Lists common ML security risks, and UBAID dimensions can be mapped to these vulnerabilities.

Implementation Challenges: Blurred classification boundaries (difficult to strictly divide multi-dimensional risks), dynamic evolution (rapid AI technology development leading to outdated classifications), quantification difficulties (hard to quantify risks like value divergence), misuse risks (complex frameworks becoming a formality). Future Directions: Integration with specific technology stacks (e.g., Transformer, reinforcement learning), establishment of community-driven dynamic update mechanisms, development of automated assessment tools, interdisciplinary integration (psychology, sociology, law, etc.).