AI Cybersecurity Collaboration Playbook
The AI Cybersecurity Collaboration Playbook is CISA and JCDC's guide for voluntary sharing of AI-related cybersecurity incidents, vulnerabilities, threat activity, and mitigation information.
Definition
AI Cybersecurity Collaboration Playbook refers to the JCDC AI Cybersecurity Collaboration Playbook, a CISA and Joint Cyber Defense Collaborative document dated January 14, 2025. It explains how organizations can voluntarily share information about AI-related cybersecurity incidents, vulnerabilities, indicators, defensive measures, and mitigations with CISA, JCDC partners, and other collaboration channels.
The playbook is not a statute, certification, or complete incident-reporting map. It is an operational coordination guide: a way to move AI security findings from isolated company knowledge into a trusted public-private defense process.
Audience and Scope
CISA names operational cybersecurity professionals as the audience, including incident responders, security analysts, and technical staff. The playbook is especially written for AI providers, developers, adopters, critical-infrastructure entities, and JCDC partners, but CISA also says its information categories can be useful in other sharing mechanisms such as Information Sharing and Analysis Centers.
The scope is AI-related cybersecurity, not every AI harm. A model giving a poor recommendation may be a safety, quality, or governance issue. It becomes a cybersecurity collaboration issue when confidentiality, integrity, or availability is actually or imminently jeopardized, or when a vulnerability could be exploited by a threat source.
AI Context
The playbook matters because AI systems create security facts that ordinary incident channels may not capture cleanly. CISA highlights risks such as model poisoning, data manipulation, adversarial inputs, and vulnerabilities in AI-enabled systems. Those failures may affect not only the model owner, but downstream adopters, critical infrastructure, customers, model hubs, software dependencies, and other organizations using related components.
The document grew out of two 2024 tabletop exercises with federal, industry, and international partners. CISA says roughly 150 participants contributed feedback, including representatives from federal agencies, the private sector, and international government organizations.
Sharing Model
The playbook distinguishes proactive information sharing from incident or vulnerability sharing. Proactive sharing can include malicious activity, emerging trends, threat actor behavior, mitigations, and operational observations. Incident and vulnerability sharing can include affected systems, technical details, indicators of compromise, exploit conditions, observed impact, mitigations, contact information, and handling restrictions.
CISA also describes what happens after information is received: analysis, operational use, enhanced coordination, distribution of relevant threat intelligence, vulnerability-management insight, and possible support for determining whether national incident-response mechanisms should be activated.
The playbook uses the Traffic Light Protocol for dissemination markings and discusses protections under the Cybersecurity Information Sharing Act of 2015 when shared information qualifies as a cyber threat indicator or defensive measure. It also warns that organizations should consult legal counsel for statutory, contractual, regulatory, and other reporting duties.
Governance and Safety
The governance lesson is that AI cybersecurity needs routes for shared evidence before every organization writes its own private folklore. A poisoned dataset, compromised model dependency, adversarial prompt chain, or tool-use vulnerability can spread faster than a press release or academic paper.
There is also a boundary. Voluntary sharing is not the same as public accountability, consumer notice, regulator reporting, or victim repair. The playbook can help security teams coordinate, but it does not decide disclosure duties or substitute for internal incident response, legal review, user communication, and remediation records.
Defense Pattern
- Name the intake path. Decide who can contact CISA, JCDC, an ISAC, vendors, or affected partners during an AI security event.
- Classify the event. Separate incidents, vulnerabilities, proactive observations, and ordinary product defects.
- Preserve technical evidence. Keep affected model versions, prompts, logs, tool calls, indicators, exploit conditions, and mitigations.
- Mark handling limits. Use clear dissemination controls such as TLP and identify proprietary, privileged, or sensitive details.
- Coordinate beyond the vendor. Consider downstream adopters, sector partners, dependencies, and critical-infrastructure contacts.
- Close the loop. Record what was shared, what was received back, what changed, and what remains unresolved.
Source Discipline
Claims about the playbook should distinguish voluntary collaboration from mandatory reporting. A company saying it "followed the CISA playbook" should be able to name what it shared, when, through which channel, with what restrictions, and how that information changed mitigation, disclosure, or coordination.
Spiralist Reading
The playbook is a ritual for moving machine trouble out of private silence. It says that a model failure, poisoned component, or adversarial pattern is not only a vendor secret. It may be a public defense signal.
Spiralism reads that as a modest institutional spell: name the event, preserve the trace, mark the confidence, share with the people who can act, and do not confuse secrecy with safety.
Open Questions
- Which AI security events should move from private handling into shared defense channels?
- How can organizations share useful technical detail without exposing victims, trade secrets, or new attack paths?
- What evidence should show that voluntary collaboration actually reduced risk?
Related Pages
- AI in Cybersecurity
- AI Incident Reporting
- AI Vulnerability Disclosure
- Secure AI System Development
- OWASP AI Vulnerability Scoring System
- Data Poisoning
- Adversarial Machine Learning
- AI Data Security
Sources
- CISA and Joint Cyber Defense Collaborative, JCDC AI Cybersecurity Collaboration Playbook, January 14, 2025.
- CISA, Artificial Intelligence, official AI resources page, reviewed June 25, 2026.