Abstract
As artificial intelligence (AI) systems have been emergingly adopted in various social-technical contexts and increasingly gained public interest in recent years, the security vulnerabilities associated with them have been witnessed to dramatically growing in both volume and severity. Yet, underlying mechanisms that contribute to both theoretical understandings and practical strategic plans facing the uncertainty and widespread impacts remain scarce. To answer these urgent but under-addressed issues, this study examines AI-related vulnerability trends from 2016 to 2025 using 3,093 unique Common Vulnerabilities and Exposures (CVEs) retrieved from the National Vulnerability Database (NVD, n.d.) and asks whether the linguistic content of vulnerability descriptions can predict severity classification. Our results show significant upward trends across all four Common Vulnerability Scoring System (CVSS) severity levels. Particularly, Critical vulnerabilities showed the most consistent and steady growths across the timeline, compared to Medium and High CVEs, signaling the associations between AI infrastructure advancements and serious security exposures that call for critical attentions from practitioners and policy makers. In addition, six employed classification models trained on the text-based features getting from CVEs descriptions demonstrate moderate ability to group CVEs into severity categories. Specifically, ensemble methods, particularly Random Forest and XGBoost, outperforming simpler models on both balanced accuracy and Receiver Operating Characteristic Area Under the Curve (ROC-AUC). Power language also emerged as the most predictive linguistic feature across all models and both binary (low vs. high severity AI-related vulnerability) and four-category (low, medium, high, and critical AI-related vulnerability) classification tasks, consistent with linguistic patterns documented by Tausczik and Pennebaker (2010) and the severity prediction signal identified by Spanos et al. (2017). Our findings indicate that text-based features carry strong signals for AI-related vulnerability severity prediction. Expanding from vulnerability classification, we also further examine public reactions and concerns by performing text analytics on captured social media conversations across platforms; compare the detected vulnerabilities and documented associated security incidents (such as data breaches) of both AI systems and applications in different firms; and outline predictive possibilities related to incoming emerging vulnerabilities tied to future AI technical advancements, affected groups of targeted victims, and quantifiable social impacts.
Recommended Citation
Luce, Eric; Nguyen, Minh; Ghimire, Himal; and Tran, Thi, "From Text to Threat: Predicting AI Vulnerability Severity Using Language" (2026). AMCIS 2026 TREOs. 111.
https://aisel.aisnet.org/treos_amcis2026/111