The AI risks every organization deploying AI needs to govern.
The Deployer AI Risk Register (DARR) is an open, citable catalogue of 82 deployment risks and 61 security sub-risks, consolidated from the MIT AI Risk Repository, ISO/IEC, MITRE ATLAS, and the EU AI Act. Free to build on.
An AI risk taxonomy that fits how organizations already manage risk.
The Deployer AI Risk Register sorts 82 canonical risks and 61 sub-risks into seven families a deploying organization can own. Each family reconciles with a domain an enterprise risk, compliance, or security function already runs, so AI risk drops into the existing framework rather than standing apart. It is the taxonomy practitioners build their AI risk management, governance, and security program on.
Model & system behaviour
29+5 subHow the AI system itself behaves: bias, toxic or unsafe output, hallucination, brittleness, and emergent capability.
Governance & process
13Accountability, oversight, documentation, evaluation, and the lifecycle discipline of running AI.
Regulatory compliance
12Duties under the EU AI Act and sector rules: impact assessments, registration, notice, and monitoring.
Human & usage
10How people interact with, rely on, or misuse the system: manipulation, overreliance, and loss of human agency.
Security & adversarial
7+43 subAttacks on the AI system: prompt injection, evasion, poisoning, model theft, and autonomous-agent abuse.
Data, privacy & content liability
6+5 subPersonal-data exposure, unlawful processing, confidentiality, and content-related legal liability.
Third party & supply chain
5+8 subRisks inherited from model providers, vendors, and the AI supply chain: concentration, version churn, embedded AI.
61 sub-risks
7 families
Built and mapped to international standards.
Every risk traces to a citable source. The register is consolidated from the MIT AI Risk Repository and decomposed through MITRE ATLAS, then aligned with the international standards and frameworks in scope for a deployment.
Names and logos identify the sources referenced. The Deployer AI Risk Register is an independent work; the organizations shown do not endorse or sponsor it.
Which taxonomy can an organization deploying AI build its risk register on?
The available taxonomies were each written for another purpose: research catalogues, security matrices, standards clauses, legal obligations. None of them is, on its own, a working risk register for the organization that deploys AI systems. That is what the Deployer AI Risk Register provides: built in the open, free to reuse, and documented step by step.
Start from the most exhaustive source.
The MIT AI Risk Repository consolidates the field's published frameworks: the register inherits the field's collective judgment, not one team's opinion.
Filter it to the deployer.
Three sequential filters were applied to every entry, with an explicit rule to keep any risk whose status is uncertain.
Expand the coverage.
Three standards were read against the register, each extending it where the others stop: governance, attack techniques, legal compliance.
The same three steps, traced through the register: the sources on the left, the seven deployer families they become on the right.
What the two relevance filters keep and set aside:
- Risks that surface when an organization procures, configures, operates, monitors, or retires an AI system
- Risks measurable through system evaluation, production monitoring, or the organization's own records and telemetry
- Developer-stage flaws that land on the deployer, such as training-data bias surfacing as unfair outputs
- Model-architecture and pre-training research decisions
- Fundamental alignment and interpretability research programs
- Existential, superintelligence, and AI-consciousness scenarios
- Nation-state military and geopolitical arms-race dynamics
Test it against six more frameworks.
Six independent taxonomies, built by other organizations for other purposes, were mapped against the register entry by entry to find anything that falls outside it.
The register: 82 canonical risks and 61 technique sub-risks, in seven deployer families, every entry tracing to a citable source.
For organizations that deploy AI.
Running AI systems built elsewhere does not move the risk elsewhere. The register gives a shared taxonomy and the structure to manage the domains that matter to a deployment, mapped to the frameworks in scope. Roles follow the MindXO Framework Navigator.
Chief AI Officer
Owns AI strategy and the operating model. Needs one taxonomy to structure governance across the whole AI portfolio.
Chief Information Security Officer
Defends AI systems against adversarial threats. Maps each risk to OWASP and MITRE ATLAS, down to the technique.
Governance, Risk & Compliance
Owns regulatory alignment and audit-ready evidence. Proves coverage against ISO/IEC 42001 and the EU AI Act.
Explore the register.
Six ways into the open register: browse and filter every risk, trace its provenance, map the security decomposition, check framework coverage, read the method, or take the data.
Open source, end to end.
Deployer AI Risk Register: a canonical AI risk register for organizations that deploy AI systems. Developed by MindXO. Version 1.0, 3 July 2026. https://www.airiskdeployer.org/
@misc{deployer_ai_risk_register,
author = {{MindXO}},
title = {Deployer AI Risk Register: a canonical AI risk register for organizations that deploy AI systems},
year = {2026},
month = {jul},
version = {1.0},
url = {https://www.airiskdeployer.org/},
note = {Open source. Derived from the MIT AI Risk Repository (V4) under CC BY 4.0}
}
Deployer AI Risk Register is derived from the MIT AI Risk Repository (V4, December 2025), used under CC BY 4.0. It is an independent derivative work and is not endorsed by or affiliated with MIT. The security decomposition references MITRE ATLAS™ (v5.6.0). © 2021-2026 The MITRE Corporation; this work is reproduced and distributed with the permission of The MITRE Corporation, under the non-exclusive, royalty-free license granted in the MITRE ATLAS Terms of Use for research, development, and commercial purposes. MITRE ATLAS™ is a trademark of The MITRE Corporation; its use here does not imply MITRE's endorsement. ISO/IEC 23894:2023, ISO/IEC 42001:2023, the EU AI Act (Regulation (EU) 2024/1689), and the GPAI Code of Practice are referenced by clause, control, article, and commitment number only; no licensed or official text is reproduced. Coverage checks reference the IBM AI Risk Atlas and the Cisco AI Security Framework (Apache 2.0), NIST AI 100-2 and AI 600-1 (US public domain), and the OWASP Top 10 for LLM and for Agentic Applications (CC BY-SA 4.0).
Full attribution, licensing, and the AI-assistance disclosure are on the about page.