DARR
Open source · by MindXO

The AI risks every organization deploying AI needs to govern.

The Deployer AI Risk Register (DARR) is an open, citable catalogue of 82 deployment risks and 61 security sub-risks, consolidated from the MIT AI Risk Repository, ISO/IEC, MITRE ATLAS, and the EU AI Act. Free to build on.

82 risks · 61 sub-risks · 143 rows · 10 frameworks cross-checked
1,835 MIT entries → 82 risks
The methodology documents each step.
The register

An AI risk taxonomy that fits how organizations already manage risk.

The Deployer AI Risk Register sorts 82 canonical risks and 61 sub-risks into seven families a deploying organization can own. Each family reconciles with a domain an enterprise risk, compliance, or security function already runs, so AI risk drops into the existing framework rather than standing apart. It is the taxonomy practitioners build their AI risk management, governance, and security program on.

Model & system behaviour

29+5 sub

How the AI system itself behaves: bias, toxic or unsafe output, hallucination, brittleness, and emergent capability.

Reconciles with Operational & technology risk

Governance & process

13

Accountability, oversight, documentation, evaluation, and the lifecycle discipline of running AI.

Reconciles with Operational & governance risk

Regulatory compliance

12

Duties under the EU AI Act and sector rules: impact assessments, registration, notice, and monitoring.

Reconciles with Compliance & legal risk

Human & usage

10

How people interact with, rely on, or misuse the system: manipulation, overreliance, and loss of human agency.

Reconciles with Conduct & operational risk

Security & adversarial

7+43 sub

Attacks on the AI system: prompt injection, evasion, poisoning, model theft, and autonomous-agent abuse.

Reconciles with Cyber & information security risk

Data, privacy & content liability

6+5 sub

Personal-data exposure, unlawful processing, confidentiality, and content-related legal liability.

Reconciles with Privacy, data & legal risk

Third party & supply chain

5+8 sub

Risks inherited from model providers, vendors, and the AI supply chain: concentration, version churn, embedded AI.

Reconciles with Third-party & supply-chain risk
82 risks
61 sub-risks
7 families
Browse the register →
Why build on it
Built on the field's most complete source
Consolidated from the MIT AI Risk Repository (V4), the most comprehensive public catalogue of AI risk, spanning 74 source frameworks.
Deployer-scoped
Only the risks an organization that runs AI can see, measure, and act on.
Enterprise-aligned
Seven families that reconcile with the risk taxonomy an enterprise risk function already uses.
Standards-mapped
Every risk crosswalked to ten external frameworks, 674 item-level mappings.
Cross-checked against six more frameworks
Six external taxonomies mapped entry by entry; every entry landed on an existing risk, none unmatched.
Open & citable
CC BY 4.0, permanent identifiers (MR-001 to MR-082), free to build on.
Sources

Built and mapped to international standards.

Every risk traces to a citable source. The register is consolidated from the MIT AI Risk Repository and decomposed through MITRE ATLAS, then aligned with the international standards and frameworks in scope for a deployment.

Mapped to and cross-checked against

Names and logos identify the sources referenced. The Deployer AI Risk Register is an independent work; the organizations shown do not endorse or sponsor it.

The method

Which taxonomy can an organization deploying AI build its risk register on?

The available taxonomies were each written for another purpose: research catalogues, security matrices, standards clauses, legal obligations. None of them is, on its own, a working risk register for the organization that deploys AI systems. That is what the Deployer AI Risk Register provides: built in the open, free to reuse, and documented step by step.

1

Start from the most exhaustive source.

The MIT AI Risk Repository consolidates the field's published frameworks: the register inherits the field's collective judgment, not one team's opinion.

Published frameworks74
Catalogued rows2,574
Risk entries taken forward1,835
2

Filter it to the deployer.

Three sequential filters were applied to every entry, with an explicit rule to keep any risk whose status is uncertain.

Deployer relevance−1971,638
Operational measurability−551,583
Deduplication26 : 161 risks
3

Expand the coverage.

Three standards were read against the register, each extending it where the others stop: governance, attack techniques, legal compliance.

ISO/IEC 23894 and 42001+970
MITRE ATLAS, +61 sub-risks+171
EU AI Act and GPAI CoP+1182 risks

The same three steps, traced through the register: the sources on the left, the seven deployer families they become on the right.

Sources flowing into the Deployer AI Risk Register Each source is a card on the left: the MIT AI Risk Repository with its seven research domains (steps 1 and 2), then the ISO, EU AI Act and MITRE ATLAS gap-analysis additions (step 3). Ribbons flow from every card into the register’s seven deployer-facing families on the right; bronze marks the MITRE ATLAS second tier of 61 technique sub-risks. Both sides balance at 143. SOURCES THE DEPLOY AI RISK REGISTER 82 canonical risks · 61 technique sub-risks · 7 deployer families 1 MIT AI Risk Repository 2 1,835 risk entries → three filters → 61 canonical risks counts = canonical risks per MIT risk domain 1. Discrimination & Toxicity 8 2. Privacy & Security 11 3. Misinformation 3 4. Malicious Actors & Misuse 9 5. Human-Computer Interaction 3 6. Socioeconomic and Environmental 11 7. AI System Safety, Failures, & Limitations 16 3 ADDED BY GAP ANALYSIS ISO/IEC 23894 and 42001 66 clauses and controls reviewed by hand +9 EU AI Act and GPAI CoP 21 deployer obligations extracted +11 MITRE ATLAS 170 techniques reviewed: 101 top-level, 69 sub-techniques 40 of 101 are attack-chain context, recorded, not added +1 canonical risk: the agentic gap +61 technique sub-risks, a second tier under 12 security-family risks 29 Model & system behaviour +5 13 Governance & process 12 Regulatory compliance 10 Human & usage 7 Security & adversarial +43 6 Data, privacy & content liability +5 5 Third party & supply chain +8
Register tier Risk 82 Sub-risk 61
Ribbon width = risks. Colours trace the MIT research domains.

What the two relevance filters keep and set aside:

Kept · a deployer can act on it
  • Risks that surface when an organization procures, configures, operates, monitors, or retires an AI system
  • Risks measurable through system evaluation, production monitoring, or the organization's own records and telemetry
  • Developer-stage flaws that land on the deployer, such as training-data bias surfacing as unfair outputs
Set aside · outside a deployer's hands
  • Model-architecture and pre-training research decisions
  • Fundamental alignment and interpretability research programs
  • Existential, superintelligence, and AI-consciousness scenarios
  • Nation-state military and geopolitical arms-race dynamics
4

Test it against six more frameworks.

Six independent taxonomies, built by other organizations for other purposes, were mapped against the register entry by entry to find anything that falls outside it.

External entries mapped, one by one271
Entries left unmatched0
New canonical risks required0

The register: 82 canonical risks and 61 technique sub-risks, in seven deployer families, every entry tracing to a citable source.

Who it's for

For organizations that deploy AI.

Running AI systems built elsewhere does not move the risk elsewhere. The register gives a shared taxonomy and the structure to manage the domains that matter to a deployment, mapped to the frameworks in scope. Roles follow the MindXO Framework Navigator.

CAIO
AI governance

Chief AI Officer

Owns AI strategy and the operating model. Needs one taxonomy to structure governance across the whole AI portfolio.

Governance & processSystem behaviour
CISO
Security

Chief Information Security Officer

Defends AI systems against adversarial threats. Maps each risk to OWASP and MITRE ATLAS, down to the technique.

Security & adversarialSupply chain
CGRCO
Compliance

Governance, Risk & Compliance

Owns regulatory alignment and audit-ready evidence. Proves coverage against ISO/IEC 42001 and the EU AI Act.

Regulatory complianceGovernance & process
Tools and data

Explore the register.

Six ways into the open register: browse and filter every risk, trace its provenance, map the security decomposition, check framework coverage, read the method, or take the data.

Open by design

Open source, end to end.

github.com/Myr-Aya/deployer-ai-risk-register
Open data
The full register as CSV and JSON.
Open methodology
Every step of the method, published in full.
Open licence
CC BY 4.0. Reuse with attribution.
Cite Deployer AI Risk Register

Deployer AI Risk Register: a canonical AI risk register for organizations that deploy AI systems. Developed by MindXO. Version 1.0, 3 July 2026. https://www.airiskdeployer.org/

BibTeX
@misc{deployer_ai_risk_register,
  author  = {{MindXO}},
  title   = {Deployer AI Risk Register: a canonical AI risk register for organizations that deploy AI systems},
  year    = {2026},
  month   = {jul},
  version = {1.0},
  url     = {https://www.airiskdeployer.org/},
  note    = {Open source. Derived from the MIT AI Risk Repository (V4) under CC BY 4.0}
}

Deployer AI Risk Register is derived from the MIT AI Risk Repository (V4, December 2025), used under CC BY 4.0. It is an independent derivative work and is not endorsed by or affiliated with MIT. The security decomposition references MITRE ATLAS™ (v5.6.0). © 2021-2026 The MITRE Corporation; this work is reproduced and distributed with the permission of The MITRE Corporation, under the non-exclusive, royalty-free license granted in the MITRE ATLAS Terms of Use for research, development, and commercial purposes. MITRE ATLAS™ is a trademark of The MITRE Corporation; its use here does not imply MITRE's endorsement. ISO/IEC 23894:2023, ISO/IEC 42001:2023, the EU AI Act (Regulation (EU) 2024/1689), and the GPAI Code of Practice are referenced by clause, control, article, and commitment number only; no licensed or official text is reproduced. Coverage checks reference the IBM AI Risk Atlas and the Cisco AI Security Framework (Apache 2.0), NIST AI 100-2 and AI 600-1 (US public domain), and the OWASP Top 10 for LLM and for Agentic Applications (CC BY-SA 4.0).

Full attribution, licensing, and the AI-assistance disclosure are on the about page.