
Launching a community to maintain and expand an open-source AI Risk Register for organizations deploying AI. Contributors welcome.
Organizations deploying AI still lack a shared, vendor-agnostic, enterprise-level AI risk taxonomy.
Most existing AI risk taxonomies are either written for model developers, focused on frontier AI labs, or structured as academic catalogs. The MIT AI Risk Repository, for example, is very useful, but it contains 1,835 entries across 74 source documents, which makes it hard to use directly inside an enterprise process.
So I started an open-source attempt at a deployer-side AI risk register.
The goal is to consolidate AI deployment risks into a practical taxonomy that organizations can use as basis to build their AI risk register.
What is already built:
- 82 canonical risks across 7 families, each mapped to an enterprise risk domain.
- 61 MITRE ATLAS-anchored sub-risks for the AI security tier.
- Mappings to ISO/IEC 42001, ISO/IEC 23894, the EU AI Act, and MITRE ATLAS.
1 Crosswalks to the IBM AI Risk Atlas, Cisco AI Security Framework, OWASP Top 10, NIST AI 100-2 on adversarial machine learning, and NIST AI 600-1 on the GenAI profile.
Where the community could help:
-Mapping review: governance, risk, security, audit, legal, and assurance practitioners to sanity-check the crosswalks.
-New frameworks: CSA AICM, AI Verify, sector-specific regulations, regional guidance, and other sources not yet covered.
-Maintenance: keeping the register current as MIT, ISO, OWASP, NIST, and other sources evolve.
-Tooling and adoption: wiring stable risk IDs into scanners, evals, GRC tools, model inventories, red-team workflows, or audit evidence libraries.
Link to live register: https://www.airiskdeployer.org/