DARR
The register

Explore all deployer risks here.

Risks are organized into 7 families corresponding to enterprise risk domains. Families are built from the MIT AI Risk Repository and enriched with MITRE ATLAS, ISO, and the EU AI Act.

7families
82canonical risks
61MITRE ATLAS sub-risks
10frameworks crosswalked
FamilyRisksSub-risks Enterprise risk domainMITRE ATLASISOEU AI Act
Model & system behaviour
How the AI system itself behaves: bias, toxic or unsafe output, hallucination, brittleness, and emergent capability.
29 5 Operational & technology risk 5 sub-risks29 refs7 refs
Governance & process
Accountability, oversight, documentation, evaluation, and the lifecycle discipline of running AI.
13 0 Operational & governance risk not decomposed+7 gaps8 refs
Regulatory compliance
Duties under the EU AI Act and sector rules: impact assessments, registration, notice, and monitoring.
12 0 Compliance & legal risk not decomposed1 ref+11 gaps
Human & usage
How people interact with, rely on, or misuse the system: manipulation, overreliance, and loss of human agency.
10 0 Conduct & operational risk not decomposed10 refs4 refs
Security & adversarial
Attacks on the AI system: prompt injection, evasion, poisoning, model theft, and autonomous-agent abuse.
7 43 Cyber & information security risk 43 sub-risks6 refs1 ref
Data, privacy & content liability
Personal-data exposure, unlawful processing, confidentiality, and content-related legal liability.
6 5 Privacy, data & legal risk 5 sub-risks6 refs2 refs
Third party & supply chain
Risks inherited from model providers, vendors, and the AI supply chain: concentration, version churn, embedded AI.
5 8 Third-party & supply-chain risk 8 sub-risks+2 gaps2 refs
N sub-risks decomposed by MITRE ATLAS +N gaps risks the source added N refs cross-referenced only

Enterprise risk domains match the family band on the home page. ISO clause and EU article references cross-cut families; the badges mark where a source introduced or decomposed risks. Family colours carry through to the full register below.

Browse

The full register.

82 canonical risks; the 12 risks with MITRE ATLAS-anchored sub-risks are badged. Filtering runs in the browser.

82 of 82 risks
IdRiskFamilyAI typeScopeSource
MR-001 Biased or discriminatory outputs and decisions Model & system behaviour GPAI, Agentic, Classical_ML Both MIT AI Risk Repository v4
MR-002 Stereotyping and representational harm Model & system behaviour GPAI, Classical_ML System MIT AI Risk Repository v4
MR-003 Toxic, hateful, or harassing content generation Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-004 Violent or extremist content generation Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-005 Child sexual abuse material and child-safety harm Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-006 Disparate performance across groups and languages Model & system behaviour GPAI, Classical_ML System MIT AI Risk Repository v4
MR-007 Self-harm, suicide and dangerous-behavior promotion Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-008 Sexual content and non-consensual intimate imagery Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-009 Leakage of personal or sensitive data3 sub-risks Data, privacy & content liability GPAI, Classical_ML System MIT AI Risk Repository v4
MR-010 Prompt injection and jailbreaking10 sub-risks Security & adversarial GPAI, Agentic System MIT AI Risk Repository v4
MR-011 Unlawful or non-consensual collection and processing of personal data Data, privacy & content liability GPAI, Classical_ML Both MIT AI Risk Repository v4
MR-012 Adversarial examples and evasion attacks4 sub-risks Security & adversarial Classical_ML, GPAI System MIT AI Risk Repository v4
MR-013 Disclosure of confidential or proprietary information2 sub-risks Data, privacy & content liability GPAI, Agentic Both MIT AI Risk Repository v4
MR-014 Data and model poisoning and backdoors4 sub-risks Security & adversarial GPAI, Classical_ML, Agentic System MIT AI Risk Repository v4
MR-015 Residual AI system security and availability weaknesses9 sub-risks Security & adversarial GPAI, Classical_ML, Agentic System MIT AI Risk Repository v4
MR-016 Model theft, extraction and weight leakage3 sub-risks Security & adversarial GPAI, Classical_ML System MIT AI Risk Repository v4
MR-017 Privacy-invasive inference and re-identification Data, privacy & content liability GPAI, Classical_ML System MIT AI Risk Repository v4
MR-018 AI supply-chain and infrastructure vulnerabilities8 sub-risks Third party & supply chain GPAI, Classical_ML, Agentic Both MIT AI Risk Repository v4
MR-019 Insecure or vulnerable code generation Model & system behaviour GPAI, Agentic System MIT AI Risk Repository v4
MR-020 Insecure integration with external tools, plugins and APIs Security & adversarial GPAI, Agentic System MIT AI Risk Repository v4
MR-021 Hallucination and fabricated output Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-022 Unsafe or incorrect advice in high-stakes domains Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-023 Contribution to misinformation and information-ecosystem degradation Model & system behaviour GPAI Both MIT AI Risk Repository v4
MR-024 Defamation and false statements about people Data, privacy & content liability GPAI System MIT AI Risk Repository v4
MR-025 Overconfidence, sycophancy and poor calibration Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-026 Disinformation and influence operations Model & system behaviour GPAI, Agentic System MIT AI Risk Repository v4
MR-027 AI-enabled cyberattacks and offensive cyber operations1 sub-risks Model & system behaviour GPAI, Agentic Both MIT AI Risk Repository v4
MR-028 AI-enabled fraud, scams and social engineering2 sub-risks Model & system behaviour GPAI, Agentic Both MIT AI Risk Repository v4
MR-029 Facilitation of weapons, CBRN and serious physical harm (capability uplift) Model & system behaviour GPAI, Agentic System MIT AI Risk Repository v4
MR-030 Manipulation, persuasion and dark patterns Human & usage GPAI, Agentic System MIT AI Risk Repository v4
MR-031 Impersonation, deepfakes and synthetic media2 sub-risks Model & system behaviour GPAI Both MIT AI Risk Repository v4
MR-032 Deliberate misuse and repurposing for harm Human & usage GPAI, Agentic Both MIT AI Risk Repository v4
MR-033 Mass surveillance and censorship enablement Human & usage GPAI, Classical_ML Both MIT AI Risk Repository v4
MR-034 Overreliance and automation bias Human & usage GPAI, Agentic, Classical_ML Both MIT AI Risk Repository v4
MR-035 Erosion of human agency and autonomy Human & usage GPAI, Agentic Both MIT AI Risk Repository v4
MR-036 Anthropomorphism, emotional dependence and psychological harm Human & usage GPAI System MIT AI Risk Repository v4
MR-037 Environmental footprint of AI Governance & process GPAI, Classical_ML, Agentic Both MIT AI Risk Repository v4
MR-038 Workforce displacement and job-quality decline Human & usage GPAI, Agentic, Classical_ML Organization MIT AI Risk Repository v4
MR-039 Intellectual property and copyright infringement Data, privacy & content liability GPAI Both MIT AI Risk Repository v4
MR-040 Regulatory non-compliance and legal liability Regulatory compliance GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-041 Academic and professional dishonesty Human & usage GPAI System MIT AI Risk Repository v4
MR-042 Unclear accountability and responsibility for AI decisions Governance & process GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-043 Inadequate AI governance and oversight processes Governance & process GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-044 Exploitative labor in the AI supply chain Third party & supply chain GPAI, Classical_ML Organization MIT AI Risk Repository v4
MR-045 Insufficient documentation, transparency and data provenance Governance & process GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-046 Inadequate evaluation, testing and benchmarking Governance & process GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-047 Vendor/model concentration, monoculture and correlated failure Third party & supply chain GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-048 AI competence and skills gaps in the organization Human & usage GPAI, Classical_ML, Agentic Organization MIT AI Risk Repository v4
MR-049 Physical safety harm and accidents Model & system behaviour GPAI, Agentic, Classical_ML System MIT AI Risk Repository v4
MR-050 Inaccuracy and poor predictive performance Model & system behaviour GPAI, Classical_ML, Agentic System MIT AI Risk Repository v4
MR-051 Ethical or value misalignment in outputs and decisions Model & system behaviour GPAI, Agentic System MIT AI Risk Repository v4
MR-052 Emergent dangerous capabilities Model & system behaviour GPAI, Agentic System MIT AI Risk Repository v4
MR-053 Goal misspecification, specification gaming and reward hacking Model & system behaviour GPAI, Agentic, Classical_ML System MIT AI Risk Repository v4
MR-054 Loss of meaningful human oversight and control Governance & process Agentic, GPAI Both MIT AI Risk Repository v4
MR-055 Lack of explainability and interpretability Model & system behaviour GPAI, Classical_ML, Agentic Both MIT AI Risk Repository v4
MR-056 Lack of robustness to distribution shift and edge cases Model & system behaviour GPAI, Classical_ML, Agentic System MIT AI Risk Repository v4
MR-057 Multi-agent interaction risks Model & system behaviour Agentic, GPAI Both MIT AI Risk Repository v4
MR-058 Model performance drift and degradation over time Model & system behaviour GPAI, Classical_ML System MIT AI Risk Repository v4
MR-059 Poor data quality and representativeness Model & system behaviour GPAI, Classical_ML Both MIT AI Risk Repository v4
MR-060 Use outside intended scope Human & usage GPAI, Agentic, Classical_ML Both MIT AI Risk Repository v4
MR-061 Over-refusal and excessive safety filtering Model & system behaviour GPAI System MIT AI Risk Repository v4
MR-062 Shadow AI and unsanctioned use of AI tools Governance & process GPAI, Agentic, Classical_ML Organization ISO/IEC 23894 + 42001 (gap analysis)
MR-063 AI inventory blind spots Governance & process GPAI, Agentic, Classical_ML Organization ISO/IEC 23894 + 42001 (gap analysis)
MR-064 Embedded AI introduced through procurement Third party & supply chain GPAI, Classical_ML Organization ISO/IEC 23894 + 42001 (gap analysis)
MR-065 Vendor model version churn and undisclosed updates Third party & supply chain GPAI, Agentic Both ISO/IEC 23894 + 42001 (gap analysis)
MR-066 Change deployed without revalidation Governance & process GPAI, Classical_ML, Agentic System ISO/IEC 23894 + 42001 (gap analysis)
MR-067 Absence of AI impact assessment Governance & process GPAI, Agentic, Classical_ML Organization ISO/IEC 23894 + 42001 (gap analysis)
MR-068 Inadequate AI incident response and communication Governance & process GPAI, Agentic, Classical_ML Organization ISO/IEC 23894 + 42001 (gap analysis)
MR-069 Inadequate logging, record-keeping and traceability Governance & process GPAI, Agentic, Classical_ML System ISO/IEC 23894 + 42001 (gap analysis)
MR-070 Inadequate AI decommissioning and retirement Governance & process GPAI, Classical_ML, Agentic Organization ISO/IEC 23894 + 42001 (gap analysis)
MR-071 Autonomous agent hijacking and excessive-agency abuse13 sub-risks Security & adversarial Agentic, GPAI Both MITRE ATLAS v5.6.0 (gap analysis)
MR-072 Failure to conduct a fundamental rights impact assessment Regulatory compliance GPAI, Agentic, Classical_ML Organization EU AI Act 2024/1689 (gap analysis)
MR-073 Failure to inform workers before workplace deployment Regulatory compliance GPAI, Agentic, Classical_ML Organization EU AI Act 2024/1689 (gap analysis)
MR-074 Failure to register a high-risk system or verify its registration Regulatory compliance GPAI, Agentic, Classical_ML Organization EU AI Act 2024/1689 (gap analysis)
MR-075 Failure to inform individuals subject to high-risk AI decisions Regulatory compliance GPAI, Agentic, Classical_ML Both EU AI Act 2024/1689 (gap analysis)
MR-076 Failure to monitor operation and meet incident-reporting and suspension duties Regulatory compliance GPAI, Agentic, Classical_ML Organization EU AI Act 2024/1689 (gap analysis)
MR-077 Deploying or repurposing a system into a prohibited practice Regulatory compliance GPAI, Agentic, Classical_ML Both EU AI Act 2024/1689 (gap analysis)
MR-078 Failure to meet AI transparency and disclosure obligations Regulatory compliance GPAI, Agentic Both EU AI Act 2024/1689 (gap analysis)
MR-079 Non-compliance with the AI literacy obligation Regulatory compliance GPAI, Agentic, Classical_ML Organization EU AI Act 2024/1689 (gap analysis)
MR-080 Provider fails to supply adequate GPAI model documentation Regulatory compliance GPAI, Agentic Both GPAI Code of Practice 2025 (gap analysis)
MR-081 Provider's inadequate copyright compliance exposes the deployer to IP liability Regulatory compliance GPAI, Agentic Both GPAI Code of Practice 2025 (gap analysis)
MR-082 Provider's inadequate systemic-risk safety and security management, with no deployer visibility Regulatory compliance GPAI, Agentic Both GPAI Code of Practice 2025 (gap analysis)

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.