The open dataset.
The full two-tier register: 82 canonical risks and 61 MITRE ATLAS-anchored sub-risks, 143 rows, with the published fields listed below. The same files back this repository on GitHub.
deployer-ai-risk-register.csv
Flat spine: one row per risk and sub-risk. Opens directly in Excel and imports cleanly into GRC tooling.
Download CSVdeployer-ai-risk-register.json
Nested structure: dataset metadata, then 82 canonical risks each carrying its sub-risks.
Download JSONcrosswalk.csv
The full framework crosswalk: 674 mappings from the register's risks to items in 10 external taxonomies, with match strength.
Download crosswalk CSVcrosswalk.json
The same crosswalk plus every framework's item list (531 items, with definitions where the source licence permits).
Download crosswalk JSONBuilding on the register? It stays free and open, with no sign-up required. Teams that want release updates, or that want to share how they use the register, can get in touch with MindXO. It is entirely optional.
License
The register content authored by MindXO is published under CC BY 4.0. Share and adapt it freely with attribution. The register text derives from the MIT AI Risk Repository (CC BY 4.0); MITRE ATLAS content is reproduced with permission under the MITRE ATLAS Terms of Use; ISO/IEC and EU AI Act references are numbers only and reproduce no licensed or official text. The crosswalk reproduces framework item names and definitions only where their source licence allows: NIST (US public domain), OWASP (CC BY-SA 4.0), and IBM and Cisco (Apache 2.0), each attributed to its author and retaining that licence; ISO and EU items remain numbers only.
Published fields
| Field | Definition |
|---|---|
| canonical_risk_id | Stable identifier: MR-001 to MR-082 for canonical risks, MR-0xx.N for sub-risks. |
| row_type | Risk or Sub-risk. |
| name | The risk name. |
| description | The risk description, written from the deployer's perspective. |
| risk_family | One of seven families used to organize the register. |
| mit_domain / mit_subdomain | Verbatim MIT AI Risk Repository taxonomy labels; n/a for risks that did not originate from MIT. |
| ai_type | The AI system types the risk applies to: GPAI, Agentic, Classical_ML. |
| scope_class | Whether the risk attaches to a System, the Organization, or Both. |
| source_standard | The phase and standard that produced the risk. |
| source_frameworks | Citation keys of the source frameworks behind the consolidated risk. |
| source_count | Number of source frameworks. |
| iso_references | ISO/IEC 23894 and 42001 references, clause and control numbers only. |
| eu_ai_act_articles | EU AI Act article numbers. |
| eu_cop_references | GPAI Code of Practice commitment references, numbers only. |
| nearest_mit_risk | For gap risks: the closest MIT-derived risk and why it was insufficient. |
| related_frameworks | High-level crosswalk: names of frameworks with material relating to the risk. |
| parent_risk_id | For sub-risks: the parent canonical risk. |
| atlas_technique_id / atlas_technique_name | For sub-risks: the MITRE ATLAS technique the sub-risk is anchored to. |
Cite
Deployer AI Risk Register: an open-source canonical AI risk register for organizations that deploy AI systems. Developed by MindXO. Version 1.0, 3 July 2026. https://www.airiskdeployer.org/
@misc{deployer_ai_risk_register,
author = {{MindXO}},
title = {Deployer AI Risk Register: an open-source canonical AI risk register for organizations that deploy AI systems},
year = {2026},
month = {jul},
version = {1.0},
url = {https://www.airiskdeployer.org/},
note = {Open source. Derived from the MIT AI Risk Repository (V4) under CC BY 4.0}
}
Attribution
Deployer AI Risk Register is derived from the MIT AI Risk Repository (V4, December 2025), used under CC BY 4.0. It is an independent derivative work and is not endorsed by or affiliated with MIT. The security decomposition references MITRE ATLAS™ (v5.6.0). © 2021-2026 The MITRE Corporation; this work is reproduced and distributed with the permission of The MITRE Corporation, under the non-exclusive, royalty-free license granted in the MITRE ATLAS Terms of Use for research, development, and commercial purposes. MITRE ATLAS™ is a trademark of The MITRE Corporation; its use here does not imply MITRE's endorsement. ISO/IEC 23894:2023, ISO/IEC 42001:2023, the EU AI Act (Regulation (EU) 2024/1689), and the GPAI Code of Practice are referenced by clause, control, article, and commitment number only; no licensed or official text is reproduced. Coverage checks reference the IBM AI Risk Atlas and the Cisco AI Security Framework (Apache 2.0), NIST AI 100-2 and AI 600-1 (US public domain), and the OWASP Top 10 for LLM and for Agentic Applications (CC BY-SA 4.0).