DARR
Download

The open dataset.

The full two-tier register: 82 canonical risks and 61 MITRE ATLAS-anchored sub-risks, 143 rows, with the published fields listed below. The same files back this repository on GitHub.

CSV

deployer-ai-risk-register.csv

Flat spine: one row per risk and sub-risk. Opens directly in Excel and imports cleanly into GRC tooling.

Download CSV
JSON

deployer-ai-risk-register.json

Nested structure: dataset metadata, then 82 canonical risks each carrying its sub-risks.

Download JSON
CSV

crosswalk.csv

The full framework crosswalk: 674 mappings from the register's risks to items in 10 external taxonomies, with match strength.

Download crosswalk CSV
JSON

crosswalk.json

The same crosswalk plus every framework's item list (531 items, with definitions where the source licence permits).

Download crosswalk JSON

Building on the register? It stays free and open, with no sign-up required. Teams that want release updates, or that want to share how they use the register, can get in touch with MindXO. It is entirely optional.

License

The register content authored by MindXO is published under CC BY 4.0. Share and adapt it freely with attribution. The register text derives from the MIT AI Risk Repository (CC BY 4.0); MITRE ATLAS content is reproduced with permission under the MITRE ATLAS Terms of Use; ISO/IEC and EU AI Act references are numbers only and reproduce no licensed or official text. The crosswalk reproduces framework item names and definitions only where their source licence allows: NIST (US public domain), OWASP (CC BY-SA 4.0), and IBM and Cisco (Apache 2.0), each attributed to its author and retaining that licence; ISO and EU items remain numbers only.

Published fields

FieldDefinition
canonical_risk_idStable identifier: MR-001 to MR-082 for canonical risks, MR-0xx.N for sub-risks.
row_typeRisk or Sub-risk.
nameThe risk name.
descriptionThe risk description, written from the deployer's perspective.
risk_familyOne of seven families used to organize the register.
mit_domain / mit_subdomainVerbatim MIT AI Risk Repository taxonomy labels; n/a for risks that did not originate from MIT.
ai_typeThe AI system types the risk applies to: GPAI, Agentic, Classical_ML.
scope_classWhether the risk attaches to a System, the Organization, or Both.
source_standardThe phase and standard that produced the risk.
source_frameworksCitation keys of the source frameworks behind the consolidated risk.
source_countNumber of source frameworks.
iso_referencesISO/IEC 23894 and 42001 references, clause and control numbers only.
eu_ai_act_articlesEU AI Act article numbers.
eu_cop_referencesGPAI Code of Practice commitment references, numbers only.
nearest_mit_riskFor gap risks: the closest MIT-derived risk and why it was insufficient.
related_frameworksHigh-level crosswalk: names of frameworks with material relating to the risk.
parent_risk_idFor sub-risks: the parent canonical risk.
atlas_technique_id / atlas_technique_nameFor sub-risks: the MITRE ATLAS technique the sub-risk is anchored to.

Cite

Plain text

Deployer AI Risk Register: an open-source canonical AI risk register for organizations that deploy AI systems. Developed by MindXO. Version 1.0, 3 July 2026. https://www.airiskdeployer.org/

BibTeX
@misc{deployer_ai_risk_register,
  author  = {{MindXO}},
  title   = {Deployer AI Risk Register: an open-source canonical AI risk register for organizations that deploy AI systems},
  year    = {2026},
  month   = {jul},
  version = {1.0},
  url     = {https://www.airiskdeployer.org/},
  note    = {Open source. Derived from the MIT AI Risk Repository (V4) under CC BY 4.0}
}

Attribution

Deployer AI Risk Register is derived from the MIT AI Risk Repository (V4, December 2025), used under CC BY 4.0. It is an independent derivative work and is not endorsed by or affiliated with MIT. The security decomposition references MITRE ATLAS™ (v5.6.0). © 2021-2026 The MITRE Corporation; this work is reproduced and distributed with the permission of The MITRE Corporation, under the non-exclusive, royalty-free license granted in the MITRE ATLAS Terms of Use for research, development, and commercial purposes. MITRE ATLAS™ is a trademark of The MITRE Corporation; its use here does not imply MITRE's endorsement. ISO/IEC 23894:2023, ISO/IEC 42001:2023, the EU AI Act (Regulation (EU) 2024/1689), and the GPAI Code of Practice are referenced by clause, control, article, and commitment number only; no licensed or official text is reproduced. Coverage checks reference the IBM AI Risk Atlas and the Cisco AI Security Framework (Apache 2.0), NIST AI 100-2 and AI 600-1 (US public domain), and the OWASP Top 10 for LLM and for Agentic Applications (CC BY-SA 4.0).