Understand the register's sources and how it crosswalks to established frameworks.
A six-step chain: where the 82 risks come from, how they are organized and enriched, and how they crosswalk out to ten external frameworks and back. Each step links to its view.
- 1From the MIT AI Risk Repository to 82 canonical risks1,835 entries from the MIT AI Risk Repository (V4, 74 source frameworks) filtered and consolidated to 61 canonical risks, then completed to 82.→
- 282 risks organized into 7 families, mapped to enterprise risk domainsThe 82 canonical risks grouped into 7 deployer families, each reconciled with an enterprise risk domain (operational, cyber, compliance, and so on).→
- 3Register enriched with MITRE ATLAS v5.6.012 canonical risks decomposed into 61 technique-level sub-risks anchored to MITRE ATLAS v5.6.0.→
- 4Register enriched with ISO/IEC 23894 and 42001 and the EU AI Act 2024/1689ISO/IEC 23894 and 42001 and the EU AI Act, with the GPAI Code of Practice, read backward into 9 governance and 11 compliance gap risks, and referenced across the register.→
- 5Crosswalk from the register out to 10 external frameworksEach risk mapped outward: 674 item-level links to ISO/IEC 23894 and 42001, MITRE ATLAS, the EU AI Act, IBM, Cisco, NIST, and OWASP.→
- 6Reverse crosswalk from 531 framework entries back to the registerEvery one of the 531 entries in those frameworks mapped back to the register risk it corresponds to, or its out-of-scope reason.→
From the MIT AI Risk Repository to 82 risks.
Three filters cut 1,835 MIT AI Risk Repository entries (V4, 74 source frameworks) to 61 canonical risks; ISO, MITRE ATLAS, and the EU AI Act add 21 more. Ribbon width shows how many source entries fed each risk; colour marks the originating MIT domain.
82 risks, seven families, enterprise risk domains.
The 82 canonical risks group into seven deployer families, each reconciled with an enterprise risk domain. The ribbons trace how many risks came from each MIT research domain into each family.
Enriched with MITRE ATLAS: 12 risks into 61 sub-risks.
Twelve canonical risks are decomposed into technique-level sub-risks anchored to MITRE ATLAS v5.6.0. Each sub-risk on the right links to its entry on the parent risk page.
Enriched with ISO/IEC 23894 & 42001 and the EU AI Act.
Two management-system standards and the EU AI Act were read backward into the register: obligations the MIT-derived risks did not cover became gap risks, and the rest attached as clause and article references. The solid bar marks risks each source added; the lighter bar marks existing risks it references.
Crosswalk from the register out to 10 frameworks.
How many items in each external framework map to each risk, and to what: 674 item-level mappings across ISO/IEC 23894 and 42001, MITRE ATLAS, the EU AI Act, IBM, Cisco, NIST, and OWASP. Hover a cell for the item ids; each risk links to its full crosswalk.
Every framework entry, mapped to the register.
The visualizations above read the register outward. This reads it inward: for each entry in a source framework, the canonical risk or risks it corresponds to, or the reason it falls outside a deployer risk register. 531 entries across ten frameworks. Pick a framework for its full table.
Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.