# Deployer AI Risk Register: an open-source AI risk register by MindXO > An open, citable register of AI risks for organizations that deploy AI systems, published by MindXO. 82 canonical risks with 61 MITRE ATLAS-anchored sub-risks (143 rows). Consolidated from the MIT AI Risk Repository and gap-analysed against ISO/IEC 23894 and 42001, MITRE ATLAS, and the EU AI Act with the GPAI Code of Practice, then coverage-checked against the IBM, Cisco, NIST, and OWASP taxonomies. Open data, openly licensed, free to build on. This site is the standalone, open-source home of the register. It is an independent derivative of the MIT AI Risk Repository (V4, December 2025, CC BY 4.0, https://airisk.mit.edu/) and is not endorsed by or affiliated with MIT. For the entire register in one plain-text document (every risk and sub-risk with descriptions and permanent URLs), see [/llms-full.txt](/llms-full.txt). ## What this is - A canonical risk register written from the perspective of an organization that *deploys* AI systems, not one that builds them. - Two tiers: 82 canonical risks (ids MR-001 to MR-082) and 61 MITRE ATLAS-anchored sub-risks beneath 12 of them (ids MR-0xx.N). - Every risk has a stable, permanent URL keyed by its id. ## How the register was built - Phase 1: MIT AI Risk Repository. 1,835 entries filtered for deployer relevance and measurability, consolidated into 61 canonical risks. - Phase 2: ISO/IEC 23894 + 42001. Management-system obligations read backward into 9 organizational gap risks, cited by clause number. - Phase 3: MITRE ATLAS v5.6.0. 170 adversarial techniques decomposed into 61 technique-level sub-risks under 12 parents, plus 1 agentic gap risk. - Phase 4: EU AI Act 2024/1689 + GPAI Code of Practice. Deployer obligations read backward into 11 compliance gap risks, cited by article and commitment number. - Coverage checks (added no new risk): IBM AI Risk Atlas (99 risks), Cisco AI Security Framework (112 threats), NIST AI 100-2, OWASP Top 10 for LLM and Agentic Applications, NIST Generative AI Profile (AI 600-1). ## Pages - [Register home](/): overview, statistics, browse entry, download, and citation. - [Browse](/browse/): all 82 risks, filterable by family, MIT domain, AI type, scope, and source standard. - Risk detail: one permanent page per risk, /risks/mr-001/ through /risks/mr-082/, with provenance, related frameworks, and sub-risks. - [Explore](/explore/): a single visual hub, structured as a six-step chain: the provenance funnel (1,835 MIT entries to 82 canonical risks), the 82 risks organized into 7 families mapped to enterprise risk domains, enrichment with MITRE ATLAS v5.6.0, enrichment with ISO/IEC 23894 and 42001 and the EU AI Act 2024/1689, the forward crosswalk (674 item-level mappings across 10 frameworks), and the reverse crosswalk. The reverse crosswalk maps all 531 framework entries back to the canonical risk each corresponds to (or its out-of-scope disposition); each source framework has its own table at /crosswalk//. - [Methodology](/methodology/): the full methodology report, 7 parts, 46 sections, published as written. - [Download](/download/): the open dataset as CSV and JSON, field dictionary, license, and citation. - [Contribute](/contribute/): the volunteer roadmap covering framework mappings (CSA AICM), CI/CD against the upstream sources, developer adoption, and community collaboration. - [About](/about/): attribution, licensing, versioning, and the AI-assistance disclosure. ## Data - CSV: /data/mindxo-deployer-ai-risk-register.csv (143 rows, flat spine) - JSON: /data/mindxo-deployer-ai-risk-register.json (nested: risks with sub-risks and metadata) - Crosswalk CSV: /data/crosswalk.csv (risk-to-framework mappings). - License: CC BY 4.0. ## Attribution Deployer AI Risk Register is derived from the MIT AI Risk Repository (V4, December 2025), used under CC BY 4.0. Independent derivative work, not endorsed by or affiliated with MIT. Security decomposition references MITRE ATLAS v5.6.0. Copyright 2021-2026 The MITRE Corporation; this work is reproduced and distributed with the permission of The MITRE Corporation, under the non-exclusive, royalty-free license in the MITRE ATLAS Terms of Use (https://atlas.mitre.org/terms); MITRE ATLAS is a trademark of The MITRE Corporation and its use does not imply MITRE's endorsement. ISO/IEC 23894 and 42001, the EU AI Act, and the GPAI Code of Practice are referenced by clause, control, article, and commitment number only. ## Source - Repository: https://github.com/Myr-Aya/deployer-ai-risk-register - Published by MindXO: https://www.mind-xo.com