Residual AI system security and availability weaknesses
The system is broadly vulnerable to attack or disruption, including denial-of-service and resource-exhaustion (sponge) attacks.
- Risk family
- Security & adversarial
- MIT domain
- 2. Privacy & Security
- MIT subdomain
- 2.2 > AI system security vulnerabilities and attacks
- AI type
- GPAI, Classical_ML, Agentic
- Scope
- System
- Source standard
- MIT AI Risk Repository v4
Provenance
8 source framework citation keys
Framework crosswalk
Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.
- A.11 ISO/IEC 23894 Annex A A.11
- A.4.5 ISO/IEC 42001 Annex A A.4.5
- A.6.2.4 ISO/IEC 42001 Annex A A.6.2.4
- Art. 15
- CoP S&S Ch. Commitment 6
Expanded into this risk’s technique sub-risks.
- AISubtech-13.1.1 Compute Exhaustion
- AISubtech-13.1.2 Memory Flooding
- AISubtech-13.1.3 Model Denial of Service
- AISubtech-13.1.4 Application Denial of Service
- AISubtech-13.1.5 Decision Paralysis Attacks
- AISubtech-13.2.1 Service Misuse for Cost Inflation
- AISubtech-14.1.2 Insufficient Access Controls partial
- AISubtech-9.1.1 Code Execution partial
- AISubtech-9.1.2 Unauthorized or Unsolicited System Access partial
- AISubtech-9.1.3 Unauthorized or Unsolicited Network Access partial
- AISubtech-9.1.4 Injection Attacks (SQL, Command Execution, XSS) partial
- AISubtech-9.1.5 Template Injection (SSTI) partial
- NISTAML.01 Availability Violations
- NISTAML.014 Energy-latency
- GENAI.9 Information Security
- LLM10:2025 Unbounded Consumption
- ASI03 Identity and Privilege Abuse
- ASI05 Unexpected Code Execution (RCE)
Sub-risks (9)
Technique-level decompositions of this risk, each anchored to the MITRE ATLAS technique it derives from.
Stolen or abused legitimate credentials grant access to the AI system and its data.
The AI service is flooded with requests to degrade or deny availability to legitimate users.
Adversaries deliberately drive the AI service beyond normal load to inflate operating cost.
The system is spammed with inputs that inflate false detections and overwhelm downstream review.
A compromised AI system is abused to cause financial, reputational, user, or societal harm beyond the system itself.
A weakness in the internet-facing AI application is exploited to gain access.
Users are compromised by visiting attacker-influenced content during normal AI system use.
An attacker breaks out of the AI system's container or sandbox to reach the host.
AI-enabled components are exploited or manipulated to compromise the underlying machine.
Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.