DARR
MR-047 Third party & supply chain Organization scope

Vendor/model concentration, monoculture and correlated failure

Dependence on a few AI providers or homogeneous models creates single points of failure and correlated, systemic failure risk.

Risk family
Third party & supply chain
MIT domain
6. Socioeconomic and Environmental
MIT subdomain
6.1 > Power centralization and unfair distribution of benefits
AI type
GPAI, Classical_ML, Agentic
Scope
Organization
Source standard
MIT AI Risk Repository v4

Provenance

Source standard
MIT AI Risk Repository v4
Source frameworks
Bengio2024, GOS2023, Uuk2025
ISO/IEC references
23894 src 10 | 42001 ctrl A.10.3

Framework crosswalk

Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.

Sourcesframeworks that contributed to the register
ISO 420011
  • A.10.3 ISO/IEC 42001 Annex A A.10.3
Cross-checksframeworks mapped in to test coverage
NIST GenAI1
  • GENAI.6 Harmful Bias or Homogenization
OWASP Agentic1
  • ASI08 Cascading Failures

More in Third party & supply chain

Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.