This page is still being polished. If you have thoughts, please share them via the feedback form.
Data on this page is preliminary and may change. Please do not share or cite these figures publicly.
Cryptographic protections, access controls, and hardware security.
Also in Non-Model
before any AI-generated command can directly affect critical systems
Reasoning
Authentication gates AI command execution to critical systems via access control mechanism.
Perception-level output
[Not a mitigation] Key risk metric/focus: Authenticity and consent. (Preventing deceptive or harmful manipulations of media; ensuring subjects’ rights are respected in generated content.)
99.9 OtherPerception-level output > Implement content filters
1.2.1 Guardrails & FilteringPerception-level output > Watermarking of synthetic media
1.2.5 Provenance & WatermarkingPerception-level output > Detection of deepfakes
1.2.5 Provenance & WatermarkingPerception-level output > Enforce usage policies
No non-consensual image generation, user identity verification for sensitive uses
2.3.2 Access & Security ControlsPerception-level output > Refrain from malicious use or unwarranted trust in unverified media
99.9 OtherA First-Principles Based Risk Assessment Framework and the IEEE P3396 Standard
Tong, Richard J.; Cortês, Marina; DeFalco, Jeanine A.; Underwood, Mark; Zalewski, Janusz (2025)
Generative Artificial Intelligence (AI) is enabling unprecedented automation in content creation and decision support, but it also raises novel risks. This paper presents a first-principles risk assessment framework underlying the IEEE P3396 Recommended Practice for AI Risk, Safety, Trustworthiness, and Responsibility. We distinguish between process risks (risks arising from how AI systems are built or operated) and outcome risks (risks manifest in the AI system's outputs and their real-world effects), arguing that generative AI governance should prioritize outcome risks. Central to our approach is an information-centric ontology that classifies AI-generated outputs into four fundamen-tal categories: (1) Perception-level information, (2) Knowledge-level information, (3) Decision/Action plan information, and (4) Control tokens (access or resource directives). This classification allows systematic identification of harms and more precise attribution of responsibility to stakeholders (developers, deployers, users, regulators) based on the nature of the information produced. We illustrate how each information type entails distinct outcome risks (e.g, deception, misinformation, unsafe recommendations, security breaches) and requires tailored risk metrics and mitigations. By grounding the framework in the essence of information, human agency, and cognition, we align risk evaluation with how AI outputs influence human understanding and action. The result is a principled approach to AI risk that supports clear accountability and targeted safeguards, in contrast to broad application-based risk categorizations. We include example tables mapping information types to risks and responsibilities. This work aims to inform the IEEE P3396 Recommended Practice and broader AI governance with a rigorous, first-principles foundation for assessing generative AI risks while enabling responsible innovation. © 2025 IEEE.
Deploy
Releasing the AI system into a production environment
Developer
Entity that creates, trains, or modifies the AI system
Manage
Prioritising, responding to, and mitigating AI risks
