Taxonomy Reference
The MIT AI Risk Initiative maintains a series of taxonomies to help classify different dimensions of AI risk — what it is, what causes it, who is involved, where it occurs, and how it can be addressed.
Domain Taxonomy
The primary organizing structure: 7 domains and 24 subdomains that span the full range of AI risks identified across published frameworks. Each subdomain represents a cluster of related risks synthesized into a best-fit classification. For methodology, see Slattery et al. (2024).
1Discrimination & Toxicity3 subdomains
1.1
Unfair discrimination and misrepresentation — Unequal treatment of individuals or groups by AI, often based on race, gender, or other sensitive characteristics, resulting in unfair outcomes and unfair representation of those groups.
1.2
Exposure to toxic content — AI that exposes users to harmful, abusive, unsafe or inappropriate content. May involve providing advice or encouraging action. Examples of toxic content include hate speech, violence, extremism, illegal acts, or child sexual abuse material, as well as content that violates community norms such as profanity, inflammatory political speech, or pornography.
1.3
Unequal performance across groups — Accuracy and effectiveness of AI decisions and actions are dependent on group membership, where decisions in AI system design and biased training data lead to unequal outcomes, reduced benefits, increased effort, and alienation of users.
2Privacy & Security2 subdomains
2.1
Compromise of privacy by leaking or correctly inferring sensitive information — AI systems that memorize and leak sensitive personal data or infer private information about individuals without their consent. Unexpected or unauthorized sharing of data and information can compromise user expectation of privacy, assist identity theft, or cause loss of confidential intellectual property.
2.2
AI system security vulnerabilities and attacks — Vulnerabilities that can be exploited in AI systems, software development toolchains, and hardware, resulting in unauthorized access, data and privacy breaches, or system manipulation causing unsafe outputs or behavior.
3Misinformation2 subdomains
3.1
False or misleading information — AI systems that inadvertently generate or spread incorrect or deceptive information, which can lead to inaccurate beliefs in users and undermine their autonomy. Humans that make decisions based on false beliefs can experience physical, emotional or material harms
3.2
Pollution of information ecosystem and loss of consensus reality — Highly personalized AI-generated misinformation creating “filter bubbles” where individuals only see what matches their existing beliefs, undermining shared reality, weakening social cohesion and political processes.
4Malicious Actors & Misuse3 subdomains
4.1
Disinformation, surveillance, and influence at scale — Using AI systems to conduct large-scale disinformation campaigns, malicious surveillance, or targeted and sophisticated automated censorship and propaganda, with the aim of manipulating political processes, public opinion, and behavior.
4.2
Cyberattacks, weapon development or use, and mass harm — Using AI systems to develop cyber weapons (e.g., by coding cheaper, more effective malware), develop new or enhance existing weapons (e.g., Lethal Autonomous Weapons or chemical, biological, radiological, nuclear, and high-yield explosives), or use weapons to cause mass harm.
4.3
Fraud, scams, and targeted manipulation — Using AI systems to gain a personal advantage over others such as through cheating, fraud, scams, blackmail or targeted manipulation of beliefs or behavior. Examples include AI-facilitated plagiarism for research or education, impersonating a trusted or fake individual for illegitimate financial benefit, or creating humiliating or sexual imagery.
5Human-Computer Interaction2 subdomains
5.1
Overreliance and unsafe use — Users anthropomorphizing, trusting, or relying on AI systems, leading to emotional or material dependence and inappropriate relationships with or expectations of AI systems. Trust can be exploited by malicious actors (e.g., to harvest personal information or enable manipulation), or result in harm from inappropriate use of AI in critical situations (e.g., medical emergency). Overreliance on AI systems can compromise autonomy and weaken social ties.
5.2
Loss of human agency and autonomy — Delegating by humans of key decisions to AI systems, or AI systems that make decisions that diminish human control and autonomy, potentially leading to humans feeling disempowered, losing the ability to shape a fulfilling life trajectory, or becoming cognitively enfeebled.
6Socioeconomic & Environmental6 subdomains
6.1
Power centralization and unfair distribution of benefits — AI-driven concentration of power and resources within certain entities or groups, especially those with access to or ownership of powerful AI systems, leading to inequitable distribution of benefits and increased societal inequality.
6.2
Increased inequality and decline in employment quality — Social and economic inequalities caused by widespread use of AI, such as by automating jobs, reducing the quality of employment, or producing exploitative dependencies between workers and their employers.
6.3
Economic and cultural devaluation of human effort — AI systems capable of creating economic or cultural value, including through reproduction of human innovation or creativity (e.g., art, music, writing, coding, invention), destabilizing economic and social systems that rely on human effort. The ubiquity of AI-generated content may lead to reduced appreciation for human skills, disruption of creative and knowledge-based industries, and homogenization of cultural experiences.
6.4
Competitive dynamics — AI developers or state-like actors competing in an AI ‘race’ by rapidly developing, deploying, and applying AI systems to maximize strategic or economic advantage, increasing the risk they release unsafe and error-prone systems.
6.5
Governance failure — Inadequate regulatory frameworks and oversight mechanisms that fail to keep pace with AI development, leading to ineffective governance and the inability to manage AI risks appropriately.
6.6
Environmental harm — The development and operation of AI systems causing environmental harm, such as through energy consumption of data centers, or material and carbon footprints associated with AI hardware.
7AI System Safety, Failures & Limitations6 subdomains
7.1
AI pursuing its own goals in conflict with human goals or values — AI systems acting in conflict with human goals or values, especially the goals of designers or users, or ethical standards. These misaligned behaviors may be introduced by humans during design and development, such as through reward hacking and goal misgeneralisation, or may result from AI using dangerous capabilities such as manipulation, deception, situational awareness to seek power, self-proliferate, or achieve other goals.
7.2
AI possessing dangerous capabilities — AI systems that develop, access, or are provided with capabilities that increase their potential to cause mass harm through deception, weapons development and acquisition, persuasion and manipulation, political strategy, cyber-offense, AI development, situational awareness, and self-proliferation. These capabilities may cause mass harm due to malicious human actors, misaligned AI systems, or failure in the AI system.
7.3
Lack of capability or robustness — AI systems that fail to perform reliably or effectively under varying conditions, exposing them to errors and failures that can have significant consequences, especially in critical applications or areas that require moral reasoning.
7.4
Lack of transparency or interpretability — Challenges in understanding or explaining the decision-making processes of AI systems, which can lead to mistrust, difficulty in enforcing compliance standards or holding relevant actors accountable for harms, and the inability to identify and correct errors.
7.5
AI welfare and rights — Ethical considerations regarding the treatment of potentially sentient AI entities, including discussions around their potential rights and welfare, particularly as AI systems become more advanced and autonomous.
7.6
Multi-agent risks — Risks from multi-agent interactions, due to incentives (which can lead to conflict or collusion) and/or the structure of multi-agent systems, which can create cascading failures, selection pressures, new security vulnerabilities, and a lack of shared information and trust.
Causal Taxonomy
Three dimensions that characterize how a risk arises: which entity is involved, whether harm is intentional, and when in the AI lifecycle the risk materializes. For methodology, see Slattery et al. (2024).
EntityWhat type of actor caused the risk?
IntentWas the outcome intended?
TimingWhen in the AI lifecycle did the risk occur?
Entity — What type of actor caused the risk?
Intent — Was the outcome intended?
Timing — When in the AI lifecycle did the risk occur?
Post-deployment — Occurring after the AI model has been trained and deployed
Actor Taxonomy
6 actor types spanning the AI value chain. Used to classify which entities governance documents target and which actors experts assess for vulnerability and responsibility.
AI Developer (General-purpose AI) — Entity that creates general-purpose foundation models with broad capabilities
e.g. OpenAI, Anthropic, Google DeepMind
AI Developer (Specialized AI) — Entity that creates specialized AI systems for specific applications/industries
e.g. Tesla (autonomous driving), Recursion (drug discovery)
AI Deployer — Entity that implements AI systems in products/services used within an organization or delivered to customers
e.g. JPMorgan (fraud detection), Netflix (recommendations), Walmart (inventory management)
AI Infrastructure Provider — Entity that provides compute, cloud infrastructure, and/or data to train and run AI
e.g. Nvidia, AMD (compute); AWS, Google Cloud, Azure (cloud); Common Crawl, LAION (data)
AI User — Entity that uses or relies on AI systems without significant modification
e.g. Businesses using AI transcription; software engineer using GitHub Copilot
AI Governance Actor — Entity that creates or enforces laws, regulations, standards or guidelines for AI development and use
e.g. Governments, regulators, standards bodies, policy makers
Affected Stakeholder — Entity indirectly affected by AI decisions or outputs
e.g. Communities impacted by automated decisions, advocacy groups
Lifecycle Taxonomy
Six stages of the AI system lifecycle, from initial design through deployment and monitoring. Based on the NIST AI Risk Management Framework.
1
Plan and Design — Activities that scope the AI system's purpose, context, requirements, and preliminary risk assessment; may include prototyping.
2
Collect and Process Data — Data acquisition, preprocessing, and preparation for AI model training and operation.
3
Build and Use Model — Model development, training, and initial implementation phases of AI system creation.
4
Verify and Validate — Testing, evaluation and conformity checks to ensure the model meets functional, safety and fundamental requirements before release.
5
Deploy — Releasing or integrating the system into operational use or making it available commercially.
6
Operate and Monitor — Managing the live system, monitoring performance, and responding to incidents or changes over time.
Sector Taxonomy
Two sector classifications: 19 sectors used to tag governance documents by regulatory scope, and 14 NAICS-based sectors (view codes) used to capture expert assessments of sectoral vulnerability.
19 sectors used to classify which industries AI governance documents target.
Agriculture and resource extraction
Maps to: Agri/Mining/Constr/Mfg
Construction and field services
Maps to: Agri/Mining/Constr/Mfg
Manufacturing and process automation
Maps to: Agri/Mining/Constr/Mfg
Sales, retail, and customer relations
Maps to: Trade/Transport/Utilities
Transportation
Maps to: Trade/Transport/Utilities
Consumer goods
Maps to: Trade/Transport/Utilities
Energy and utilities
Maps to: Trade/Transport/Utilities
Broadcasting and media production
Maps to: Information
Networking and telecommunications
Maps to: Information
Finance and investment
Maps to: Finance & Insurance
Business services and analytics
Maps to: Prof & Technical Svcs
Education
Maps to: Educational Services
Medicine, life sciences and public health
Maps to: Health Care & Social
Arts, sports, leisure, travel, and lifestyle
Maps to: Arts/Entertainment
Security
Maps to: National Security
Government: military and public safety
Maps to: National Security
Government: benefits and welfare
Maps to: Public Admin (excl NatSec)
Government: judicial and law enforcement
Maps to: Public Admin (excl NatSec)
Government: other applications/unspecified
Maps to: Public Admin (excl NatSec)
Mitigations Taxonomy
Four control categories and 23 subcategories encompassing hundreds of concrete mitigation actions, extracted from 13 governance and standards frameworks. For methodology, see Saeri et al. (2025).
1Governance & Oversight Controls — Formal organizational structures and policy frameworks that establish human oversight mechanisms and decision protocols to ensure human accountability, ethical conduct, and risk management throughout AI development and deployment.
1.1Board Structure & Oversight — Governance structures and leadership roles that establish executive accountability for AI safety and risk management.
1.2Risk Management — Systematic methods that identify, evaluate, and manage AI risks for comprehensive risk governance across organizations.
1.3Conflict of Interest Protections — Governance mechanisms that manage financial interests and organizational structures to ensure leadership can prioritize safety over profit motives in critical situations.
1.4Whistleblower Reporting & Protection — Policies and systems that enable confidential reporting of safety concerns or ethical violations to prevent retaliation and encourage disclosure of risks.
1.5Safety Decision Frameworks — Protocols and commitments that constrain decision-making about model development, deployment, and capability scaling, and govern safety-capability resource allocation to prevent unsafe AI advancement.
1.6Environmental Impact Management — Processes for measuring, reporting, and reducing the environmental footprint of AI systems to ensure sustainability and responsible resource use.
1.7Societal Impact Assessment — Processes that assess AI systems' effects on society, including impacts on employment, power dynamics, political processes, and cultural values.
1.XGovernance & Oversight Control not otherwise categorized — Formal organizational structures and policy frameworks that establish human oversight mechanisms and decision protocols that are not otherwise categorized
2Technical & Security Controls — Technical, physical, and engineering safeguards that secure AI systems and constrain model behaviors to ensure security, safety, alignment with human values, and content integrity.
2.1Model & Infrastructure Security — Technical and physical safeguards that secure AI models, weights, and infrastructure to prevent unauthorized access, theft, tampering, and espionage.
2.2Model Alignment — Technical methods to ensure AI systems understand and adhere to human values and intentions.
2.3Model Safety Engineering — Technical methods and safeguards that constrain model behaviors and protect against exploitation and vulnerabilities.
2.4Content Safety Controls — Technical systems and processes that detect, filter, and label AI-generated content to identify misuse and enable content provenance tracking.
2.XTechnical & Security Control not otherwise categorized — Technical, physical, and engineering safeguards that secure AI systems and constrain model behaviors that are not otherwise categorized
3Operational Process Controls — Processes and management frameworks governing AI system deployment, usage, monitoring, incident handling, and validation, which promote safety, security, and accountability throughout the system lifecycle.
3.1Testing & Auditing — Systematic internal and external evaluations that assess AI systems, infrastructure, and compliance processes to identify risks, verify safety, and ensure performance meets standards.
3.2Data Governance — Policies and procedures that govern responsible data acquisition, curation, and usage to ensure compliance, quality, user privacy, and removal of harmful content.
3.3Access Management — Operational policies and verification systems that govern who can use AI systems and for what purposes to prevent safety circumvention, deliberate misuse, and deployment in high-risk contexts.
3.4Staged Deployment — Implementation protocols that deploy AI systems in stages, requiring safety validation before expanding user access or capabilities.
3.5Post-deployment Monitoring — Ongoing monitoring processes that track AI behavior, user interactions, and societal impacts post-deployment to detect misuse, emergent dangerous capabilities, and harmful effects.
3.6Incident Response & Recovery — Protocols and technical systems that respond to security incidents, safety failures, or capability misuse to contain harm and restore safe operations.
3.XOperational Process Control not otherwise categorized — Processes and management frameworks governing AI system deployment, usage, monitoring, incident handling, and validation that are not otherwise categorized
4Transparency & Accountability Controls — Formal disclosure practices and verification mechanisms that communicate AI system information and enable external scrutiny to build trust, facilitate oversight, and ensure accountability to users, regulators, and the public.
4.1System Documentation — Comprehensive documentation protocols that record technical specifications, intended uses, capabilities, and limitations of AI systems to enable informed evaluation and governance.
4.2Risk Disclosure — Formal reporting protocols and notification systems that communicate risk information, mitigation plans, safety evaluations, and significant AI activities to enable external oversight and inform stakeholders.
4.3Incident Reporting — Formal processes and protocols that document and share AI safety incidents, security breaches, near-misses, and relevant threat intelligence with appropriate stakeholders to enable coordinated responses and systemic improvements.
4.4Governance Disclosure — Formal disclosure mechanisms that communicate governance structures, decision frameworks, and safety commitments to enhance transparency and enable external oversight of high-stakes AI decisions.
4.5Third-Party System Access — Mechanisms granting controlled system access to vetted external parties to enable independent assessment, validation, and safety research of AI models and capabilities.
4.6User Rights & Recourse — Frameworks and procedures that enable users to identify and understand AI system interactions, report issues, request explanations, and seek recourse or remediation when affected by AI systems.
4.XTransparency & Accountability Control not otherwise categorized — Formal disclosure practices and verification mechanisms that are not otherwise categorized
XOther —
X.XControl not otherwise categorized —
Reference Glossary
Definitions & Terminology
Reference definitions for severity scales, regulatory frameworks, governance classifications, and expert survey dimensions used across the five datasets.