Open-source AI security risk register mapped to MITRE ATLAS, OWASP LLM/Agentic Apps, and NIST AI 100-2
The Deployer AI Risk Register (DARR) is an open-source, comprehensive catalog of 82 AI deployment risks and 61 security sub-risks, mapped to multiple established frameworks including MITRE ATLAS, OWASP LLM/Agentic Apps, and NIST AI standards. It is designed to help organizations deploying AI systems manage security, governance, compliance, and adversarial risks by providing a structured taxonomy aligned with existing enterprise risk functions. The register covers seven risk families including security and adversarial threats such as prompt injection, model theft, and adversarial machine learning. It is freely available under a CC BY 4.0 license and continuously cross-checked against ten external frameworks to ensure coverage and relevance. The project is not a vulnerability or exploit but a risk management resource.
AI Analysis
Technical Summary
The Deployer AI Risk Register (DARR) consolidates and maps 82 canonical AI deployment risks and 61 security sub-risks into seven families relevant to organizations deploying AI systems. It integrates and crosswalks risks from multiple authoritative sources including the MIT AI Risk Repository, MITRE ATLAS techniques, OWASP Top 10 for LLM and Agentic Apps, NIST AI 100-2 and AI 600-1, ISO/IEC standards, the EU AI Act, Cisco AI Security Framework, and IBM AI Risk Atlas. The register focuses on risks actionable by deployers, such as prompt injection, adversarial ML, model abuse, data exposure, and supply chain vulnerabilities. It provides a shared taxonomy for governance, security, compliance, and operational risk management, enabling organizations to align AI risk management with existing frameworks. The register is open source, citable, and designed to be integrated into enterprise risk workflows. No specific vulnerability or exploit is described.
Potential Impact
This resource does not describe a direct security vulnerability or exploit but provides a structured framework for identifying, categorizing, and managing AI deployment risks, including security and adversarial threats. Its impact lies in enabling organizations to better understand and mitigate AI-related risks such as prompt injection, model theft, adversarial attacks, and supply chain issues. By adopting this register, organizations can improve their AI governance, security posture, and regulatory compliance, potentially reducing the likelihood and impact of AI-related security incidents.
Mitigation Recommendations
This is not a vulnerability requiring patching or immediate remediation. Instead, organizations deploying AI systems are encouraged to adopt the Deployer AI Risk Register to systematically identify and manage AI deployment risks. Using this register can help integrate AI risk management into existing governance, security, and compliance frameworks. No direct patches or fixes apply. Organizations should review the register and incorporate relevant risks into their risk management processes.
Open-source AI security risk register mapped to MITRE ATLAS, OWASP LLM/Agentic Apps, and NIST AI 100-2
Description
The Deployer AI Risk Register (DARR) is an open-source, comprehensive catalog of 82 AI deployment risks and 61 security sub-risks, mapped to multiple established frameworks including MITRE ATLAS, OWASP LLM/Agentic Apps, and NIST AI standards. It is designed to help organizations deploying AI systems manage security, governance, compliance, and adversarial risks by providing a structured taxonomy aligned with existing enterprise risk functions. The register covers seven risk families including security and adversarial threats such as prompt injection, model theft, and adversarial machine learning. It is freely available under a CC BY 4.0 license and continuously cross-checked against ten external frameworks to ensure coverage and relevance. The project is not a vulnerability or exploit but a risk management resource.
Reddit Discussion
I’ve been working on an open-source AI risk register for organizations deploying AI systems, and I thought the security layer may be useful to people here.
The project is called DARR, the Deployer AI Risk Register. It is an open reference register/data set intended to make AI deployment risks easier to map into security, risk, governance, audit, and assurance workflows.
The security tier currently includes 61 MITRE ATLAS-anchored sub-risks and crosswalks to:
- MITRE ATLAS
- OWASP Top 10 for LLM Applications
- OWASP Top 10 for Agentic Applications
- NIST AI 100-2 on adversarial machine learning
- NIST AI 600-1 on the GenAI profile
- Cisco AI Security Framework
- IBM AI Risk Atlas
- ISO/IEC 42001 and 23894
- EU AI Act
The broader register has 82 canonical AI deployment risks across 7 families, but for this subreddit the most relevant path is the Security & Adversarial family: prompt injection, agent/tool misuse, data exposure, model abuse, insecure deployment patterns, adversarial ML, and supply-chain issues.
The data is on GitHub, and the register is licensed under CC BY 4.0.
Live register: https://www.airiskdeployer.org
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Deployer AI Risk Register (DARR) consolidates and maps 82 canonical AI deployment risks and 61 security sub-risks into seven families relevant to organizations deploying AI systems. It integrates and crosswalks risks from multiple authoritative sources including the MIT AI Risk Repository, MITRE ATLAS techniques, OWASP Top 10 for LLM and Agentic Apps, NIST AI 100-2 and AI 600-1, ISO/IEC standards, the EU AI Act, Cisco AI Security Framework, and IBM AI Risk Atlas. The register focuses on risks actionable by deployers, such as prompt injection, adversarial ML, model abuse, data exposure, and supply chain vulnerabilities. It provides a shared taxonomy for governance, security, compliance, and operational risk management, enabling organizations to align AI risk management with existing frameworks. The register is open source, citable, and designed to be integrated into enterprise risk workflows. No specific vulnerability or exploit is described.
Potential Impact
This resource does not describe a direct security vulnerability or exploit but provides a structured framework for identifying, categorizing, and managing AI deployment risks, including security and adversarial threats. Its impact lies in enabling organizations to better understand and mitigate AI-related risks such as prompt injection, model theft, adversarial attacks, and supply chain issues. By adopting this register, organizations can improve their AI governance, security posture, and regulatory compliance, potentially reducing the likelihood and impact of AI-related security incidents.
Mitigation Recommendations
This is not a vulnerability requiring patching or immediate remediation. Instead, organizations deploying AI systems are encouraged to adopt the Deployer AI Risk Register to systematically identify and manage AI deployment risks. Using this register can help integrate AI risk management into existing governance, security, and compliance frameworks. No direct patches or fixes apply. Organizations should review the register and incorporate relevant risks into their risk management processes.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:rce","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a4d615cc9d9e3dbe3cbcd50
Added to database: 07/07/2026, 20:28:12 UTC
Last enriched: 07/07/2026, 20:28:26 UTC
Last updated: 07/07/2026, 21:28:07 UTC
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.