Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Open-source AI security risk register mapped to MITRE ATLAS, OWASP LLM/Agentic Apps, and NIST AI 100-2

0
Medium
Published: 07/07/2026 (07/07/2026, 20:13:48 UTC)
Source: Reddit Cybersecurity

Description

The Deployer AI Risk Register (DARR) is an open-source, comprehensive catalog of 82 AI deployment risks and 61 security sub-risks, mapped to multiple established frameworks including MITRE ATLAS, OWASP LLM/Agentic Apps, and NIST AI standards. It is designed to help organizations deploying AI systems manage security, governance, compliance, and adversarial risks by providing a structured taxonomy aligned with existing enterprise risk functions. The register covers seven risk families including security and adversarial threats such as prompt injection, model theft, and adversarial machine learning. It is freely available under a CC BY 4.0 license and continuously cross-checked against ten external frameworks to ensure coverage and relevance. The project is not a vulnerability or exploit but a risk management resource.

Reddit Discussion

r/cybersecurity·posted by u/Typical-Look-1331
00

I’ve been working on an open-source AI risk register for organizations deploying AI systems, and I thought the security layer may be useful to people here.

The project is called DARR, the Deployer AI Risk Register. It is an open reference register/data set intended to make AI deployment risks easier to map into security, risk, governance, audit, and assurance workflows.

The security tier currently includes 61 MITRE ATLAS-anchored sub-risks and crosswalks to:

  • MITRE ATLAS
  • OWASP Top 10 for LLM Applications
  • OWASP Top 10 for Agentic Applications
  • NIST AI 100-2 on adversarial machine learning
  • NIST AI 600-1 on the GenAI profile
  • Cisco AI Security Framework
  • IBM AI Risk Atlas
  • ISO/IEC 42001 and 23894
  • EU AI Act

The broader register has 82 canonical AI deployment risks across 7 families, but for this subreddit the most relevant path is the Security & Adversarial family: prompt injection, agent/tool misuse, data exposure, model abuse, insecure deployment patterns, adversarial ML, and supply-chain issues.

The data is on GitHub, and the register is licensed under CC BY 4.0.

Live register: https://www.airiskdeployer.org

Links cited in this discussion

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/07/2026, 20:28:26 UTC

Technical Analysis

The Deployer AI Risk Register (DARR) consolidates and maps 82 canonical AI deployment risks and 61 security sub-risks into seven families relevant to organizations deploying AI systems. It integrates and crosswalks risks from multiple authoritative sources including the MIT AI Risk Repository, MITRE ATLAS techniques, OWASP Top 10 for LLM and Agentic Apps, NIST AI 100-2 and AI 600-1, ISO/IEC standards, the EU AI Act, Cisco AI Security Framework, and IBM AI Risk Atlas. The register focuses on risks actionable by deployers, such as prompt injection, adversarial ML, model abuse, data exposure, and supply chain vulnerabilities. It provides a shared taxonomy for governance, security, compliance, and operational risk management, enabling organizations to align AI risk management with existing frameworks. The register is open source, citable, and designed to be integrated into enterprise risk workflows. No specific vulnerability or exploit is described.

Potential Impact

This resource does not describe a direct security vulnerability or exploit but provides a structured framework for identifying, categorizing, and managing AI deployment risks, including security and adversarial threats. Its impact lies in enabling organizations to better understand and mitigate AI-related risks such as prompt injection, model theft, adversarial attacks, and supply chain issues. By adopting this register, organizations can improve their AI governance, security posture, and regulatory compliance, potentially reducing the likelihood and impact of AI-related security incidents.

Mitigation Recommendations

This is not a vulnerability requiring patching or immediate remediation. Instead, organizations deploying AI systems are encouraged to adopt the Deployer AI Risk Register to systematically identify and manage AI deployment risks. Using this register can help integrate AI risk management into existing governance, security, and compliance frameworks. No direct patches or fixes apply. Organizations should review the register and incorporate relevant risks into their risk management processes.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":30,"reasons":["external_link","newsworthy_keywords:rce","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a4d615cc9d9e3dbe3cbcd50

Added to database: 07/07/2026, 20:28:12 UTC

Last enriched: 07/07/2026, 20:28:26 UTC

Last updated: 07/07/2026, 21:28:07 UTC

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses