https://taxonomy.eticas.ai/risk/security-misuse
Maturity: established
The risk that an AI system is exposed to AI-specific vulnerabilities, attacks, or misuse that compromise its integrity, availability, or confidentiality. This covers risks beyond traditional IT security, including adversarial inputs, prompt injection, model extraction, jailbreaking, and supply-chain risks specific to AI components. It is intended to complement, not replace, standard IT security assessments.
Also known as: Safety, Security & Misuse · Security · Safety
Applies to: ALL
Lifecycle stages: Pre Processing, In Processing, Post Processing
| Framework | Concept |
|---|---|
| EU AI Act (Regulation 2024/1689) | Article 15(5) — cybersecurity (resilience against attacks) |
| AIUC-1 — AI Underwriting Company Standard | Security domain (and Society domain F for misuse) |
| Framework | Concept |
|---|---|
| NIST AI 600-1 — Generative AI Risk Profile | Information Security |
| NIST AI Risk Management Framework (AI 100-1) | Secure & Resilient |
| OECD AI Principles | Robustness, security & safety |
| Framework | Concept |
|---|---|
| MIT AI Risk Repository | AI system security vulnerabilities & attacks |
| MIT AI Risk Repository | Malicious Actors & Misuse |
| W3C Data Privacy Vocabulary — AI Extension | Security Attack |
| AIR 2024 / AIR-Bench 2024 | System & Operational Risks (Security + Operational Misuses) |
| IBM AI Risk Atlas | Inference → Adversarial robustness + Non-technical → Misuse |