Security & Misuse

https://taxonomy.eticas.ai/risk/security-misuse

Maturity: established

The risk that an AI system is exposed to AI-specific vulnerabilities, attacks, or misuse that compromise its integrity, availability, or confidentiality. This covers risks beyond traditional IT security, including adversarial inputs, prompt injection, model extraction, jailbreaking, and supply-chain risks specific to AI components. It is intended to complement, not replace, standard IT security assessments.

Also known as: Safety, Security & Misuse · Security · Safety

System type: ADM and LLM systems
Lifecycle stages: Pre Processing, In Processing, Post Processing

Risk groups

Mappings to external frameworks

Standards & frameworks

Framework Reference
EU AI Act (Regulation 2024/1689) Article 15(5) — cybersecurity (resilience against attacks)
AIUC-1 — AI Underwriting Company Standard Security domain (and Society domain F for misuse)
Council of Europe Framework Convention on AI (CETS No. 225) Article 12 — Reliability, safe innovation (security dimension)
NIST AI 600-1 — Generative AI Risk Profile Information Security
NIST AI Risk Management Framework (AI 100-1) Secure & Resilient
OECD AI Principles Robustness, security & safety
TC260 AI Safety Governance Framework (v2.0) §3.2.2(a) Information content risks — malicious manipulation generating illegal/harmful content

Taxonomies & vocabularies

Framework Reference
MIT AI Risk Repository AI system security vulnerabilities and attacks
MIT AI Risk Repository Malicious Actors
W3C Data Privacy Vocabulary — AI Extension Security Attack
AIR 2024 System & Operational Risks (Security + Operational Misuses)
IBM AI Risk Atlas Inference → Adversarial robustness + Non-technical → Misuse