https://taxonomy.eticas.ai/risk/security-misuse
Maturity: established
The risk that an AI system is exposed to AI-specific vulnerabilities, attacks, or misuse that compromise its integrity, availability, or confidentiality. This covers risks beyond traditional IT security, including adversarial inputs, prompt injection, model extraction, jailbreaking, and supply-chain risks specific to AI components. It is intended to complement, not replace, standard IT security assessments.
Also known as: Safety, Security & Misuse · Security · Safety
System type: ADM and LLM systems
Lifecycle stages: Pre Processing, In Processing, Post Processing
| Framework | Reference |
|---|---|
| EU AI Act (Regulation 2024/1689) | Article 15(5) — cybersecurity (resilience against attacks) |
| AIUC-1 — AI Underwriting Company Standard | Security domain (and Society domain F for misuse) |
| Council of Europe Framework Convention on AI (CETS No. 225) | Article 12 — Reliability, safe innovation (security dimension) |
| NIST AI 600-1 — Generative AI Risk Profile | Information Security |
| NIST AI Risk Management Framework (AI 100-1) | Secure & Resilient |
| OECD AI Principles | Robustness, security & safety |
| TC260 AI Safety Governance Framework (v2.0) | §3.2.2(a) Information content risks — malicious manipulation generating illegal/harmful content |
| Framework | Reference |
|---|---|
| MIT AI Risk Repository | AI system security vulnerabilities and attacks |
| MIT AI Risk Repository | Malicious Actors |
| W3C Data Privacy Vocabulary — AI Extension | Security Attack |
| AIR 2024 | System & Operational Risks (Security + Operational Misuses) |
| IBM AI Risk Atlas | Inference → Adversarial robustness + Non-technical → Misuse |