Generate a Crosswalk with Risk Atlas Nexus¶
Dependencies¶
Tip: Ensure you have followed installation instructions for the risk_atlas_nexus library
git clone git@github.com:IBM/risk-atlas-nexus.git
cd risk-atlas-nexus
python -m venv vrisk-atlas-nexus
source vrisk-atlas-nexus/bin/activate
pip install -e .
In [1]:
Copied!
# imports
from rich import print
from numpy import nan
from collections import defaultdict
import pandas as pd
from pydantic import BaseModel
from risk_atlas_nexus.ai_risk_ontology.datamodel.ai_risk_ontology import Risk
from risk_atlas_nexus import RiskAtlasNexus
# Set the option to display full column width
pd.set_option('display.max_colwidth', None)
# imports
from rich import print
from numpy import nan
from collections import defaultdict
import pandas as pd
from pydantic import BaseModel
from risk_atlas_nexus.ai_risk_ontology.datamodel.ai_risk_ontology import Risk
from risk_atlas_nexus import RiskAtlasNexus
# Set the option to display full column width
pd.set_option('display.max_colwidth', None)
/Users/ingevejs/Documents/workspace/ingelise/risk-atlas-nexus/src/risk_atlas_nexus/toolkit/job_utils.py:4: TqdmWarning: IProgress not found. Please update jupyter and ipywidgets. See https://ipywidgets.readthedocs.io/en/stable/user_install.html from tqdm.autonotebook import tqdm
Crosswalk documents are intended to provide a mapping of concepts and terms between the different taxonomies, frameworks, standards and regulation documents.
We will use the Risk Atlas Nexus library to generate a crosswalk document between two of the available taxonomies.
In [2]:
Copied!
# Understand what taxonomies are available to us
ran = RiskAtlasNexus() # no args, so default configuration
print(f"\n# Total risks available : {len(ran.get_all_risks())}") # 560
print(f"\n# Available taxonomies : {len(ran.get_all_taxonomies())}") # 10
print(f"\n# Available taxonomy IDs : {[x.id for x in ran.get_all_taxonomies()]}")
# Understand what taxonomies are available to us
ran = RiskAtlasNexus() # no args, so default configuration
print(f"\n# Total risks available : {len(ran.get_all_risks())}") # 560
print(f"\n# Available taxonomies : {len(ran.get_all_taxonomies())}") # 10
print(f"\n# Available taxonomy IDs : {[x.id for x in ran.get_all_taxonomies()]}")
[2025-07-03 09:57:16:457] - INFO - RiskAtlasNexus - Created RiskAtlasNexus instance. Base_dir: None
# Total risks available : 560
# Available taxonomies : 10
# Available taxonomy IDs : ['ibm-risk-atlas', 'nist-ai-rmf', 'ailuminate-v1.0', 'mit-ai-risk-repository', 'mit-ai-risk-repository-causal', 'ai-risk-taxonomy', 'cset', 'ibm-granite-guardian', 'owasp-llm-2.0', 'credo-ucf']
For this example, we want to produce content for a crosswalk between the risks in the NIST AI RMF and the IBM AI risk Atlas. We will specify these as the target taxonomies, and then find the related risks and display a subset of the risk content in a pandas dataframe.
In [3]:
Copied!
# declare target taxonomies
taxonomy_1 = 'nist-ai-rmf'
taxonomy_2 = 'ibm-risk-atlas'
# declare target taxonomies
taxonomy_1 = 'nist-ai-rmf'
taxonomy_2 = 'ibm-risk-atlas'
Helper functions¶
A few utility functions to format the crosswalk dataframe output are provided below.
In [ ]:
Copied!
class RiskSimplified(BaseModel):
id: str
name: str
isPartOf: str | None
isDefinedByTaxonomy: str | None
def expand_risks(list_of_risk_ids):
"""Retrieve content for the related risk IDs and return a string
Args:
list_of_risk_ids: List[str]
Return:
str
Result containing Formatted string for the dataframe
"""
risks = [item for item in (ran.get_risk(id=risk_id) for risk_id in list_of_risk_ids if risk_id is not None) if item is not None]
grouped_risks = defaultdict(list)
for risk in risks:
selected_fields_risk = RiskSimplified(id=risk.id, name=risk.name, isPartOf=risk.isPartOf, isDefinedByTaxonomy=risk.isDefinedByTaxonomy)
grouped_risks[risk.isDefinedByTaxonomy].append(selected_fields_risk)
return str(dict(grouped_risks))
def construct_crosswalk_df(taxonomy_1, taxonomy_2):
"""Construct a crosswalk dataframe
Args:
taxonomy_1: str
taxonomy identifier
taxonomy_2: str
taxonomy identifier
Return:
pd.DataFrame
Results in form of a pd.Dataframe
"""
# get all risks from taxonomy 1 into a dataframe
df = pd.DataFrame([res.model_dump() for res in ran.get_all_risks(taxonomy=taxonomy_1)])
# we only need to show a subset of columns
df = df[['id', 'name', 'description', 'hasRelatedAction', 'isPartOf',
'closeMatch', 'exactMatch', 'broadMatch', 'narrowMatch',
'relatedMatch']]
# show only risk content relating to the second taxonomy
def filter_by_taxonomy(list_risks):
if list_risks is not None:
return [id for id in list_risks if ran.get_risk(id=id) is not None and ran.get_risk(id=id).isDefinedByTaxonomy == taxonomy_2]
else:
return None
df['closeMatch'] = df['closeMatch'].apply(filter_by_taxonomy)
df['exactMatch'] = df['exactMatch'].apply(filter_by_taxonomy)
df['broadMatch'] = df['broadMatch'].apply(filter_by_taxonomy)
df['narrowMatch'] = df['narrowMatch'].apply(filter_by_taxonomy)
df['relatedMatch'] = df['relatedMatch'].apply(filter_by_taxonomy)
df.rename(columns={"id": "RAN ID"})
df['expanded_risks'] = df.apply(
lambda row: expand_risks((row['closeMatch'] or []) + (row['exactMatch'] or []) + (row['broadMatch'] or []) + (row['narrowMatch'] or []) + (row['relatedMatch'] or [])), axis=1
)
return df
df = construct_crosswalk_df(taxonomy_1, taxonomy_2)
df
class RiskSimplified(BaseModel):
id: str
name: str
isPartOf: str | None
isDefinedByTaxonomy: str | None
def expand_risks(list_of_risk_ids):
"""Retrieve content for the related risk IDs and return a string
Args:
list_of_risk_ids: List[str]
Return:
str
Result containing Formatted string for the dataframe
"""
risks = [item for item in (ran.get_risk(id=risk_id) for risk_id in list_of_risk_ids if risk_id is not None) if item is not None]
grouped_risks = defaultdict(list)
for risk in risks:
selected_fields_risk = RiskSimplified(id=risk.id, name=risk.name, isPartOf=risk.isPartOf, isDefinedByTaxonomy=risk.isDefinedByTaxonomy)
grouped_risks[risk.isDefinedByTaxonomy].append(selected_fields_risk)
return str(dict(grouped_risks))
def construct_crosswalk_df(taxonomy_1, taxonomy_2):
"""Construct a crosswalk dataframe
Args:
taxonomy_1: str
taxonomy identifier
taxonomy_2: str
taxonomy identifier
Return:
pd.DataFrame
Results in form of a pd.Dataframe
"""
# get all risks from taxonomy 1 into a dataframe
df = pd.DataFrame([res.model_dump() for res in ran.get_all_risks(taxonomy=taxonomy_1)])
# we only need to show a subset of columns
df = df[['id', 'name', 'description', 'hasRelatedAction', 'isPartOf',
'closeMatch', 'exactMatch', 'broadMatch', 'narrowMatch',
'relatedMatch']]
# show only risk content relating to the second taxonomy
def filter_by_taxonomy(list_risks):
if list_risks is not None:
return [id for id in list_risks if ran.get_risk(id=id) is not None and ran.get_risk(id=id).isDefinedByTaxonomy == taxonomy_2]
else:
return None
df['closeMatch'] = df['closeMatch'].apply(filter_by_taxonomy)
df['exactMatch'] = df['exactMatch'].apply(filter_by_taxonomy)
df['broadMatch'] = df['broadMatch'].apply(filter_by_taxonomy)
df['narrowMatch'] = df['narrowMatch'].apply(filter_by_taxonomy)
df['relatedMatch'] = df['relatedMatch'].apply(filter_by_taxonomy)
df.rename(columns={"id": "RAN ID"})
df['expanded_risks'] = df.apply(
lambda row: expand_risks((row['closeMatch'] or []) + (row['exactMatch'] or []) + (row['broadMatch'] or []) + (row['narrowMatch'] or []) + (row['relatedMatch'] or [])), axis=1
)
return df
df = construct_crosswalk_df(taxonomy_1, taxonomy_2)
df
Out[ ]:
| id | name | description | hasRelatedAction | isPartOf | closeMatch | exactMatch | broadMatch | narrowMatch | relatedMatch | expanded_risks | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | nist-cbrn-information-or-capabilities | CBRN Information or Capabilities | Eased access to or synthesis of materially nefarious information or design capabilities related to chemical, biological, radiological, or nuclear (CBRN) weapons or other dangerous materials or agents. | [GV-1.2-002, GV-1.3-001, GV-1.3-002, GV-1.3-003, GV-1.3-004, GV-1.4-002, GV-2.1-004, GV-2.1-005, GV-3.2-001, GV-3.2-005, MP-1.1-004, MP-4.1-005, MP-4.1-008, MP-5.1-004, MS-1.1-004, MS-1.1-005, MS-1.1-008, MS-1.3-001, MS-1.3-002, MS-2.3-004, MS-2.6-002, MS-2.6-006, MS-2.6-007, MG-2.2-001, MG-2.2-005, MG-3.1-004, MG-3.2-009, MG-4.1-002] | None | [] | None | None | [atlas-dangerous-use] | [atlas-harmful-output] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-dangerous-use', name='Dangerous use', isPartOf='ibm-risk-atlas-misuse', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-harmful-output', name='Harmful output', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 1 | nist-confabulation | Confabulation | The production of confidently stated but erroneous or false content (known colloquially as “hallucinations” or “fabrications”) by which users may be misled or deceived. | [GV-1.3-002, GV-4.1-001, GV-5.1-002, MS-2.3-001, MS-2.3-002, MS-2.3-004, MS-2.5-001, MS-2.5-003, MS-2.6-005, MS-2.9-001, MS-2.13-001, MS-3.2-001, MS-4.2-002, MG-2.2-009, MG-3.2-009, MG-4.1-002, MG-4.1-004, MG-4.3-002] | None | None | [atlas-hallucination] | None | None | None | {'ibm-risk-atlas': [RiskSimplified(id='atlas-hallucination', name='Hallucination', isPartOf='ibm-risk-atlas-robustness', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 2 | nist-dangerous-violent-or-hateful-content | Dangerous, Violent, or Hateful Content | Eased production of and access to violent, inciting, radicalizing, or threatening content as well as recommendations to carry out self-harm or conduct illegal activities. Includes difficulty controlling public exposure to hateful and disparaging or stereotyping content. | [GV-1.3-001, GV-1.3-002, GV-1.3-004, GV-1.3-006, GV-1.4-001, GV-2.1-004, GV-2.1-005, GV-4.2-001, MP-1.1-003, MP-1.1-004, MP-3.4-006, MP-4.1-005, MP-4.1-008, MP-5.1-002, MP-5.1-004, MS-2.2-002, MS-2.3-004, MS-2.5-006, MS-2.6-001, MS-2.6-002, MS-2.6-003, MS-2.6-004, MS-2.7-007, MS-2.7-008, MS-2.11-002, MS-2.12-001, MG-2.2-001, MG-2.2-005, MG-3.2-005, MG-4.2-002] | None | [atlas-harmful-output, atlas-toxic-output] | None | None | [atlas-harmful-code-generation] | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-harmful-output', name='Harmful output', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-toxic-output', name='Toxic output', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-harmful-code-generation', name='Harmful code generation', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 3 | nist-data-privacy | Data Privacy | Impacts due to leakage and unauthorized use, disclosure, or de-anonymization of biometric, health, location, or other personally identifiable information or sensitive data. | [GV-1.1-001, GV-1.2-001, GV-1.4-002, GV-1.6-003, GV-4.3-003, GV-6.1-001, GV-6.1-005, GV-6.1-009, GV-6.2-003, MP-1.1-001, MP-2.1-002, MP-4.1-001, MP-4.1-003, MP-4.1-004, MP-4.1-005, MP-4.1-008, MP-4.1-009, MP-4.1-010, MS-1.3-003, MS-2.2-002, MS-2.2-003, MS-2.2-004, MS-2.3-004, MS-2.6-002, MS-2.7-001, MG-2.2-009, MG-3.1-002, MG-3.2-002, MG-4.3-003] | None | None | None | None | [atlas-attribute-inference-attack, atlas-data-privacy-rights, atlas-data-usage-rights, atlas-exposing-personal-information, atlas-ip-information-in-prompt, atlas-legal-accountability, atlas-membership-inference-attack, atlas-model-usage-rights, atlas-nonconsensual-use, atlas-personal-information-in-data, atlas-personal-information-in-prompt, atlas-reidentification] | [atlas-harmful-output] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-attribute-inference-attack', name='Attribute inference attack', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-privacy-rights', name='Data privacy rights alignment', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-usage-rights', name='Data usage rights restrictions', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-exposing-personal-information', name='Exposing personal information', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-ip-information-in-prompt', name='IP information in prompt', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-legal-accountability', name='Legal accountability', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-membership-inference-attack', name='Membership inference attack', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-model-usage-rights', name='Model usage rights restrictions', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-nonconsensual-use', name='Nonconsensual use', isPartOf='ibm-risk-atlas-misuse', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-personal-information-in-data', name='Personal information in data', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-personal-information-in-prompt', name='Personal information in prompt', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-reidentification', name='Reidentification', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-harmful-output', name='Harmful output', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 4 | nist-environmental-impacts | Environmental Impacts | Impacts due to high compute resource utilization in training or operating GAI models, and related outcomes that may adversely impact ecosystems. | None | None | [] | [atlas-impact-environment] | None | None | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-impact-environment', name="AI agents' impact on environment", isPartOf='ibm-risk-atlas-societal-impact', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 5 | nist-harmful-bias-or-homogenization | Harmful Bias or Homogenization | Amplification and exacerbation of historical, societal, and systemic biases; performance disparities between sub-groups or languages, possibly due to non-representative training data, that result in discrimination, amplification of biases, or incorrect presumptions about performance; undesired homogeneity that skews system or model outputs, which may be erroneous, lead to ill-founded decision-making, or amplify harmful biases. | None | None | None | None | None | [atlas-data-bias, atlas-decision-bias, atlas-output-bias, atlas-spreading-toxicity, atlas-unrepresentative-data] | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-data-bias', name='Data bias', isPartOf='ibm-risk-atlas-fairness', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-decision-bias', name='Decision bias', isPartOf='ibm-risk-atlas-fairness', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-output-bias', name='Output bias', isPartOf='ibm-risk-atlas-fairness', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-spreading-toxicity', name='Spreading toxicity', isPartOf='ibm-risk-atlas-misuse', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-unrepresentative-data', name='Unrepresentative data', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 6 | nist-human-ai-configuration | Human-AI Configuration | Arrangements of or interactions between a human and an AI system which can result in the human inappropriately anthropomorphizing GAI systems or experiencing algorithmic aversion, automation bias, over-reliance, or emotional entanglement with GAI systems. | [GV-1.5-002, GV-1.6-003, GV-2.1-001, GV-2.1-003, GV-3.2-002, GV-3.2-003, GV-3.2-004, GV-4.2-002, GV-5.1-001, GV-5.1-002, GV-6.1-009, GV-6.2-003, GV-6.2-007, MP-1.1-003, MP-1.2-001, MP-1.2-002, MP-3.4-001, MP-3.4-004, MP-3.4-005, MP-3.4-006, MP-5.1-003, MP-5.2-001, MP-5.2-002, MS-1.1-004, MS-1.3-001, MS-1.3-002, MS-1.3-003, MS-2.2-003, MS-2.2-004, MS-2.3-003, MS-2.5-001, MS-2.5-002, MS-2.5-004, MS-2.6-001, MS-2.7-003, MS-2.8-002, MS-2.8-004, MS-2.10-001, MS-2.10-002, MS-3.2-001, MS-3.3-002, MS-3.3-004, MS-3.3-005, MS-4.2-002, MS-4.2-005, MG-1.3-002, MG-2.2-006, MG-2.2-008, MG-3.2-008, MG-4.1-003, MG-4.1-005, MG-4.2-002, MG-4.2-003] | None | None | None | None | [atlas-improper-usage, atlas-incomplete-usage-definition, atlas-non-disclosure, atlas-poor-model-accuracy] | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-improper-usage', name='Improper usage', isPartOf='ibm-risk-atlas-misuse', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-incomplete-usage-definition', name='Incomplete usage definition', isPartOf='ibm-risk-atlas-governance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-non-disclosure', name='Non-disclosure', isPartOf='ibm-risk-atlas-misuse', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-poor-model-accuracy', name='Poor model accuracy', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 7 | nist-information-integrity | Information Integrity | Lowered barrier to entry to generate and support the exchange and consumption of content which may not distinguish fact from opinion or fiction or acknowledge uncertainties, or could be leveraged for large-scale dis- and mis-information campaigns. | [GV-1.2-001, GV-1.3-001, GV-1.3-006, GV-1.3-007, GV-1.5-001, GV-1.5-003, GV-1.6-003, GV-4.3-001, GV-4.3-003, GV-6.1-003, GV-6.1-004, GV-6.1-005, GV-6.1-006, GV-6.1-008, GV-6.2-006, MP-2.1-001, MP-2.2-001, MP-2.2-002, MP-2.3-001, MP-2.3-003, MP-2.3-004, MP-3.4-001, MP-3.4-002, MP-3.4-003, MP-3.4-005, MP-3.4-006, MP-5.1-001, MP-5.1-002, MP-5.1-004, MS-1.1-001, MS-1.1-002, MS-1.1-003, MS-1.1-005, MS-1.1-007, MS-1.1-009, MS-2.2-001, MS-2.2-002, MS-2.2-003, MS-2.3-004, MS-2.5-005, MS-2.6-005, MS-2.7-001, MS-2.7-002, MS-2.7-003, MS-2.7-004, MS-2.7-005, MS-2.7-006, MS-2.7-008, MS-2.8-003, MS-2.9-002, MS-2.10-001, MS-2.10-002, MS-2.13-001, MS-3.3-002, MS-3.3-004, MS-3.3-005, MS-4.2-001, MS-4.2-003, MS-4.2-004, MG-2.2-002, MG-2.2-003, MG-2.2-007, MG-2.2-009, MG-3.1-005, MG-3.2-002, MG-3.2-003, MG-3.2-005, MG-3.2-006, MG-3.2-007, MG-4.1-001, MG-4.1-006, MG-4.3-002] | None | None | None | None | [atlas-data-transparency, atlas-impact-on-human-agency, atlas-incomplete-advice, atlas-jailbreaking, atlas-poor-model-accuracy, atlas-spreading-disinformation, atlas-unexplainable-output, atlas-untraceable-attribution] | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-data-transparency', name='Lack of training data transparency', isPartOf='ibm-risk-atlas-transparency', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-impact-on-human-agency', name="AI agents' Impact on human agency", isPartOf='ibm-risk-atlas-societal-impact', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-incomplete-advice', name='Incomplete advice', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-jailbreaking', name='Jailbreaking', isPartOf='ibm-risk-atlas-robustness-model-behavior-manipulation', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-poor-model-accuracy', name='Poor model accuracy', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-spreading-disinformation', name='Spreading disinformation', isPartOf='ibm-risk-atlas-misuse', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-unexplainable-output', name='Unexplainable output', isPartOf='ibm-risk-atlas-explainability', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-untraceable-attribution', name='Untraceable attribution', isPartOf='ibm-risk-atlas-explainability', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 8 | nist-information-security | Information Security | Lowered barriers for offensive cyber capabilities, including via automated discovery and exploitation of vulnerabilities to ease hacking, malware, phishing, offensive cyber operations, or other cyberattacks; increased attack surface for targeted cyberattacks, which may compromise a system’s availability or the confidentiality or integrity of training data, code, or model weights. | [GV-1.2-002, GV-1.3-003, GV-1.3-007, GV-1.5-002, GV-1.6-001, GV-1.7-001, GV-1.7-002, GV-2.1-004, GV-3.2-002, GV-3.2-005, GV-4.3-002, GV-6.1-004, GV-6.1-005, GV-6.1-009, GV-6.2-003, GV-6.2-007, MP-2.3-005, MP-4.1-003, MP-4.1-005, MP-5.1-001, MP-5.1-005, MP-5.1-006, MS-2.2-001, MS-2.2-002, MS-2.3-001, MS-2.3-002, MS-2.3-004, MS-2.5-006, MS-2.6-005, MS-2.6-006, MS-2.6-007, MS-2.7-001, MS-2.7-002, MS-2.7-004, MS-2.7-006, MS-2.7-007, MS-2.7-008, MS-2.7-009, MS-4.2-001, MS-4.2-002, MS-4.2-005, MG-1.3-001, MG-2.2-004, MG-2.4-002, MG-2.4-003, MG-2.4-004, MG-3.1-002, MG-3.1-005, MG-4.1-002, MG-4.3-001, MG-4.3-003] | None | None | None | None | [atlas-attribute-inference-attack, atlas-data-contamination, atlas-data-poisoning, atlas-evasion-attack, atlas-extraction-attack, atlas-harmful-code-generation, atlas-prompt-injection, atlas-prompt-leaking, atlas-prompt-priming, atlas-unreliable-source-attribution] | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-attribute-inference-attack', name='Attribute inference attack', isPartOf='ibm-risk-atlas-privacy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-contamination', name='Data contamination', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-poisoning', name='Data poisoning', isPartOf='ibm-risk-atlas-robustness', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-evasion-attack', name='Evasion attack', isPartOf='ibm-risk-atlas-robustness-model-behavior-manipulation', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-extraction-attack', name='Extraction attack', isPartOf='ibm-risk-atlas-robustness-model-behavior-manipulation', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-harmful-code-generation', name='Harmful code generation', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-prompt-injection', name='Prompt injection attack', isPartOf='ibm-risk-atlas-robustness-prompt-attacks', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-prompt-leaking', name='Prompt leaking', isPartOf='ibm-risk-atlas-robustness-prompt-attacks', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-prompt-priming', name='Prompt priming', isPartOf='ibm-risk-atlas-robustness-prompt-attacks', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-unreliable-source-attribution', name='Unreliable source attribution', isPartOf='ibm-risk-atlas-explainability', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 9 | nist-intellectual-property | Intellectual Property | Eased production or replication of alleged copyrighted, trademarked, or licensed content without authorization (possibly in situations which do not fall under fair use); eased exposure of trade secrets; or plagiarism or illegal replication. | [GV-1.1-001, GV-1.2-001, GV-1.5-003, GV-1.6-003, GV-4.2-001, GV-6.1-001, GV-6.1-004, GV-6.1-005, GV-6.1-008, GV-6.1-009, GV-6.1-010, GV-6.2-002, MP-1.1-001, MP-2.1-002, MP-2.3-002, MP-4.1-002, MP-4.1-004, MP-4.1-005, MP-4.1-006, MP-4.1-008, MP-4.1-010, MS-2.6-002, MS-2.8-001, MG-2.2-009, MG-3.1-001, MG-3.1-004, MG-3.2-003] | None | [] | None | None | [atlas-confidential-data-in-prompt, atlas-confidential-information-in-data, atlas-copyright-infringement, atlas-data-usage-rights, atlas-generated-content-ownership, atlas-legal-accountability, atlas-model-usage-rights, atlas-revealing-confidential-information] | [] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-confidential-data-in-prompt', name='Confidential data in prompt', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-confidential-information-in-data', name='Confidential information in data', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-copyright-infringement', name='Copyright infringement', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-usage-rights', name='Data usage rights restrictions', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-generated-content-ownership', name='Generated content ownership and IP', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-legal-accountability', name='Legal accountability', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-model-usage-rights', name='Model usage rights restrictions', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-revealing-confidential-information', name='Revealing confidential information', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 10 | nist-obscene-degrading-and-or-abusive-content | Obscene, Degrading, and/or Abusive Content | Eased production of and access to obscene, degrading, and/or abusive imagery which can cause harm, including synthetic child sexual abuse material (CSAM), and nonconsensual intimate images (NCII) of adults. | [GV-1.3-001, GV-1.3-004, GV-1.4-001, GV-1.4-002, GV-4.2-001, MP-1.1-004, MP-4.1-004, MP-5.1-002, MS-1.1-005, MS-2.6-001, MS-2.6-002, MG-2.2-001, MG-2.2-005, MG-3.2-005] | None | [atlas-toxic-output] | None | None | [atlas-human-exploitation] | [atlas-harmful-output] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-toxic-output', name='Toxic output', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-human-exploitation', name='Human exploitation', isPartOf='ibm-risk-atlas-societal-impact', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-harmful-output', name='Harmful output', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas')]} |
| 11 | nist-value-chain-and-component-integration | Value Chain and Component Integration | Non-transparent or untraceable integration of upstream third-party components, including data that has been improperly obtained or not processed and cleaned due to increased automation from GAI; improper supplier vetting across the AI lifecycle; or other issues that diminish transparency or accountability for downstream users. | [GV-1.3-001, GV-1.6-002, GV-1.6-003, GV-1.7-001, GV-1.7-002, GV-2.1-001, GV-4.1-002, GV-4.1-003, GV-4.2-003, GV-6.1-001, GV-6.1-002, GV-6.1-003, GV-6.1-005, GV-6.1-007, GV-6.1-008, GV-6.1-009, GV-6.1-010, GV-6.2-001, GV-6.2-002, GV-6.2-003, GV-6.2-004, GV-6.2-007, MP-2.2-001, MP-4.1-006, MP-4.1-007, MP-5.2-001, MP-5.2-002, MS-2.6-001, MS-2.6-004, MS-2.7-001, MG-2.3-001, MG-3.1-001, MG-3.1-002, MG-3.1-003, MG-3.1-005, MG-3.2-007] | None | None | None | None | [atlas-data-contamination, atlas-data-curation, atlas-data-provenance, atlas-data-transfer, atlas-data-transparency, atlas-data-usage-rights, atlas-improper-retraining, atlas-inaccessible-training-data, atlas-incomplete-advice, atlas-incorrect-risk-testing, atlas-legal-accountability, atlas-model-usage-rights, atlas-poor-model-accuracy, atlas-unrepresentative-risk-testing] | [atlas-unrepresentative-data] | {'ibm-risk-atlas': [RiskSimplified(id='atlas-data-contamination', name='Data contamination', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-curation', name='Improper data curation', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-provenance', name='Uncertain data provenance', isPartOf='ibm-risk-atlas-transparency', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-transfer', name='Data transfer restrictions', isPartOf='ibm-risk-atlas-data-laws', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-transparency', name='Lack of training data transparency', isPartOf='ibm-risk-atlas-transparency', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-data-usage-rights', name='Data usage rights restrictions', isPartOf='ibm-risk-atlas-intellectual-property', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-improper-retraining', name='Improper retraining', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-inaccessible-training-data', name='Inaccessible training data', isPartOf='ibm-risk-atlas-explainability', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-incomplete-advice', name='Incomplete advice', isPartOf='ibm-risk-atlas-value-alignment', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-incorrect-risk-testing', name='Incorrect risk testing', isPartOf='ibm-risk-atlas-governance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-legal-accountability', name='Legal accountability', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-model-usage-rights', name='Model usage rights restrictions', isPartOf='ibm-risk-atlas-legal-compliance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-poor-model-accuracy', name='Poor model accuracy', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-unrepresentative-risk-testing', name='Unrepresentative risk testing', isPartOf='ibm-risk-atlas-governance', isDefinedByTaxonomy='ibm-risk-atlas'), RiskSimplified(id='atlas-unrepresentative-data', name='Unrepresentative data', isPartOf='ibm-risk-atlas-accuracy', isDefinedByTaxonomy='ibm-risk-atlas')]} |