人工智能风险缓解映射：证据扫描与初步AI风险缓解分类体系

Mapping AI Risk Mitigations: Evidence Scan andPreliminary AI Risk MitigationTaxonomy Alexander K. Saeri1,2,*Sophia Lloyd George1,3Jess GrahamCleliaD.Lacarriere1Peter Slattery1Michael Noetel2Neil Thompson MIT FutureTech2The University of Queensland3Cambridge Boston Alignment Initiative Abstract Organizationsand governmentsthat develop, deploy, use, and govern AI mustcoordinate on effective risk mitigation. However, the landscape of AI risk mitigationframeworks is fragmented, uses inconsistent terminology, and has gaps in coverage.This paper introduces a preliminary AI Risk Mitigation Taxonomy to organize AIrisk mitigations and provide a common frame of reference. The Taxonomy wasdeveloped through a rapid evidence scan of 13 AI risk mitigation frameworkspublished between 2023–2025, which were extracted into a living database of 831distinct AI risk mitigations. The mitigations were iteratively clustered & coded tocreate the Taxonomy. The preliminary AI Risk Mitigation Taxonomy organizesmitigations into four categories: (1) Governance & Oversight: Formal organizationalstructures and policy frameworks that establish human oversight mechanisms anddecision protocols; (2) Technical & Security: Technical, physical, and engineeringsafeguards that secure AI systems and constrain model behaviors; (3) OperationalProcess: processes and management frameworks governing AI system deployment, 1Introduction To address risks from increasingly capable Artificial Intelligence (AI), effective mitigations must bedeveloped and implemented.For this task, many actors-from researchers to industry leaders-must However,as awareness and concerns of AI risks has increased(Center for AI Safety,2023; Bengioetal.,2025),the field has become more fragmented and less coordinated(Slatteryet al.,2024).Organizations that develop, deploy, use, and govern AI have generated a variety of proposedmitigations, safeguards, and governance mechanisms to address risks(e.g., NIST, 2024; Eisenberg,2025). Frameworks, standards, and other documents approach mitigations from different disciplinaryor practice backgrounds, usediverging terminology,differenttheories,and inconsistentclassifications. Some focus on adapting established mitigations from cybersecurity or safety-critical This fragmented landscape has theoretical and practical consequences. A lack of shared definitionsand structures makes incremental scientific progress challenging. Thereinvention and duplicationalsoleadto fragmentation and confusion.For example,‘red teaming’caninclude many different methods,to evaluate many different threat models,and little consensus on who should perform it (Feffer,2024).Without an accessible or pragmatic shared understanding of risk mitigations, the actorsstruggleto develop, implement and coordinate mitigations. As noted by the U.S.–EU Trade and These challenges are compounded by the rapid and accelerating pace of AI development andadoption. The share of organizations using AI in at least one business function quadrupled from 20%in 2017 to 80% in 2024(Singla et al., 2024). Theadoption of highly capable general-purpose AIagents tripled between Q1(11%)and Q2(33%)2025alone(KPMG, 2025). This expansionsignificantly increases the number of stakeholders who must implement mitigations. It alsoincreases To address this gap, we conducted an evidence scan of public AI risk mitigation frameworks, with theaim of identifying, extracting, and systematizing mitigationsacross policy, technical, and riskmanagement reports.We used methods adapted from evidence synthesis approaches(Khangura,2012)and framework synthesis approaches(Carroll et al., 2011;2013)to identify and extractmitigations into a publicly accessible AI Risk Mitigation Database.These mitigations were then The major contribution of this work is in creating a common frame of reference for AI riskmitigations. Both the Database and the Taxonomy are released publiclyon the AI Risk Initiativewebsite(airisk.mit.edu)for iteration, feedback,and use because (1) we observe growing demand for a The preliminary AI Risk Mitigation Database and Taxonomy together provide an empirical andconceptual foundation for a more coordinated, comprehensive approach to mitigating AI risks. Theyare intended to support a wide range of actors and stakeholders inidentifying, developing, 2Methods 2.1Definitions •We defineartificial intelligence (AI)as “systems or machines capable of performing tasksthat typically require human intelligence”(Bengio et al.,2025)•We defineAI riskas “the possibility of an unfortunate occurrence that may emerge from thedevelopment, deployment or use of AI” afterthe Societyfor Risk Analysis(Aven et al., We therefore define anAI risk mitigationas “an action that reduces the likelihood or impact of anunfortunate occurrence that may emerge from the development, deployment, or use of systems or 2.2Overview of approach Ouroverallapproach was a rapid evidence scan, a modified type of evidence synthesis(Khangura,201