人工智能风险缓释映射：证据扫描与初步AI风险缓释分类体系

Mapping AI Risk Mitigations: Evidence Scan andPreliminary AI Risk MitigationTaxonomy Alexander K. Saeri1,2,*Sophia Lloyd George1,3Jess Graham2CleliaD.Lacarriere1Peter Slattery1Michael Noetel2Neil Thompson1 1MIT FutureTech2The University of Queensland3Cambridge Boston Alignment Initiative Abstract Organizationsand governmentsthat develop, deploy, use, and govern AI mustcoordinate on effective risk mitigation. However, the landscape of AI risk mitigationframeworks is fragmented, uses inconsistent terminology, and has gaps in coverage.This paper introduces a preliminary AI Risk Mitigation Taxonomy to organize AIrisk mitigations and provide a common frame of reference. The Taxonomy wasdeveloped through a rapid evidence scan of 13 AI risk mitigation frameworkspublished between 2023–2025, which were extracted into a living database of 831distinct AI risk mitigations. The mitigations were iteratively clustered & coded tocreate the Taxonomy. The preliminary AI Risk Mitigation Taxonomy organizesmitigations into four categories: (1) Governance & Oversight: Formal organizationalstructures and policy frameworks that establish human oversight mechanisms anddecision protocols; (2) Technical & Security: Technical, physical, and engineeringsafeguards that secure AI systems and constrain model behaviors; (3) OperationalProcess: processes and management frameworks governing AI system deployment,usage, monitoring, incident handling, and validation; and (4) Transparency &Accountability: formal disclosure practices and verification mechanisms thatcommunicate AI system information andenable external scrutiny. These categoriesare further subdivided into 23 mitigation subcategories. The rapid evidence scan andtaxonomy construction also revealed severalcases whereterms like ‘riskmanagement’ and ‘red teaming’ are used widely but referto different responsibleactors, actions, and mechanisms of action to reduce risk. This Taxonomy andassociated mitigation database, while preliminary, offers a starting point for collationand synthesis of AI risk mitigations. It also offers an accessible, structured way fordifferent actors in the AI ecosystem to discuss and coordinate action to reduce risksfrom AI. 1Introduction To address risks from increasingly capable Artificial Intelligence (AI), effective mitigations must bedeveloped and implemented.For this task, many actors-from researchers to industry leaders-mustbe able tocoordinate action andcommunicateclearlyabout AI risk mitigations. However,as awareness and concerns of AI risks has increased(Center for AI Safety,2023; Bengioetal.,2025),the field has become more fragmented and less coordinated(Slatteryet al.,2024).Organizations that develop, deploy, use, and govern AI have generated a variety of proposedmitigations, safeguards, and governance mechanisms to address risks(e.g., NIST, 2024; Eisenberg,2025). Frameworks, standards, and other documents approach mitigations from different disciplinaryor practice backgrounds, usediverging terminology,differenttheories,and inconsistentclassifications. Some focus on adapting established mitigations from cybersecurity or safety-criticalindustries (e.g., incident response, system shutdown; Koessler& Schuett, 2023), while othersintroduce novel approaches specific to AI (e.g., alignment techniques, model interpretability;Ji et al.,2023). The result is a proliferation of overlapping, incomplete, and sometimes incompatiblemitigation frameworks. This fragmented landscape has theoretical and practical consequences. A lack of shared definitionsand structures makes incremental scientific progress challenging. Thereinvention and duplicationalsoleadto fragmentation and confusion.For example,‘red teaming’caninclude many different methods,to evaluate many different threat models,and little consensus on who should perform it (Feffer,2024).Without an accessible or pragmatic shared understanding of risk mitigations, the actorsstruggleto develop, implement and coordinate mitigations. As noted by the U.S.–EU Trade andTechnology Council in its Joint Roadmap for Trustworthy AI and Risk Management, “sharedterminologies and taxonomies are essential for operationalizing trustworthy AI andrisk managementin an interoperable fashion”(European Commission and the United States Trade and TechnologyCouncil, 2022). These challenges are compounded by the rapid and accelerating pace of AI development andadoption. The share of organizations using AI in at least one business function quadrupled from 20%in 2017 to 80% in 2024(Singla et al., 2024). Theadoption of highly capable general-purpose AIagents tripled between Q1(11%)and Q2(33%)2025alone(KPMG, 2025). This expansionsignificantly increases the number of stakeholders who must implement mitigations. It alsoincreasesthe diversity of contexts in which effective risk management must occur. To address this gap, we conducted an evidence scan of public AI risk mitigation frameworks, with theaim of identifying, extracting, and syste