GAI Risk Taxonomy

Overview

A classification system for risks unique to or exacerbated by Generative AI systems. The taxonomy identifies 12 distinct risk categories that require different measurement approaches and mitigation strategies.

The Twelve Risk Categories

1. CBRN Information or Capabilities Eased access to chemical, biological, radiological, or nuclear weapon design information or synthesis capabilities. Current evidence suggests LLMs provide minimal uplift beyond traditional search for operational planning, but specialized biological design tools may present future risks.

2. Confabulation Production of confidently stated but erroneous content. A natural consequence of statistical prediction, models generate plausible outputs, not necessarily true ones. Risk increases in open-ended prompts, long-form responses, and domains requiring contextual expertise.

3. Dangerous, Violent, or Hateful Content Eased production of inciting, radicalizing, or threatening content. Includes content that recommends self-harm or illegal activities. Jailbreaking, crafting prompts to circumvent safety controls, remains an ongoing challenge.

4. Data Privacy Leakage and unauthorized disclosure of PII or sensitive data through memorization, inference stitching (combining disparate sources to reconstruct sensitive information), or training data exposure during adversarial attacks.

5. Environmental Impacts Resource intensity of training and inference. Training a single LLM may emit as much carbon as 300 round-trip flights. Generative tasks (summarization) are more energy-intensive than discriminative tasks (classification).

6. Harmful Bias and Homogenization Amplification of historical biases; performance disparities across demographic groups or languages; homogenized outputs that reduce content diversity. Foundation models act as “bottlenecks” (bias flows downstream to all applications built upon them.

7. Human-AI Configuration Risks from how humans interact with GAI: automation bias (over-trust), algorithmic aversion (under-trust), anthropomorphization, and emotional entanglement.

8. Information Integrity Lowered barriers to producing misinformation and disinformation at scale. Includes deepfakes, synthetic media, and content that doesn’t distinguish fact from opinion.

9. Information Security Dual-sided risk: GAI enables automated discovery of vulnerabilities and lowers barriers for offensive cyber operations, while simultaneously expanding attack surface through prompt injection, data poisoning, and model extraction.

10. Intellectual Property Potential infringement through training data memorization, replication of copyrighted content, and unauthorized use of personal likeness or voice.

11. Obscene, Degrading, and/or Abusive Content Eased production of non-consensual intimate imagery (NCII), child sexual abuse material (CSAM), and other illegal or harmful imagery. Disproportionately impacts women and sexual minorities.

12. Value Chain and Component Integration Non-transparent integration of third-party components, improperly obtained data, or insufficiently vetted upstream dependencies. Exacerbated by training data scale and foundation model reuse.

When to Use

When scoping GAI risk assessments, conducting red-teaming exercises, designing governance structures, or evaluating GAI system proposals. The taxonomy provides a checklist for ensuring comprehensive coverage.

Limitations

The taxonomy focuses on empirically demonstrated risks; speculative future risks are excluded. Some risks are cross-cutting (e.g., harmful bias interacts with nearly all other categories). The framework is descriptive, not prescriptive, it identifies what to measure, not how to measure it.

Related: 05-molecule—risk-dimension-model, 05-atom—trustworthy-ai-characteristics