Artificial Intelligence Trust, Risk and Security Management (AI TRiSM)
AI TRiSM offers a structured risk taxonomy that APS governance practitioners can reference when mapping risks across AI system lifecycles.
Key points
- MIT AI Risk Repository spotlights the AI TRiSM framework covering trust, risk, and security management across the AI lifecycle.
- Framework organises AI risks into bias/privacy, societal manipulation/deepfakes/LAWS, and security threat categories.
- This is a blog summary of a 2024 academic paper - useful reference material rather than actionable policy guidance.
Summary
The MIT AI Risk Repository has highlighted the AI TRiSM (Trust, Risk and Security Management) framework, drawn from a 2024 peer-reviewed paper by Habbal, Ali, and Abuzaraida. The framework organises AI-related risks into three domains: trust management (bias, discrimination, privacy), risk management (societal manipulation, deepfakes, lethal autonomous weapons), and security management (malicious use, insufficient security measures). Designed to be applied across the full AI system lifecycle, it synthesises academic literature on risk mitigation with particular attention to healthcare and finance sectors. The MIT blog post is a summary only; the underlying paper is the primary reference.
Implications for Australian agencies
- Consider APS AI governance practitioners could assess whether the AI TRiSM risk taxonomy complements or overlaps with existing Australian frameworks such as the DISR Responsible AI framework or agency-level risk registers.
- Monitor Teams tracking the MIT AI Risk Repository may want to note this as part of the broader landscape of risk classification frameworks being consolidated internationally.
Implications are AI-generated. Starting points, not advice.
"Artificial Intelligence Trust, Risk and Security Management (AI TRiSM)" Source: MIT AI Risk Repository – Blog Published: 19 February 2026 URL: https://airisk.mit.edu/blog/ai-trism The MIT AI Risk Repository has highlighted the AI TRiSM (Trust, Risk and Security Management) framework, drawn from a 2024 peer-reviewed paper by Habbal, Ali, and Abuzaraida. The framework organises AI-related risks into three domains: trust management (bias, discrimination, privacy), risk management (societal manipulation, deepfakes, lethal autonomous weapons), and security management (malicious use, insufficient security measures). Designed to be applied across the full AI system lifecycle, it synthesises academic literature on risk mitigation with particular attention to healthcare and finance sectors. The MIT blog post is a summary only; the underlying paper is the primary reference. Implications for Australian agencies: - [Consider] APS AI governance practitioners could assess whether the AI TRiSM risk taxonomy complements or overlaps with existing Australian frameworks such as the DISR Responsible AI framework or agency-level risk registers. - [Monitor] Teams tracking the MIT AI Risk Repository may want to note this as part of the broader landscape of risk classification frameworks being consolidated internationally. Retrieved from SIMS, 18 May 2026.