Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems
A structured LLM risk taxonomy with mitigation strategies offers a ready-made reference for APS teams developing AI risk assessment or procurement criteria.
Key points
- MIT AI Risk Repository catalogues a module-oriented LLM risk taxonomy covering 12 risks and 44 sub-categories.
- The framework covers input, model, toolchain, and output risks - a structure applicable to agency AI procurement and assurance.
- A research summary of an academic paper; not a government standard or mandatory framework.
Summary
This MIT AI Risk Repository blog post summarises an academic framework by Cui and colleagues (2024) that categorises LLM risks across four system modules: input, language model, toolchain, and output. The taxonomy identifies 12 specific risks and 44 sub-topics - including prompt injection, hallucinations, privacy leakage, and hardware vulnerabilities - and pairs each module with mitigation strategies and assessment benchmarks. While not a government standard, the module-oriented structure is practically useful for agencies conducting AI risk assessments, developing procurement requirements, or reviewing vendor claims about LLM safety.
Implications for Australian agencies
- Consider AI governance and assurance practitioners could assess whether this taxonomy usefully supplements existing agency AI risk frameworks or procurement criteria for LLM-based tools.
- Monitor Teams contributing to APS AI risk guidance may want to monitor the broader MIT AI Risk Repository as a consolidated source of emerging risk taxonomies.
Implications are AI-generated. Starting points, not advice.
"Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems" Source: MIT AI Risk Repository – Blog Published: 4 September 2024 URL: https://airisk.mit.edu/blog/risk-taxonomy-mitigation-and-assessment-benchmarks-of-large-language-model-systems This MIT AI Risk Repository blog post summarises an academic framework by Cui and colleagues (2024) that categorises LLM risks across four system modules: input, language model, toolchain, and output. The taxonomy identifies 12 specific risks and 44 sub-topics - including prompt injection, hallucinations, privacy leakage, and hardware vulnerabilities - and pairs each module with mitigation strategies and assessment benchmarks. While not a government standard, the module-oriented structure is practically useful for agencies conducting AI risk assessments, developing procurement requirements, or reviewing vendor claims about LLM safety. Implications for Australian agencies: - [Consider] AI governance and assurance practitioners could assess whether this taxonomy usefully supplements existing agency AI risk frameworks or procurement criteria for LLM-based tools. - [Monitor] Teams contributing to APS AI risk guidance may want to monitor the broader MIT AI Risk Repository as a consolidated source of emerging risk taxonomies. Retrieved from SIMS, 18 May 2026.