Mapping AI Risk Mitigations
A structured, cross-framework compilation of AI risk mitigations gives APS governance teams a practical reference for assessing and strengthening agency-level controls.
Key points
- MIT AI Risk Repository extracted 831 mitigations from 13 frameworks into a searchable database with a four-category taxonomy.
- The taxonomy covers Governance & Oversight, Technical & Security, Operational Process, and Transparency & Accountability controls - directly mapping to APS AI governance concerns.
- Operational Process Controls and Testing & Auditing were the most frequently cited mitigations; Model Alignment was rarely mentioned despite its importance.
Implications for Australian agencies
- Consider APS AI governance and assurance teams could assess the MIT taxonomy against existing agency risk frameworks to identify gaps in current control coverage.
- Consider Policy teams developing or updating AI risk guidance may want to reference the publicly accessible mitigations database to ensure alignment with emerging international practice.
- Monitor Agencies may want to monitor the planned systematic review, which will expand coverage and refine the taxonomy based on peer-reviewed literature and expert consultation.
Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.
View original source
Copied.
"Mapping AI Risk Mitigations"
Source: MIT AI Risk Repository – Blog
Published: 28 July 2025
URL: https://airisk.mit.edu/blog/mapping-ai-risk-mitigations
MIT's AI Risk Repository has published a draft AI Risk Mitigation Taxonomy and accompanying database of 831 mitigations extracted from 13 authoritative frameworks published between 2023 and 2025, including NIST AI 600-1, the International AI Safety Report, the EU AI Act GPAI Code of Practice, and the UK Government's Emerging Processes for Frontier AI Safety. Mitigations are organised into four top-level categories - Governance & Oversight, Technical & Security, Operational Process, and Transparency & Accountability - with 23 subcategories. The research highlights conceptual fragmentation in how 'AI risk management' is defined across frameworks and flags that model alignment controls are underrepresented. The database is publicly accessible and the team is seeking feedback ahead of a planned systematic review.
Implications for Australian agencies:
- [Consider] APS AI governance and assurance teams could assess the MIT taxonomy against existing agency risk frameworks to identify gaps in current control coverage.
- [Consider] Policy teams developing or updating AI risk guidance may want to reference the publicly accessible mitigations database to ensure alignment with emerging international practice.
- [Monitor] Agencies may want to monitor the planned systematic review, which will expand coverage and refine the taxonomy based on peer-reviewed literature and expert consultation.
Retrieved from SIMS, 18 July 2026.