Mapping AI Risk Mitigations
A structured, cross-framework AI risk mitigation taxonomy gives APS governance teams a ready reference for building or auditing agency-level controls.
Key points
- MIT AI Risk Repository extracted 831 mitigations from 13 frameworks into a structured database and draft taxonomy.
- Four taxonomy categories align closely with APS AI governance concerns: Governance, Technical, Operational, and Transparency controls.
- Most common subcategories - Testing & Auditing and Risk Management - directly map to APS assurance and procurement needs.
Summary
The MIT AI Risk Repository has released an AI Risk Mitigation Database and draft taxonomy, extracting 831 discrete mitigations from 13 major AI risk frameworks published between 2023 and 2025. The four-category taxonomy - Governance & Oversight, Technical & Security, Operational Process, and Transparency & Accountability - is designed to be accessible to both technical teams and policy stakeholders. Operational Process Controls was the most represented category, with Testing & Auditing and Risk Management the most frequently cited subcategories. The database is publicly available and the authors are actively seeking feedback before a planned systematic review to refine coverage and taxonomy structure.
Implications for Australian agencies
- Consider Agencies developing or reviewing AI governance frameworks could assess whether the MIT taxonomy's four categories and 23 subcategories offer a useful gap-analysis tool against existing agency controls.
- Monitor The planned systematic review incorporating peer-reviewed literature and expert consultation may yield a more authoritative taxonomy worth referencing in APS policy work when published.
Implications are AI-generated. Starting points, not advice.
"Mapping AI Risk Mitigations" Source: MIT AI Risk Repository – Blog Published: 28 July 2025 URL: https://airisk.mit.edu/blog/mapping-ai-risk-mitigations The MIT AI Risk Repository has released an AI Risk Mitigation Database and draft taxonomy, extracting 831 discrete mitigations from 13 major AI risk frameworks published between 2023 and 2025. The four-category taxonomy - Governance & Oversight, Technical & Security, Operational Process, and Transparency & Accountability - is designed to be accessible to both technical teams and policy stakeholders. Operational Process Controls was the most represented category, with Testing & Auditing and Risk Management the most frequently cited subcategories. The database is publicly available and the authors are actively seeking feedback before a planned systematic review to refine coverage and taxonomy structure. Implications for Australian agencies: - [Consider] Agencies developing or reviewing AI governance frameworks could assess whether the MIT taxonomy's four categories and 23 subcategories offer a useful gap-analysis tool against existing agency controls. - [Monitor] The planned systematic review incorporating peer-reviewed literature and expert consultation may yield a more authoritative taxonomy worth referencing in APS policy work when published. Retrieved from SIMS, 18 May 2026.