The Eticas AI Risk Taxonomy: Open Infrastructure for Operationalizing AI Audits

📅 2026-07-02
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study addresses the gap between conceptual AI risk frameworks and actionable auditing methodologies by proposing the first end-to-end operationalizable framework. It decouples risk definitions into their manifestation mechanisms and introduces Eticas AI Risk Taxonomy v2.0.0—an open, extensible classification system comprising 76 subcategories—demonstrating a complete pipeline from risk definition through executable testing, quantitative scoring, to risk tiering, exemplified by PII leakage risks. The taxonomy is published under CC BY 4.0 using SKOS/JSON-LD semantic standards, providing stable URIs, calibrated thresholds, and mappings to 18 external frameworks. Empirical evaluation on GPT-4-0314 reveals PII disclosure rates rising to 84% under adversarial prompting, leading to its classification as an E-level systemic risk, thereby validating the framework’s effectiveness and practical utility.
📝 Abstract
The rapid deployment of AI systems across high-stakes domains has created urgent demand for standardized evaluation, yet the field remains fragmented across competing risk taxonomies that catalog risks without showing how an audit is executed. At least 74 AI risk taxonomies exist, and almost all stop at the catalog. The hard part of auditing is not naming a risk but operationalizing it: turning it into a test run against a real system, a measured value, a calibrated severity, and a defensible grade. This paper leads with that bridge. We present the operationalization layer Eticas has built and run, shown end to end on a single risk (PII leakage) against a public benchmark, and then the open taxonomy that makes the method scale. On GPT-4-0314, a disclosure risk that seven external frameworks require be controlled is measured at 0%, 51%, and 84% disclosure as adversarial conditioning increases, mapping through calibrated severity bands to a subcategory grade of E with a SYSTEMIC pattern. Around this example, the Eticas AI Risk Taxonomy v2.0.0 organizes 76 active subcategories across 10 categories and 20 sub-groups, with mappings to 18 external frameworks across compliance, reference, and academic tiers. Its category and sub-group layer is published under CC BY 4.0 as open semantic infrastructure with stable URIs and SKOS/JSON-LD distributions, and a worked subcategory example shows the operational layer down to its severity thresholds. The contribution is the demonstrated bridge from concept to graded finding, anchored by a clean separation of risks from the mechanisms by which they surface, and framed by an open-core model in which the conceptual scaffold is open and the methodology calibration is the practitioner layer. This is the infrastructure the AI auditing field needs: shared, open, and demonstrably operable.
Problem

Research questions and friction points this paper is trying to address.

AI auditing
risk taxonomy
operationalization
standardized evaluation
audit infrastructure
Innovation

Methods, ideas, or system contributions that make the work stand out.

AI auditing
risk operationalization
open taxonomy
severity calibration
semantic infrastructure
🔎 Similar Papers
2024-08-14AGI - Artificial General Intelligence - Robotics - Safety & AlignmentCitations: 27