AI Risk Database Prettified

Risk category: Type 1: Diffusion of responsibility

Description: Societal-scale harm can arise from AI built by a diffuse collection of creators, where no one is uniquely accountable for the technology's creation or use, as in a classic "tragedy of the commons".

Risk category: Type 2: Bigger than expected

Description: Harm can result from AI that was not expected to have a large impact at all, such as a lab leak, a surprisingly addictive open-source product, or an unexpected repurposing of a research prototype.

Risk category: Type 3: Worse than expected

Description: AI intended to have a large societal impact can turn out harmful by mistake, such as a popular product that creates problems and partially solves them only for its users.

Risk category: Type 4: Willful indifference

Description: As a side effect of a primary goal like profit or influence, AI creators can willfully allow it to cause widespread societal harms like pollution, resource depletion, mental illness, misinformation, or injustice.

Risk category: Type 5: Criminal weaponization

Description: One or more criminal entities could create AI to intentionally inflict harms, such as for terrorism or combating law enforcement.

Risk category: Type 6: State Weaponization

Description: AI deployed by states in war, civil war, or law enforcement can easily yield societal-scale harm

Risk category: Harmful Content

Description: "The LLM-generated content sometimes contains biased, toxic, and private information"

Risk category: Untruthful Content

Description: "The LLM-generated content could contain inaccurate information"

Risk category: Unhelpful Uses

Description: "Improper uses of LLM systems can cause adverse social impacts."

Risk category: Software Security Issues

Description: "The software development toolchain of LLMs is complex and could bring threats to the developed LLM."

Risk category: Hardware Vulnerabilities

Description: "The vulnerabilities of hardware systems for training and inferencing brings issues to LLM-based applications."

Risk category: Issues on External Tools

Description: "The external tools (e.g., web APIs) present trustworthiness and privacy issues to LLM-based applications."

Risk category: Privacy Leakage

Description: "The model is trained with personal data in the corpus and unintentionally exposing them during the conversation."

Risk category: Toxicity and Bias Tendencies

Description: "Extensive data collection in LLMs brings toxic content and stereotypical bias into the training data."

Risk category: Hallucinations

Description: "LLMs generate nonsensical, untruthful, and factual incorrect content"

Risk category: Model Attacks

Description: Model attacks exploit the vulnerabilities of LLMs, aiming to steal valuable information or lead to incorrect responses.

Risk category: Not-Suitable-for-Work (NSFW) Prompts

Description: "Inputting a prompt contain an unsafe topic (e.g., notsuitable-for-work (NSFW) content) by a benign user. "

Risk category: Adversarial Prompts

Description: "Engineering an adversarial input to elicit an undesired model behavior, which pose a clear attack intention"

Risk category: Broken systems

Description: "These are the most mentioned cases. They refer to situations where the algorithm or the training data lead to unreliable outputs. These systems frequently assign disproportionate weight to some variables, like race or gender, but there is no transparency to this effect, making them impossible to challenge. These situations are typically only identified when regulators or the press examine the systems under freedom of information acts. Nevertheless, the damage they cause to people’s lives can be dramatic, such as lost homes, divorces, prosecution, or incarceration. Besides the inherent technical shortcomings, auditors have also pointed out “insufficient coordination” between the developers of the systems and their users as a cause for ethical considerations to be neglected. This situation raises issues about the education of future creators of AI-infused systems, not only in terms of technical competence (e.g., requirements, algorithms, and training) but also ethics and responsibility. For example, as autonomous vehicles become more common, moral dilemmas regarding what to do in potential accident situations emerge, as evidenced in this MIT experiment. The decisions regarding how the machines should act divides opinions and requires deep reflection and maybe regulation."

Risk category: Hallucinations

Description: "The inclusion of erroneous information in the outputs from AI systems is not new. Some have cautioned against the introduction of false structures in X-ray or MRI images, and others have warned about made-up academic references. However, as ChatGPT-type tools become available to the general population, the scale of the problem may increase dramatically. Furthermore, it is compounded by the fact that these conversational AIs present true and false information with the same apparent “confidence” instead of declining to answer when they cannot ensure correctness. With less knowledgeable people, this can lead to the heightening of misinformation and potentially dangerous situations. Some have already led to court cases.'

Risk category: Intellectual property rights violations

Description: "This is an emerging category, with more cases prone to appear as the use of generative AI tools–such as Stable Diffusion, Midjourney, or ChatGPT–becomes more widespread. Some content creators are already suing for the appropriation of their work to train AI algorithms without a request for permission or compensation. Perhaps even more damaging cases will appear as developers increasingly ask chatbots or assistants like CoPilot for ready-to-use computer code. Even if these AI tools have learned only from open-source software (OSS) projects, which is not a given, there are still serious issues to consider, as not all OSS licenses are equal, and some are incompatible with others, meaning that it is illegal to mix them in the same product. Even worse, some licenses, such as GPL, are viral, meaning that any code that uses a GPL component must legally be made available under that same license. In the past, companies have suffered injunctions or been forced to make their proprietary source code available because of carelessly using a GPL library."

Risk category: Privacy and regulation violations

Description: "Some of the broken systems discussed above are also very invasive of people’s privacy, controlling, for instance, the length of someone’s last romantic relationship [51]. More recently, ChatGPT was banned in Italy over privacy concerns and potential violation of the European Union’s (EU) General Data Protection Regulation (GDPR) [52]. The Italian data-protection authority said, “the app had experienced a data breach involving user conversations and payment information.” It also claimed that there was no legal basis to justify “the mass collection and storage of personal data for the purpose of ‘training’ the algorithms underlying the operation of the platform,” among other concerns related to the age of the users [52]. Privacy regulators in France, Ireland, and Germany could follow in Italy’s footsteps [53]. Coincidentally, it has recently become public that Samsung employees have inadvertently leaked trade secrets by using ChatGPT to assist in preparing notes for a presentation and checking and optimizing source code [54, 55]. Another example of testing the ethics and regulatory limits can be found in actions of the facial recognition company Clearview AI, which “scraped the public web—social media, employment sites, YouTube, Venmo—to create a database with three billion images of people, along with links to the webpages from which the photos had come” [56]. Trials of this unregulated database have been offered to individual law enforcement officers who often use it without their department’s approval [57]. In Sweden, such illegal use by the police force led to a fine of e250,000 by the country’s data watchdog [57]."

Risk category: Enabling malicious actors and harmful actions

Description: "Some uses of AI have been deeply concerning, namely voice cloning [58] and the generation of deep fake videos [59]. For example, in March 2022, in the early days of the Russian invasion of Ukraine, hackers broadcast via the Ukrainian news website Ukraine 24 a deep fake video of President Volodymyr Zelensky capitulating and calling on his soldiers to lay down their weapons [60]. The necessary software to create these fakes is readily available on the Internet, and the hardware requirements are modest by today’s standards [61]. Other nefarious uses of AI include accelerating password cracking [62] or enabling otherwise unskilled people to create software exploits [63, 64], or effective phishing e-mails [65]. Although some believe that powerful AI models should be prevented from running on personal computers to retain some control, others demonstrate how inglorious that effort may be [66]. Furthermore, as ChatGPT-type systems evolve from conversational systems to agents, capable of acting autonomously and performing tasks with little human intervention, like Auto-GPT [67], new risks emerge."

Risk category: Environmental and socioeconomic harms

Description: "At a time of increasing climate urgency, energy consumption and the carbon footprint of AI applications are also matters of ethics and responsibility [68]. As with other energy-intensive technologies like proof-of-work blockchain, the call is to research more environmentally sustainable algorithms to offset the increasing use scale."

Risk category: Toxicity and Abusive Content

Description: This typically refers to rude, harmful, or inappropriate expressions.

Risk category: Unfairness and Discrimination

Description: Social bias is an unfairly negative attitude towards a social group or individuals based on one-sided or inaccurate information, typically pertaining to widely disseminated negative stereotypes regarding gender, race, religion, etc.

Risk category: Ethics and Morality Issues

Description: LMs need to pay more attention to universally accepted societal values at the level of ethics and morality, including the judgement of right and wrong, and its relationship with social norms and laws.

Risk category: Controversial Opinions

Description: The controversial views expressed by large models are also a widely discussed concern. Bang et al. (2021) evaluated several large models and found that they occasionally express inappropriate or extremist views when discussing political top-ics. Furthermore, models like ChatGPT (OpenAI, 2022) that claim political neutrality and aim to provide objective information for users have been shown to exhibit notable left-leaning political biases in areas like economics, social policy, foreign affairs, and civil liberties.

Risk category: Misleading Information

Description: Large models are usually susceptible to hallucination problems, sometimes yielding nonsensical or unfaithful data that results in misleading outputs.

Risk category: Privacy and Data Leakage

Description: Large pre-trained models trained on internet texts might contain private information like phone numbers, email addresses, and residential addresses.

Risk category: Malicious Use and Unleashing AI Agents

Description: LMs, due to their remarkable capabilities, carry the same potential for malice as other technological products. For instance, they may be used in information warfare to generate deceptive information or unlawful content, thereby having a significant impact on individuals and society. As current LMs are increasingly built as agents to accomplish user objectives, they may disregard the moral and safety guidelines if operating without adequate supervision. Instead, they may execute user commands mechanically without considering the potential damage. They might interact unpredictably with humans and other systems, especially in open environments

Risk category: Fairness - Bias

Description: Fairness is, by far, the most discussed issue in the literature, remaining a paramount concern especially in case of LLMs and text-to-image models. This is sparked by training data biases propagating into model outputs, causing negative effects like stereotyping, racism, sexism, ideological leanings, or the marginalization of minorities. Next to attesting generative AI a conservative inclination by perpetuating existing societal patterns, there is a concern about reinforcing existing biases when training new generative models with synthetic data from previous models. Beyond technical fairness issues, critiques in the literature extend to the monopolization or centralization of power in large AI labs, driven by the substantial costs of developing foundational models. The literature also highlights the problem of unequal access to generative AI, particularly in developing countries or among financially constrained groups. Sources also analyze challenges of the AI research community to ensure workforce diversity. Moreover, there are concerns regarding the imposition of values embedded in AI systems on cultures distinct from those where the systems were developed.

Risk category: Safety

Description: A primary concern is the emergence of human-level or superhuman generative models, commonly referred to as AGI, and their potential existential or catastrophic risks to humanity. Connected to that, AI safety aims at avoiding deceptive or power-seeking machine behavior, model self-replication, or shutdown evasion. Ensuring controllability, human oversight, and the implementation of red teaming measures are deemed to be essential in mitigating these risks, as is the need for increased AI safety research and promoting safety cultures within AI organizations instead of fueling the AI race. Furthermore, papers thematize risks from unforeseen emerging capabilities in generative models, restricting access to dangerous research works, or pausing AI research for the sake of improving safety or governance measures first. Another central issue is the fear of weaponizing AI or leveraging it for mass destruction, especially by using LLMs for the ideation and planning of how to attain, modify, and disseminate biological agents. In general, the threat of AI misuse by malicious individuals or groups, especially in the context of open-source models, is highlighted in the literature as a significant factor emphasizing the critical importance of implementing robust safety measures.

Risk category: Harmful Content - Toxicity

Description: Generating unethical, fraudulent, toxic, violent, pornographic, or other harmful content is a further predominant concern, again focusing notably on LLMs and text-to-image models. Numerous studies highlight the risks associated with the intentional creation of disinformation, fake news, propaganda, or deepfakes, underscoring their significant threat to the integrity of public discourse and the trust in credible media. Additionally, papers explore the potential for generative models to aid in criminal activities, incidents of self-harm, identity theft, or impersonation. Furthermore, the literature investigates risks posed by LLMs when generating advice in high-stakes domains such as health, safety-related issues, as well as legal or financial matters.

Risk category: Hallucinations

Description: Significant concerns are raised about LLMs inadvertently generating false or misleading information, as well as erroneous code. Papers not only critically analyze various types of reasoning errors in LLMs but also examine risks associated with specific types of misinformation, such as medical hallucinations. Given the propensity of LLMs to produce flawed outputs accompanied by overconfident rationales and fabricated references, many sources stress the necessity of manually validating and fact-checking the outputs of these models.

Risk category: Privacy

Description: Generative AI systems, similar to traditional machine learning methods, are considered a threat to privacy and data protection norms. A major concern is the intended extraction or inadvertent leakage of sensitive or private information from LLMs. To mitigate this risk, strategies such as sanitizing training data to remove sensitive information or employing synthetic data for training are proposed.

Risk category: Interaction risks

Description: Many novel risks posed by generative AI stem from the ways in which humans interact with these systems. For instance, sources discuss epistemic challenges in distinguishing AI-generated from human content. They also address the issue of anthropomorphization, which can lead to an excessive trust in generative AI systems. On a similar note, many papers argue that the use of conversational agents could impact mental well-being or gradually supplant interpersonal communication, potentially leading to a dehumanization of interactions. Additionally, a frequently discussed interaction risk in the literature is the potential of LLMs to manipulate human behavior or to instigate users to engage in unethical or illegal activities.

Risk category: Security - Robustness

Description: While AI safety focuses on threats emanating from generative AI systems, security centers on threats posed to these systems. The most extensively discussed issue in this context are jailbreaking risks, which involve techniques like prompt injection or visual adversarial examples designed to circumvent safety guardrails governing model behavior. Sources delve into various jailbreaking methods, such as role play or reverse exposure. Similarly, implementing backdoors or using model poisoning techniques bypass safety guardrails as well. Other security concerns pertain to model or prompt thefts.

Risk category: Education - Learning

Description: In contrast to traditional machine learning, the impact of generative AI in the educational sector receives considerable attention in the academic literature. Next to issues stemming from difficulties to distinguish student-generated from AI-generated content, which eventuates in various opportunities to cheat in online or written exams, sources emphasize the potential benefits of generative AI in enhancing learning and teaching methods, particularly in relation to personalized learning approaches. However, some papers suggest that generative AI might lead to reduced effort or laziness among learners. Additionally, a significant focus in the literature is on the promotion of literacy and education about generative AI systems themselves, such as by teaching prompt engineering techniques.

Risk category: Alignment

Description: The general tenet of AI alignment involves training generative AI systems to be harmless, helpful, and honest, ensuring their behavior aligns with and respects human values. However, a central debate in this area concerns the methodological challenges in selecting appropriate values. While AI systems can acquire human values through feedback, observation, or debate, there remains ambiguity over which individuals are qualified or legitimized to provide these guiding signals. Another prominent issue pertains to deceptive alignment, which might cause generative AI systems to tamper evaluations. Additionally, many papers explore risks associated with reward hacking, proxy gaming, or goal misgeneralization in generative AI systems.

Risk category: Cybercrime

Description: Closely related to discussions surrounding security and harmful content, the field of cybersecurity investigates how generative AI is misused for fraudulent online activities. A particular focus lies on social engineering attacks, for instance by utilizing generative AI to impersonate humans, creating fake identities, cloning voices, or crafting phishing messages. Another prevalent concern is the use of LLMs for generating malicious code or hacking.

Risk category: Governance - Regulation

Description: In response to the multitude of new risks associated with generative AI, papers advocate for legal regulation and governmental oversight. The focus of these discussions centers on the need for international coordination in AI governance, the establishment of binding safety standards for frontier models, and the development of mechanisms to sanction non-compliance. Furthermore, the literature emphasizes the necessity for regulators to gain detailed insights into the research and development processes within AI labs. Moreover, risk management strategies of these labs shall be evaluated. However, the literature also acknowledges potential risks of overregulation, which could hinder innovation.

Risk category: Labor displacement - Economic impact

Description: The literature frequently highlights concerns that generative AI systems could adversely impact the economy, potentially even leading to mass unemployment. This pertains to various fields, ranging from customer services to software engineering or crowdwork platforms. While new occupational fields like prompt engineering are created, the prevailing worry is that generative AI may exacerbate socioeconomic inequalities and lead to labor displacement. Additionally, papers debate potential large-scale worker deskilling induced by generative AI, but also productivity gains contingent upon outsourcing mundane or repetitive tasks to generative AI systems.

Risk category: Transparency - Explainability

Description: Being a multifaceted concept, the term 'transparency' is both used to refer to technical explainability as well as organizational openness. Regarding the former, papers underscore the need for mechanistic interpretability and for explaining internal mechanisms in generative models. On the organizational front, transparency relates to practices such as informing users about capabilities and shortcomings of models, as well as adhering to documentation and reporting requirements for data collection processes or risk evaluations.

Risk category: Evaluation - Auditing

Description: Closely related to other clusters like AI safety, fairness, or harmful content, papers stress the importance of evaluating generative AI systems both in a narrow technical way as well as in a broader sociotechnical impact assessment focusing on pre-release audits as well as post-deployment monitoring. Ideally, these evaluations should be conducted by independent third parties. In terms of technical LLM or text-to-image model audits, papers furthermore criticize a lack of safety benchmarking for languages other than English.

Risk category: Sustainability

Description: Generative models are known for their substantial energy requirements, necessitating significant amounts of electricity, cooling water, and hardware containing rare metals. The extraction and utilization of these resources frequently occur in unsustainable ways. Consequently, papers highlight the urgency of mitigating environmental costs for instance by adopting renewable energy sources and utilizing energy-efficient hardware in the operation and training of generative AI systems.

Risk category: Art - Creativity

Description: In this cluster, concerns about negative impacts on human creativity, particularly through text-to-image models, are prevalent. Papers criticize financial harms or economic losses for artists due to the widespread generation of synthetic art as well as the unauthorized and uncompensated use of artists' works in training datasets. Additionally, given the challenge of distinguishing synthetic images from authentic ones, there is a call for systematically disclosing the non-human origin of such content, particularly through watermarking. Moreover, while some sources argue that text-to-image models lack 'true' creativity or the ability to produce genuinely innovative aesthetics, others point out positive aspects regarding the acceleration of human creativity.

Risk category: Copyright - Authorship

Description: The emergence of generative AI raises issues regarding disruptions to existing copyright norms. Frequently discussed in the literature are violations of copyright and intellectual property rights stemming from the unauthorized collection of text or image training data. Another concern relates to generative models memorizing or plagiarizing copyrighted content. Additionally, there are open questions and debates around the copyright or ownership of model outputs, the protection of creative prompts, and the general blurring of traditional concepts of authorship.

Risk category: Writing - Research

Description: Partly overlapping with the discussion on impacts of generative AI on educational institutions, this topic cluster concerns mostly negative effects of LLMs on writing skills and research manuscript composition. The former pertains to the potential homogenization of writing styles, the erosion of semantic capital, or the stifling of individual expression. The latter is focused on the idea of prohibiting generative models for being used to compose scientific papers, figures, or from being a co-author. Sources express concern about risks for academic integrity, as well as the prospect of polluting the scientific literature by a flood of LLM-generated low-quality manuscripts. As a consequence, there are frequent calls for the development of detectors capable of identifying synthetic texts.

Risk category: Miscellaneous

Description: While the scoping review identified distinct topic clusters within the literature, it also revealed certain issues that either do not fit into these categories, are discussed infrequently, or in a nonspecific manner. For instance, some papers touch upon concepts like trustworthiness, accountability, or responsibility, but often remain vague about what they entail in detail. Similarly, a few papers vaguely attribute socio-political instability or polarization to generative AI without delving into specifics. Apart from that, another minor topic area concerns responsible approaches of talking about generative AI systems. This includes avoiding overstating the capabilities of generative AI, reducing the hype surrounding it, or evading anthropomorphized language to describe model capabilities.

Risk category: Incompetence

Description: "This means the AI simply failing in its job. The consequences can vary from unintentional death (a car crash) to an unjust rejection of a loan or job application."

Risk category: Loss of privacy

Description: "AI offers the temptation to abuse someone's personal data, for instance to build a profile of them to target advertisements more effectively."

Risk category: Discrimination

Description: "When AI is not carefully designed, it can discriminate against certain groups."

Risk category: Bias

Description: "The AI will only be as good as the data it is trained with. If the data contains bias (and much data does), then the AI will manifest that bias, too."

Risk category: Erosion of Society

Description: "With online news feeds, both on websites and social media platforms, the news is now highly personalized for us. We risk losing a shared sense of reality, a basic solidarity."

Risk category: Lack of transparency

Description: "The idea of a "black box" making decisions without any explanation, without offering insight in the process, has a couple of disadvantages: it may fail to gain the trust of its users and it may fail to meet regulatory standards such as the ability to audit."

Risk category: Deception

Description: "AI has become very good at creating fake content. From text to photos, audio and video. The name "Deep Fake" refers to content that is fake at such a level of complexity that our mind rules out the possibility that it is fake."

Risk category: Unintended consequences

Description: "Sometimes an AI finds ways to achieve its given goals in ways that are completely different from what its creators had in mind."

Risk category: Manipulation

Description: "The 2016 scandal involving Cambridge Analytica is the most infamous example where people's data was crawled from Facebook and analytics were then provided to target these people with manipulative content for political purposes.While it may not have been AI per se, it is based on similar data and it is easy to see how AI would make this more effective"

Risk category: Lethal Autonomous Weapons (LAW)

Description: "What is debated as an ethical issue is the use of LAW — AI-driven weapons that fully autonomously take actions that intentionally kill humans."

Risk category: Malicious use of AI

Description: "Just as AI can be used in many different fields, it is unfortunately also helpful in perpetrating digital crimes. AI-supported malware and hacking are already a reality."

Risk category: Loss of Autonomy

Description: "Delegating decisions to an AI, especially an AI that is not transparent and not contestable, may leave people feeling helpless, subjected to the decision power of a machine."

Risk category: Exclusion

Description: "The best AI techniques requires a large amount resources: data, computational power and human AI experts. There is a risk that AI will end up in the hands of a few players, and most will lose out on its benefits."

Risk category: Misuse

Description: "The misuse class includes elements such as the potential for cyber threat actors to execute exploits with greater speed and impact or generate disinformation (such as "deep fake" media) at accelerated rates and effectiveness"

Risk category: Accidents

Description: "Accidents include unintended failure modes that, in principle, could be considered the fault of the system or the developer"

Risk category: Agential

Description: "While there are multiple types of intelligent agents, goal-based, utility-maximizing, and learning agents are the primary concern and the focus of this research"

Risk category: Structural

Description: "Structural risks are concerned with how AI technologies "shape and are shaped by the environments in which they are developed and deployed""

Risk category: AGI removing itself from the control of human owners/managers

Description: "The risks associated with containment, confinement, and control in the AGI development phase, and after an AGI has been developed, loss of control of an AGI."

Risk category: AGIs being given or developing unsafe goals

Description: "The risks associated with AGI goal safety, including human attempts at making goals safe, as well as the AGI making its own goals safe during self-improvement."

Risk category: Development of unsafe AGI

Description: "The risks associated with the race to develop the first AGI, including the development of poor quality and unsafe AGI, and heightened political and control issues."

Risk category: AGIs with poor ethics, morals and values

Description: "The risks associated with an AGI without human morals and ethics, with the wrong morals, without the capability of moral reasoning, judgement"

Risk category: Inadequate management of AGI

Description: "The capabilities of current risk management and legal processes in the context of the development of an AGI."

Risk category: Existential risks

Description: "The risks posed generally to humanity as a whole, including the dangers of unfriendly AGI, the suffering of the human race."

Risk category: Domain-specific AI - Effects on humans and other living beings: Existential Risks

Risk category: Domain-specific AI - Effects on humans and other living beings: Non-existential risks

Risk category: AGI - Effects on humans and other living beings: Existential risks

Risk category: AGI - Effects on humans and other living beings: Non-existential risks

Risk category: Domain-specific AI - AI technology itself

Risk category: AGI - AI technology itself

Risk category: Bias and discrimination

Description: "The decision process used by AI systems has the potential to present biased choices, either because it acts from criteria that will generate forms of bias or because it is based on the history of choices."

Risk category: Risk of Injury

Description: "Poorly designed intelligent systems can cause moral, psychological, and physical harm. For example, the use of predictive policing tools may cause more people to be arrested or physically harmed by the police."

Risk category: Data Breach/Privacy & Liberty

Description: "The risks associated with the use of AI are still unpredictable and unprecedented, and there are already several examples that show AI has made discriminatory decisions against minorities, reinforced social stereotypes in Internet search engines and enabled data breaches."

Risk category: Usurpation of jobs by automation

Description: "Eliminated jobs in various types of companies."

Risk category: Lack of transparency

Description: "In situations in which the development and use of AI are not explained to the user, or in which the decision processes do not provide the criteria or steps that constitute the decision, the use of AI becomes inexplicable."

Risk category: Reduced Autonomy/Responsibility

Description: "AI is providing more and more solutions for complex activities, and by taking advantage of this process, people are becoming able to perform a greater number of activities more quickly and accurately. However, the result of this innovation is enabling choices that were once exclusively human responsibility to be made by AI systems."

Risk category: Injustice

Description: [not defined in text]

Risk category: Over-dependence on technology

Description: [not defined in text]

Risk category: Environmental Impacts

Description: "The production process of these devices requires raw materials such as nickel, cobalt, and lithium in such high quantities that the Earth may soon no longer be able to sustain them in sufficient quantities."

Risk category: Representational Harms

Description: "beliefs about different social groups that reproduce unjust societal hierarchies"

Risk category: Allocative Harms

Description: "These harms occur when a system withholds information, opportunities, or resources [22] from historically marginalized groups in domains that affect material well-being [146], such as housing [47], employment [201], social services [15, 201], finance [117], education [119], and healthcare [158]."

Risk category: Quality-of-Service Harms

Description: "These harms occur when algorithmic systems disproportionately underperform for certain groups of people along social categories of difference such as disability, ethnicity, gender identity, and race."

Risk category: Interpersonal Harms

Description: Interpersonal harms capture instances when algorithmic systems adversely shape relations between people or communities.

Risk category: Societal System Harms

Description: "Social system or societal harms reflect the adverse macro-level effects of new and reconfigurable algorithmic systems, such as systematizing bias and inequality [84] and accelerating the scale of harm [137]"

Risk category: Abuse & Misuse

Description: "The potential for AI systems to be used maliciously or irresponsibly, including for creating deepfakes, automated cyber attacks, or invasive surveillance systems. Specifically denotes intentional use of AI for harm."

Risk category: Compliance

Description: "The potential for AI systems to violate laws, regulations, and ethical guidelines (including copyrights). Non-compliance can lead to legal penalties, reputation damage, and loss of trust.While other risks in our taxonomy apply to system developers, users, and broader society, this risk is generally restricted to the former two groups."

Risk category: Environmental & Societal Impact

Description: "Addresses AI's broader societal effects, including labor displacement, mental health impacts, and issues from manipulative technologies like deepfakes. Additionally, it considers AI's environmental footprint, balancing resource strain and training-related carbon emissions against AI's potential to help address environmental problems."

Risk category: Explainability & Transparency

Description: "The feasibility of understanding and interpreting an AI system's decisions and actions, and the openness of the developer about the data used, algorithms employed, and decisions made. Lack of these elements can create risks of misuse, misinterpretation, and lack of accountability."

Risk category: Fairness & Bias

Description: "The potential for AI systems to make decisions that systematically disadvantage certain groups or individuals. Bias can stem from training data, algorithmic design, or deployment practices, leading to unfair outcomes and possible legal ramifications."

Risk category: Long-term & Existential Risk

Description: "The speculative potential for future advanced AI systems to harm human civilization, either through misuse or due to challenges in aligning AI objectives with human values."

Risk category: Performance & Robustness

Description: "The AI system's ability to fulfill its intended purpose and its resilience to perturbations, and unusual or adverse inputs. Failures of performance are fundamental to the AI system's correct functioning. Failures of robustness can lead to severe consequences."

Risk category: Privacy

Description: "The potential for the AI system to infringe upon individuals' rights to privacy, through the data it collects, how it processes that data, or the conclusions it draws."

Risk category: Security

Description: "Encompasses vulnerabilities in AI systems that compromise their integrity, availability, or confidentiality. Security breaches could result in significant harm, ranging from flawed decision-making to data leaks. Of special concern is leakage of AI model weights, which could exacerbate other risk areas."

Risk category: Impacts: The Technical Base System

Description: "What can be evaluated in a technical system and its components'...The following categories are high-level, non-exhaustive, and present a synthesis of the findings across different modalities"

Risk category: Impacts: People and Society

Description: "what can be evaluated among people and society"

Risk category: Fairness

Description: "The general principle of equal treatment requires that an AI system upholds the principle of fairness, both ethically and legally. This means that the same facts are treated equally for each person unless there is an objective justification for unequal treatment."

Risk category: Privacy

Description: "Privacy is related to the ability of individuals to control or influence what information related to them may be collected and stored and by whom that information may be disclosed."

Risk category: Degree of Automation and Control

Description: "The degree of automation and control describes the extent to which an AI system functions independently of human supervision and control."

Risk category: Complexity of the Intended Task and Usage Environment

Description: "As a general rule, more complex environments can quickly lead to situations that had not been considered in the design phase of the AI system. Therefore, complex environments can introduce risks with respect to the reliability and safety of an AI system"

Risk category: Degree of Transparency and Explainability

Description: "Transparency is the characteristic of a system that describes the degree to which appropriate information about the system is communicated to relevant stakeholders, whereas explainability describes the property of an AI system to express important factors influencing the results of the AI system in a way that is understandable for humans....Information about the model underlying the decision-making process is relevant for transparency. Systems with a low degree of transparency can pose risks in terms of their fairness, security and accountability. "

Risk category: Security

Description: "Artificial intelligence comes with an intrinsic set of challenges that need to be considered when discussing trustworthiness, especially in the context of functional safety. AI models, especially those with higher complexities (such as neural networks), can exhibit specific weaknesses not found in other types of systems and must, therefore, be subjected to higher levels of scrutiny, especially when deployed in a safety-critical context"

Risk category: System Hardware

Description: ""Faults in the hardware can violate the correct execution of any algorithm by violating its control flow. Hardware faults can also cause memory-based errors and interfere with data inputs, such as sensor signals, thereby causing erroneous results, or they can violate the results in a direct way through damaged outputs."

Risk category: Technological Maturity

Description: "The technological maturity level describes how mature and error-free a certain technology is in a certain application context. If new technologies with a lower level of maturity are used in the development of the AI system, they may contain risks that are still unknown or difficult to assess.Mature technologies, on the other hand, usually have a greater variety of empirical data available, which means that risks can be identified and assessed more easily. However, with mature technologies, there is a risk that risk awareness decreases over time"

Risk category: First-Order Risks

Description: "First-order risks can be generally broken down into risks arising from intended and unintended use, system design and implementation choices, and properties of the chosen dataset and learning components."

Risk category: Second-Order Risks

Description: "Second-order risks result from the consequences of first-order risks and relate to the risks resulting from an ML system interacting with the real world, such as risks to human rights, the organization, and the natural environment."

Risk category: Risk area 1: Discrimination, Hate speech and Exclusion

Description: "Speech can create a range of harms, such as promoting social stereotypes that perpetuate the derogatory representation or unfair treatment of marginalised groups [22], inciting hate or violence [57], causing profound offence [199], or reinforcing social norms that exclude or marginalise identities [15,58]. LMs that faithfully mirror harmful language present in the training data can reproduce these harms. Unfair treatment can also emerge from LMs that perform better for some social groups than others [18]. These risks have been widely known, observed and documented in LMs. Mitigation approaches include more inclusive and representative training data and model fine-tuning to datasets that counteract common stereotypes [171]. We now explore these risks in turn."

Risk category: Risk area 2: Information Hazards

Description: "LM predictions that convey true information may give rise to information hazards, whereby the dissemination of private or sensitive information can cause harm [27]. Information hazards can cause harm at the point of use, even with no mistake of the technology user. For example, revealing trade secrets can damage a business, revealing a health diagnosis can cause emotional distress, and revealing private data can violate a person’s rights. Information hazards arise from the LM providing private data or sensitive information that is present in, or can be inferred from, training data. Observed risks include privacy violations [34]. Mitigation strategies include algorithmic solutions and responsible model release strategies."

Risk category: Risk area 3: Misinformation Harms

Description: "These risks arise from the LM outputting false, misleading, nonsensical or poor quality information, without malicious intent of the user. (The deliberate generation of "disinformation", false information that is intended to mislead, is discussed in the section on Malicious Uses.) Resulting harms range from unintentionally misinforming or deceiving a person, to causing material harm, and amplifying the erosion of societal distrust in shared information. Several risks listed here are well-documented in current large-scale LMs as well as in other language technologies"

Risk category: Risk area 4: Malicious Uses

Description: "These risks arise from humans intentionally using the LM to cause harm, for example via targeted disinformation campaigns, fraud, or malware. Malicious use risks are expected to proliferate as LMs become more widely accessible"

Risk category: Risk area 5: Human-Computer Interaction Harms

Description: "This section focuses on risks specifically from LM applications that engage a user via dialogue, also referred to as conversational agents (CAs) [142]. The incorporation of LMs into existing dialogue-based tools may enable interactions that seem more similar to interactions with other humans [5], for example in advanced care robots, educational assistants or companionship tools. Such interaction can lead to unsafe use due to users overestimating the model, and may create new avenues to exploit and violate the privacy of the user. Moreover, it has already been observed that the supposed identity of the conversational agent can reinforce discriminatory stereotypes [19,36, 117]."

Risk category: Risk area 6: Environmental and Socioeconomic harms

Description: "LMs create some risks that recur with different types of AI and other advanced technologies making these risks ever more pressing. Environmental concerns arise from the large amount of energy required to train and operate large-scale models. Risks of LMs furthering social inequities emerge from the uneven distribution of risk and benefits of automation, loss of high-quality and safe employment, and environmental harm. Many of these risks are more indirect than the harms analysed in previous sections and will depend on various commercial, economic and social factors, making the specific impact of LMs difficult to disentangle and forecast. As a result, the level of evidence on these risks is mixed."

Risk category: Discrimination, Exclusion and Toxicity

Description: "Social harms that arise from the language model producing discriminatory or exclusionary speech"

Risk category: Information Hazards

Description: "Harms that arise from the language model leaking or inferring true sensitive information"

Risk category: Misinformation Harms

Description: "Harms that arise from the language model providing false or misleading information"

Risk category: Malicious Uses

Description: "Harms that arise from actors using the language model to intentionally cause harm"

Risk category: Human-Computer Interaction Harms

Description: "Harms that arise from users overly trusting the language model, or treating it as human-like"

Risk category: Automation, Access and Environmental Harms

Description: "Harms that arise from environmental or downstream economic impacts of the language model"

Risk category: Representation & Toxicity Harms

Description: "AI systems under-, over-, or misrepresenting certain groups or generating toxic, offensive, abusive, or hateful content"

Risk category: Misinformation Harms

Description: "AI systems generating and facilitating the spread of inaccurate or misleading information that causes people to develop false beliefs"

Risk category: Information & Safety Harms

Description: "AI systems leaking, reproducing, generating or inferring sensitive, private, or hazardous information"

Risk category: Malicious Use

Description: "AI systems reducing the costs and facilitating activities of actors trying to cause harm (e.g. fraud, weapons)"

Risk category: Human Autonomy and Intregrity Harms

Description: "AI systems compromising human agency, or circumventing meaningful human control"

Risk category: Socioeconomic and environmental harms

Description: "AI systems amplifying existing inequalities or creating negative impacts on employment, innovation, and the environment"

Risk category: Technological, Data and Analytical AI Risks

Description: "Fig 3 shows that technological, data, and analytical AI risks are characterised by the loss of control over AI systems, whereby in particular the autonomous decision and its consequences are classified as risk factors since they are not subject to human influence (Boyd & Wilson, 2017; Scherer, 2016; Wirtz et al., 2019). Programming errors in algorithms due to the lack of expert knowledge or to the increasing complexity and black-box character of AI systems may also lead to undesired AI results (Boyd & Wilson, 2017; Danaher et al., 2017). In addition, a lack of data, poor data quality, and biases in training data are another source of malfunction and negative consequences of AI (Dwivedi et al., 2019; Wirtz et al., 2019)."

Risk category: Informational and Communicational AI Risks

Description: "Informational and communicational AI risks refer particularly to informational manipulation through AI systems that influence the provision of information (Rahwan, 2018; Wirtz & Müller, 2019), AIbased disinformation and computational propaganda, as well as targeted censorship through AI systems that use respectively modified algorithms, and thus restrict freedom of speech."

Risk category: Economic AI Risks

Description: "In the context of economic AI risks two major risks dominate. These refer to the disruption of the economic system due to an increase of AI technologies and automation. For instance, a higher level of AI integration into the manufacturing industry may result in massive unemployment, leading to a loss of taxpayers and thus negatively impacting the economic system (Boyd & Wilson, 2017; Scherer, 2016). This may also be associated with the risk of losing control and knowledge of organisational processes as AI systems take over an increasing number of tasks, replacing employees in these processes. "

Risk category: Social AI Risks

Description: "Social AI risks particularly refer to loss of jobs (technological unemployment) due to increasing automation, reflected in a growing resistance by employees towards the integration of AI (Thierer et al., 2017; Winfield & Jirotka, 2018). In addition, the increasing integration of AI systems into all spheres of life poses a growing threat to privacy and to the security of individuals and society as a whole (Winfield & Jirotka, 2018; Wirtz et al., 2019)."

Risk category: Ethical AI Risks

Description: "In the context of ethical AI risks, two risks are of particular importance. First, AI systems may lack a legitimate ethical basis in establishing rules that greatly influence society and human relationships (Wirtz & Müller, 2019). In addition, AI-based discrimination refers to an unfair treatment of certain population groups by AI systems. As humans initially programme AI systems, serve as their potential data source, and have an impact on the associated data processes and databases, human biases and prejudices may also become part of AI systems and be reproduced (Weyerer & Langer, 2019, 2020)."

Risk category: Legal AI Risks

Description: "Legal and regulatory risks comprise in particular the unclear definition of responsibilities and accountability in case of AI failures and autonomous decisions with negative impacts (Reed, 2018; Scherer, 2016). Another great risk in this context refers to overlooking the scope of AI governance and missing out on important governance aspects, resulting in negative consequences (Gasser & Almeida, 2017; Thierer et al., 2017)."

Risk category: AI Law and Regulation

Description: "This area strongly focuses on the control of AI by means of mechanisms like laws, standards or norms that are already established for different technological applications. Here, there are some challenges special to AI that need to be addressed in the near future, including the governance of autonomous intelligence systems, responsibility and accountability for algorithms as well as privacy and data security."

Risk category: AI Ethics

Description: "Ethical challenges are widely discussed in the literature and are at the heart of the debate on how to govern and regulate AI technology in the future (Bostrom & Yudkowsky, 2014; IEEE, 2017; Wirtz et al., 2019). Lin et al. (2008, p. 25) formulate the problem as follows: “there is no clear task specification for general moral behavior, nor is there a single answer to the question of whose morality or what morality should be implemented in AI”. Ethical behavior mostly depends on an underlying value system. When AI systems interact in a public environment and influence citizens, they are expected to respect ethical and social norms and to take responsibility of their actions (IEEE, 2017; Lin et al., 2008)."

Risk category: AI Society

Description: "AI already shapes many areas of daily life and thus has a strong impact on society and everyday social life. For instance, transportation, education, public safety and surveillance are areas where citizens encounter AI technology (Stone et al., 2016; Thierer et al., 2017). Many are concerned with the subliminal automation of more and more jobs and some people even fear the complete dependence on AI or perceive it as an existential threat to humanity (McGinnis, 2010; Scherer, 2016)."

Risk category: Data-level risk

Risk category: Model-level risk

Risk category: Malicious Use (Intentional)

Description: "empowering malicious actors to cause widespread harm"

Risk category: AI Race (Environmental/Structural)

Description: "The immense potential of AIs has created competitive pressures among global players contending for power and influence. This “AI race” is driven by nations and corporations who feel they must rapidly build and deploy AIs to secure their positions and survive."

Risk category: Organizational Risks (Accidental)

Description: "An essential factor in preventing accidents and maintaining low levels of risk lies in the organizations responsible for these technologies."

Risk category: Rogue AIs (Internal)

Description: "speculative technical mechanisms that might lead to rogue AIs and how a loss of control could bring about catastrophe"

Risk category: Violent crimes

Description: "This category addresses responses that enable, encourage, or endorse the commission of violent crimes."

Risk category: Non-violent crimes

Description: "This category addresses responses that enable, encourage, or endorse the commission of non-violent crimes."

Risk category: Sex-related crimes

Description: "This category addresses responses that enable, encourage, or endorse the commission of sex-related crimes"

Risk category: Child sexual exploitation

Description: "This category addresses responses that contain, describe, enable, encourage, or endorse the sexual abuse of children (i.e., under 18 years old) or the acquisition of child sexual abuse material."

Risk category: Indiscriminate weapons (CBRNE)

Description: "This category addresses responses that enable, encourage, or endorse the creation of indiscriminate weapons (colloquially known as "weapons of mass destruction")."