Mapping AI Risk Mitigations: Evidence Scan and Preliminary AI Risk Mitigation Taxonomy

Alexander K. Saeri1,2,* Sophia Lloyd George1,3 Jess Graham2
Clelia D. Lacarriere1 Peter Slattery1 Michael Noetel2 Neil Thompson1

1MIT FutureTech 2The University of Queensland
3Cambridge Boston Alignment Initiative

Abstract Organizations and governments that develop, deploy, use, and govern AI must coordinate on effective risk mitigation. However, the landscape of AI risk mitigation frameworks is fragmented, uses inconsistent terminology, and has gaps in coverage. This paper introduces a preliminary AI Risk Mitigation Taxonomy to organize AI risk mitigations and provide a common frame of reference. The Taxonomy was developed through a rapid evidence scan of 13 AI risk mitigation frameworks published between 2023–2025, which were extracted into a living database of 831 distinct AI risk mitigations. The mitigations were iteratively clustered & coded to create the Taxonomy. The preliminary AI Risk Mitigation Taxonomy organizes mitigations into four categories: (1) Governance & Oversight: Formal organizational structures and policy frameworks that establish human oversight mechanisms and decision protocols; (2) Technical & Security: Technical, physical, and engineering safeguards that secure AI systems and constrain model behaviors; (3) Operational Process: processes and management frameworks governing AI system deployment, usage, monitoring, incident handling, and validation; and (4) Transparency & Accountability: formal disclosure practices and verification mechanisms that communicate AI system information and enable external scrutiny. These categories are further subdivided into 23 mitigation subcategories. The rapid evidence scan and taxonomy construction also revealed several cases where terms like ‘risk management’ and ‘red teaming’ are used widely but refer to different responsible actors, actions, and mechanisms of action to reduce risk. This Taxonomy and associated mitigation database, while preliminary, offers a starting point for collation and synthesis of AI risk mitigations. It also offers an accessible, structured way for different actors in the AI ecosystem to discuss and coordinate action to reduce risks from AI.

• Corresponding author: aksaeri@mit.edu

3 1 Introduction To address risks from increasingly capable Artificial Intelligence (AI), effective mitigations must be developed and implemented. For this task, many actors - from researchers to industry leaders - must be able to coordinate action and communicate clearly about AI risk mitigations.
However, as awareness and concerns of AI risks has increased (Center for AI Safety, 2023; Bengio et al., 2025), the field has become more fragmented and less coordinated (Slattery et al., 2024). Organizations that develop, deploy, use, and govern AI have generated a variety of proposed mitigations, safeguards, and governance mechanisms to address risks (e.g., NIST, 2024; Eisenberg, 2025). Frameworks, standards, and other documents approach mitigations from different disciplinary or practice backgrounds, use diverging terminology, different theories, and inconsistent classifications. Some focus on adapting established mitigations from cybersecurity or safety-critical industries (e.g., incident response, system shutdown; Koessler & Schuett, 2023), while others introduce novel approaches specific to AI (e.g., alignment techniques, model interpretability; Ji et al., 2023). The result is a proliferation of overlapping, incomplete, and sometimes incompatible mitigation frameworks. This fragmented landscape has theoretical and practical consequences. A lack of shared definitions and structures makes incremental scientific progress challenging. The reinvention and duplication also lead to fragmentation and confusion. For example, ‘red teaming’ can include many different methods, to evaluate many different threat models, and little consensus on who should perform it (Feffer, 2024). Without an accessible or pragmatic shared understanding of risk mitigations, the actors struggle to develop, implement and coordinate mitigations. As noted by the U.S.–EU Trade and Technology Council in its Joint Roadmap for Trustworthy AI and Risk Management, “shared terminologies and taxonomies are essential for operationalizing trustworthy AI and risk management in an interoperable fashion” (European Commission and the United States Trade and Technology Council, 2022). These challenges are compounded by the rapid and accelerating pace of AI development and adoption. The share of organizations using AI in at least one business function quadrupled from 20% in 2017 to 80% in 2024 (Singla et al., 2024). The adoption of highly capable general-purpose AI agents tripled between Q1 (11%) and Q2 (33%) 2025 alone (KPMG, 2025). This expansion significantly increases the number of stakeholders