ai · security · skills

AI Safety

Every AI harm has an owner,a control, and a regulatory tier.

A reference, not a journey. Look up any AI harm and see who owns it, the controls that hold the fix, and the EU AI Act risk tier it lands at.

Every harm has an ownerEU AI Act · High risk

Ethical requirements it triggers

Fairness & bias testingHuman oversightTransparency & explainabilityContestability

AICM control domains that hold the fix

MDSDSPGRCHRS

3 harm classes · 7 safety control families · NIST AI 100-1

Harm to People: Harms to individuals and groups — rights, safety, access. The class with the widest ethical-requirement pipeline.

The harm classes · NIST AI 100-1

Three classes of harm, named the way regulators name them.

The National Institute of Standards and Technology (NIST) AI Risk Management Framework groups AI harms into three top-level classes. We anchor the safety lens to those classes so the controls we fit map cleanly to ethical requirements, AI Controls Matrix (AICM) domains, and the EU AI Act risk tier each class typically lands at.

Harm to People

Harms experienced by individuals, groups, communities, or society — civil liberties, rights, physical and psychological safety, economic opportunity, equal access. Includes group harms (discrimination, exclusion) and societal harms (erosion of democratic processes, harm to vulnerable populations).

  • Discriminatory model output (group harm)
  • Manipulated content that targets a person psychologically
  • Denial of access to credit, housing, employment
  • Erosion of an information ecosystem (societal harm)
Fairness & bias testingHuman oversightTransparency & explainabilityContestability

AICM domains: MDS · DSP · GRC · HRS

EU AI Act tier: High risk

Harm to an Organization

Harms to an organization — operational disruption, reputational damage, security and financial loss — caused by AI systems behaving unexpectedly, leaking data, or being weaponised against the organization itself.

  • Brand and trust damage from an AI-driven incident
  • Data exfiltration through prompt injection
  • Operational disruption when an AI agent acts outside its mandate
  • Compliance failure traced to an unaccountable AI output
Human oversightTransparency & explainability

AICM domains: MDS · AIS · LOG · IAM · SEF

EU AI Act tier: Limited risk

Harm to an Ecosystem

Harms to the interconnected systems on which society depends — the global financial system, supply chains, critical infrastructure, the natural environment. Includes Environmental harm: AI training and inference are energy-intensive, and at scale they contribute to carbon and water footprint, e-waste, and resource depletion.

  • Critical-infrastructure disruption from chained AI agents
  • Environmental footprint of large-model training and inference
  • Supply-chain compromise via a poisoned upstream model
  • Systemic risk in a market when many actors use the same model
Human oversightTransparency & explainability

AICM domains: STA · BCR · CCC · TVM

EU AI Act tier: High risk

Harm classEU AI Act tierPrimary requirements
Harm to PeopleHigh riskFairness & bias testing · Human oversight · Transparency & explainability · Contestability
Harm to an OrganizationLimited riskHuman oversight · Transparency & explainability
Harm to an EcosystemHigh riskHuman oversight · Transparency & explainability

The safety control spine

Seven families, harm-anchored.

A lens over the existing 18 AICM domains, not a new partition. Each family names where in the control stack a harm class is mitigated, the AICM domain its controls land in, and the standards hook a Chief Information Security Officer (CISO) is asked to evidence.

01

Output & Decision Safety

Block harmful or unsafe model outputs — hate, violence, self-harm, CSAM, illegal advice, hallucinations in high-impact decisions.

AICM MDS
  • EU AI Act: Art. 5 (prohibited practices)
  • NIST AI RMF: MEASURE-2.6 / MEASURE-2.7
02

Bias & Fairness

Detect and mitigate discriminatory or skewed model behaviour against groups defined by protected attributes.

AICM MDSAICM GRC
  • EU AI Act: Art. 10 (data governance)
  • NIST AI RMF: MEASURE-2.11
03

Transparency & Explainability

Make model behaviour legible to operators, users, and regulators — model cards, attribution, AI-interaction disclosure.

AICM GRC
  • EU AI Act: Art. 13 (transparency) · Art. 50 (AI disclosure)
  • NIST AI RMF: GOVERN-1.2 / MEASURE-2.8
04

Human Oversight & Contestability

Keep humans in the loop on high-impact decisions and give affected people a route to challenge an AI outcome.

AICM GRC
  • EU AI Act: Art. 14 (human oversight) · Art. 22-link (automated-decision rights)
  • NIST AI RMF: MANAGE-2.3
05

Agentic & Action Safety

Bound agent autonomy and tool scopes; gate irreversible actions; detect cascading or feedback-loop behaviour. The autonomy frontier — ties to the AI-CMM ladder.

AICM MDSAICM IAM
  • NIST AI RMF: MANAGE-2.4
  • OWASP LLM Top 10 (2025): LLM06 — Excessive Agency
06

Safety Evaluation & Benchmarking

Pre-deploy safety assurance — run a benchmark suite + harm-focused red-team and gate releases on the result.

AICM TVMAICM MDS
  • NIST AI RMF: MEASURE-2.5 / 2.7 / 2.9
07

Runtime Safety Monitoring

Detect harm over time — behavioural and safety drift, guardrail efficacy in production, harm-incident response.

AICM LOGAICM BCR
  • NIST AI RMF: MANAGE-4.1

See also

The measured proof, the skills that power the fix, and where this sits on the maturity model each have their own home, so they are linked, not repeated:

Honesty & attribution

XL-SafetyBench by AIM Intelligence (with Microsoft, Korea AI Safety Institute, KT) — eval code Apache-2.0, dataset CC BY 4.0. Used with attribution. Guardian/RepBend licenses pending verification.

Harm-class taxonomy source — NIST AI Risk Management Framework 1.0 (NIST AI 100-1), 1.0 (January 2023).