Introduction

This section describes AVID's taxonomy framework as part of AVID's broader taxonomy library. AVID's primary focus is the database of GPAI failure evidence, while taxonomies are used to classify and query those records.

The AVID taxonomy is intended to serve as a common foundation for AI engineering, product, and policy teams to manage potential risks at different stages of a GPAI workflow. In spirit, this taxonomy is analogous to MITRE ATT&CK for cybersecurity vulnerabilities, and MITRE ATLAS for adversarial attacks on ML systems.

At a high level, the current AVID taxonomy consists of two views, intended to facilitate the work of two different user personas.

• Effect view: for the auditor persona aiming to assess risks for a GPAI system and its components.

• Lifecycle view: for the developer persona aiming to build an end-to-end GPAI system while being cognizant of potential risks.

Based on case-specific needs, people involved with building a GPAI system may need to operate as either of the above personas.

For machine-readability, taxonomies are shared using the standardized MISP format. This enables support for additional taxonomies in the AVID taxonomy library. See Schema to learn more.