R0043/2026-04-01/Q003/SRC03
Standardized AI threat taxonomy bridging technical and business language
Source
| Field |
Value |
| Title |
Standardized Threat Taxonomy for AI Security, Governance, and Regulatory Compliance |
| Publisher |
arXiv |
| Author(s) |
Hernan Huwyler |
| Date |
November 2025 |
| URL |
https://arxiv.org/html/2511.21901 |
| Type |
Research paper |
Summary
| Dimension |
Rating |
| Reliability |
Medium-High |
| Relevance |
Medium |
| Bias: Missing data |
Some concerns |
| Bias: Measurement |
N/A |
| Bias: Selective reporting |
Some concerns |
| Bias: Randomization |
N/A -- not an RCT |
| Bias: Protocol deviation |
N/A -- not an RCT |
| Bias: COI/Funding |
Some concerns |
Rationale
| Dimension |
Rationale |
| Reliability |
Published on arXiv; author affiliated with IE Business School and Capgemini Invent |
| Relevance |
Attempts cross-domain taxonomy but does not include sycophancy |
| Bias flags |
Author affiliated with consulting firm (Capgemini) that provides AI governance services |
| Evidence ID |
Summary |
| SRC03-E01 |
9-domain, 53-threat taxonomy that bridges technical and business language but excludes sycophancy |