中文
AI Risk Mapv3.1 · Hazards × Trigger Forces
Risk = Where it breaks×What sets it off
3 layers · 3 trigger forces · 16 elements · 51 underlying risks
👆 Click any element pill or force arc to drill into its risks
❶ ⚔️ Indirect injection: poisoned page → ⑭ pipeline → ⑥ memory → ⑧ tools — one chain through three layers
❷ 🔥 Replit DB wipe: ⑤ goal misfire → ⑦ loops → ⑧ tools — no attacker, it blew up on its own
❸ ⚖️ Fairness mandate → ①.1 bias: the hazard was always there — regulation turns it into a fine
Rays = one loss event (may cross layers) · Arcs = trigger forces · Rings = where the hazard lives · Click a card to light its ray
Full Inventory · 16 elements × 51 underlying risksEvery row opens details · Forces: ⚔️Attack 🔥Operations ⚖️Regulatory
⚔️ Attack
🔥 Operations
⚖️ Regulatory
🔵 Model
🟢 Agent
⚪ App
Matched 51
No matches — try a shorter keyword, or clear the force filters above.
The 3×3 Grid · Proof the Architecture HoldsA real incident in every cell — none empty
|
🔵 Model |
🟢 Agent |
⚪ App |
| ⚔️ Attack |
Jailbreaks · adversarial perturbation · poisoningthe act goes to the force; the residue lives in ① |
Indirect injection → tool abusechain: ⑭ → ⑥ → ⑧ |
Classic vulns · malicious extensions⑮.1 = the supply-chain entry |
| 🔥 Operations |
Hallucination meets customer · model driftAir Canada: ③④ through ⑬ |
Runaway money-burning loopsReplit: ⑤⑦⑧ · no attacker |
Misconfiguration · integration failure⑮.2 dependency death · ⑯.1 no rollback |
| ⚖️ Regulatory |
Fairness mandates → ① biasturns standing hazards into fines |
Human-oversight clauses → ⑤⑦caps on autonomy |
Data protection law → ⑭PDPA / GDPR |
Four Rules of Use
1 · Layers hold states; forces hold acts'Data poisoning' must be split: the act = ⚔️ Attack force; the residue = ① Model layer. Break this rule and the architecture contradicts itself.
2 · Events are paths, not pointsMulti-layer incidents list the primary layer first. Indirect injection crosses three layers — draw it as a piercing ray.
3 · No time axis on this map'Planted at install, detonated at runtime' needs a timeline — annotate phases separately rather than pretend this map covers it.
4 · Layers can degenerateDeployments without an agent loop leave the middle ring empty — the map still works (Air Canada is exactly that).
Where does your AI system land on this map?
AgentSure Quantify — tests all 51 hazards and hands you a report you can show your board and your insurer.