Skip to main content

Changelog

All material changes to the knowledge base are documented here. Changes are version-controlled in the GitHub repository.

[1.0.0] — March 2026

Initial public release.

Content

  • 17 risk entries across 7 domains (A through G)
  • All four layers drafted for all entries
  • Persona-specific hooks (executive, project manager, security analyst) for all entries
  • Controls summary with owner, effort, and definition of done for all entries
  • Technical implementation with code examples for all entries
  • Scenario seeds for all entries

Verified claims

  • SafeRent settlement figure: $2.275M (court-approved, November 2024)
  • Arup deepfake incident: $25M loss, January 2024, finance worker (not engineer)
  • Waymo recall: 1,212 vehicles, May 2025, gates/chains/barriers (not "thin or suspended")
  • Workday lawsuit: filed 2023, Ninth Circuit ruling March 2025
  • EU AI Act high-risk effective date: August 2, 2026 (Annex III)
  • All EU AI Act effective dates confirmed against Article 113

Frameworks referenced

  • MIT AI Risk Repository v5 (December 2025)
  • NIST AI RMF 1.0 and AI 600-1
  • EU AI Act (Regulation 2024/1689)
  • ISO 42001:2023
  • OWASP LLM Top 10 (2025)
  • MITRE ATLAS
  • APRA CPS 230 (effective July 2025)
  • APRA CPS 234
  • Australian Privacy Act 1988

This is a living document. Updates are triggered by material new incidents, regulatory changes, or new authoritative framework publications. Review cadence: annually at minimum.