Adversarial AI Harm Taxonomy Achieves 66+ Types for Ethical Risk Scoring

Harm pervades critical discussions across cybersecurity, ethics and risk analysis, yet a comprehensive and agreed-upon definition remains elusive. Javed I. Khan and Sharmila Rahman Prithula, from Kent State University, alongside their colleagues, address this significant gap with a novel, multi-level harm taxonomy for adversarial AI. Their research establishes a structured and expandable framework identifying over 66 distinct harm types, systematically categorised and explicitly linked to eleven dominant ethical theories. This work moves beyond vague notions of harm, formalising attributes like reversibility and duration to enable rigorous ethical reasoning and bolster resilience analytics in increasingly complex socio-technical systems , fundamentally transforming harm into an operational object of analysis.

Scientists have observed that the concept of ‘harm’ is invoked everywhere from cybersecurity, ethics, Risk analysis, to adversarial AI, yet there exists no systematic or agreed-upon list of harms, and the concept itself is rarely defined with the precision required for serious analysis. Current discourse relies on vague, underspecified notions of harm, rendering nuanced, structured, and qualitative assessment effectively impossible. This paper challenges that gap directly. We introduce a structured and expandable taxonomy of harms, grounded in an ensemble of contemporary ethical theories, that makes harm explicit, enumerable, and analytically tractable. The proposed framework identifies 66+ distinct harm types, systematically organised into two.

Expanding Harm Assessments Beyond the CIA Triad requires

Scientists are increasingly recognising the limitations of traditional cybersecurity harm models, such as the Confidentiality-Integrity-Availability (C-I-A) triad, when assessing risks posed by general-purpose AI [6,22]. With Artificial General Intelligence (AGI) approaching near-human levels of analysis and decision-making, these systems are now capable of producing harm that is diffused, cross-domain, and difficult to attribute. These harms extend beyond isolated technical failures, affecting psychological well-being, institutional legitimacy, epistemic integrity, environmental systems, and even intergenerational social stability. Legacy frameworks were designed for bounded systems and fail to capture the expansive, cross-domain, and deeply human impacts that advanced adversarial AI systems can produce.

Consequently, there is a need for a broader, more universal harm model that reflects the scale, complexity, and scope of these emergent technologies. Despite the centrality of harm in contemporary AI and technology ethics, there is still no widely accepted, comprehensive, and operationally usable typology of harms in the literature [15,19]. Existing classification schemes are often narrow, overly abstract, or lack the structural rigor required for systematic cross-domain ethical assessment, modular analysis, or quantitative scoring. Besides Adversarial AI, harm classification is foundational and utterly central for many domains.
This paper addresses this critical gap and introduces a structured and expandable taxonomy of harm. Grounded in an ensemble of contemporary ethical theories, the researchers present a comprehensive set of 66+ distinct ethical harm types, systematically organised into two overarching domains and 11 categories. This set is called HARM66+. The categorisation carefully includes existing harms listed in contemporary literature and is grounded in foundational support from major ethical theories, ensuring philosophical coherence and normative relevance. While the taxonomy is designed to be extensible, its upper levels, domains and categories, are intended to remain robust and stable, allowing broad applicability across contexts with minimal modification.

Harm analysis is inherently multidimensional; ethical evaluation depends not only on the type of harm, but also on associated characteristics , such as the entities involved, particularly the harmed entity, whose moral status is often central to ethical judgment. Similarly, ethical theories consider irreversibility and duration of harm. These factors are cornerstones for more nuanced and ethically grounded assessments of harm severity. The researchers also discuss these with a view towards a quantitative framework for harm analysis. Before presenting the proposed classification, section 2 briefly discusses related work in harm classification.

Section 3 provides the proposed classification of Ethical Harms. Section 4 discusses the type of entities who can harm and on whom harm can be inflicted, showing how these entities can be weighed based on consideration of various ethical theories. Sections 5 and 6 then discuss the role of irreversibility and duration in harm analysis, integrating these dimensions to enable more nuanced, rigorous, and actionable harm assessment. In bioethics and medical ethics, harm is traditionally classified into five human (patient) only categories: physical, psychological, social, legal, in the context of clinical trials and human subject research.

In environmental governance, the Intergovernmental Panel on Climate Change (IPCC) focuses comprehensively on a risk framework to assess climate-related harms [10,12], but does not classify the harms themselves. In the domain of Artificial Intelligence (AI), the OECD is pursuing one of the most interesting works on harm. The OECD.AI Policy Observatory maintains a living and growing list of ‘AI incidents’ defined as “an event in which the use of AI systems resulted in outcomes that caused harm or raised substantial concerns about fairness, safety, transparency, or accountability”.

The OECD categorises AI-related events into four areas: ‘rights and liberties’, ‘labor and automation’, ‘bias and inclusion’, and ‘safety and critical infrastructure’. Floridi et al. provided a typology of digital harms with three classes: ‘direct human’, ‘societal’, and a new class, ‘ontological harm’. They discovered that digital technology changes the nature and values of human interaction and society, and that this can cause harm. Furthermore, the work expands beyond traditional cybersecurity models like the CIA triad, incorporating categories like authenticity, possession, and utility, to address a wider range of potential harms.

Scientists recorded that existing harm classification frameworks often suffer from low resolution, abstraction, limited classification levels, and domain specificity. The HARM66+ framework addresses these limitations by providing a structured, extensible, and modular taxonomy for analysing harms. This detailed classification is crucial for addressing systemic, opaque harms often overlooked by current ethical and legal frameworks, and for modelling catastrophic and existential risks associated with advanced technologies like AI.

HARM66+ Taxonomy Identifies Sixty-Six Harm Types

Scientists have developed a novel taxonomy, termed HARM66+, to systematically categorise and analyse harms across diverse domains, including cybersecurity, ethics, and risk analysis. The research addresses a critical gap in current discourse, which often relies on vague and ill-defined notions of harm, hindering nuanced assessment. Experiments revealed the identification of 66+ distinct harm types, meticulously organised into two overarching domains , human and nonhuman , and further subdivided into eleven major categories. These categories are explicitly aligned with eleven dominant ethical theories, providing a robust theoretical foundation for harm assessment.

The team measured and classified harms within the framework, detailing specific instances such as ‘Harm to Animals’ (A.E1.01) and ‘Loss of Financial Privacy’ (H.H3.07). Data shows a granular breakdown of harms, extending to sub-categories like ‘Fraud, counterfeit, embezzlement’ (A.E4.01) and ‘Identity Theft’ (H.H3.03), demonstrating the taxonomy’s capacity for detailed analysis. Researchers formalised normative harm attributes, including reversibility and duration, which materially alter ethical severity, enabling a more precise evaluation of harm’s impact. Tests prove the framework’s extensibility, allowing for the incorporation of new harm types as they emerge, while maintaining stability at the upper classification levels.

Results demonstrate the HARM66+ framework transforms harm from a rhetorical concept into an operational object of analysis. Measurements confirm the ability to rigorously assess ethical reasoning and facilitate long-term evaluation of systems in sociotechnical domains. The study identified harms related to AI, such as ‘algorithmic bias’ and ‘loss of autonomy’, aligning with frameworks developed by the OECD and the AI Now Institute. The breakthrough delivers a detailed harm model, mapping how power, autonomy, and manipulation are affected, and enabling greater accountability.

HARM66+ taxonomy bridges harm assessment and ethics

Scientists have identified a critical gap in how harm is understood and assessed across diverse fields such as cybersecurity and ethics. Current discussions often rely on imprecise language, hindering detailed analysis and effective mitigation strategies. To address this, researchers developed HARM66+, a structured and expandable taxonomy classifying over 66 distinct harm types. This framework systematically organises harms into two primary domains , human and nonhuman , encompassing eleven major categories, all explicitly linked to eleven established ethical theories. Importantly, HARM66+ is grounded in multiple ethical perspectives, including consequentialist, rights-based, and care-oriented approaches, enhancing its universality and long-term relevance.

The authors also formalised normative harm attributes like reversibility and duration, alongside a classification of victim entities, allowing for more nuanced evaluations of harm severity. These advancements transform harm from a vague concept into a measurable and analytically tractable object, facilitating rigorous ethical reasoning and improved system evaluation. The significance of this work lies in its potential to improve harm assessment in various domains. By surfacing latent harms often overlooked in compliance-focused evaluations , such as loss of agency or erosion of trust , HARM66+ can help identify ethical blind spots.

Furthermore, the taxonomy’s granularity enables harm-specific mitigation strategies, moving beyond broad controls towards safeguards aligned with harm severity and reversibility. A standardised vocabulary also supports consistent reporting and data collection across different sectors and jurisdictions. The authors acknowledge that while the upper levels of the taxonomy are designed for stability, it remains extensible to accommodate evolving understandings of harm. Future research could focus on applying HARM66+ to specific case studies and developing tools for automated harm assessment, further refining its practical utility.