I. AI & Automation (1–20)
- AI being exploited for large-scale cyber attacks
- AI exceeding human oversight capabilities
- AI models being poisoned with malicious training data
- Prompt-injection attacks on enterprise AI systems
- AI impersonating internal user identities
- AI evading traditional detection systems
- Abuse of autonomous AI agents
- Data leakage from generative AI models
- Loss of control over AI-driven automated decisions
- Lack of AI decision explainability
- AI-generated deepfakes that are hard to detect
- AI-driven manipulation of human perception
- Attacks on the AI supply chain
- Risks from open-source AI models
- AI learning biased or malicious patterns
- Overreliance on AI-based security systems
- AI systems being hijacked
- Cascading failures across interconnected AI systems
- Theft of AI model weights or architectures
- AI disrupting existing security models
II. Digital Identity & Privacy (21–40)
- Biometric identity theft
- Exposure of immutable biological data
- Exploitation of passwordless authentication
- Voice and facial deepfake impersonation
- Lifetime digital footprint exposure
- Risks in decentralized identity (DID) systems
- Trusted-device impersonation
- Leakage of personal health data
- Unauthorized tracking via wearable devices
- Abuse of location data
- Large-scale covert data collection
- Lack of effective consent management
- Loss of privacy in virtual environments
- Child digital identity theft
- Genetic data exposure
- Re-identification through aggregated data
- Abuse of data for social scoring systems
- Loss of true anonymity
- Cross-border data-sharing risks
- Privacy laws failing to keep pace with technology
III. Cloud, Data & Digital Infrastructure (41–60)
- Automated cloud misconfigurations
- Multi-cloud attack surfaces
- Serverless security gaps
- Rapidly expanding but weakly protected APIs
- Data leakage from data lakes
- Backup system poisoning
- Cloud vendor dependency risks
- Lack of control over distributed data
- Edge-computing security risks
- Metadata exposure
- National digital infrastructure outages
- Large-scale software update failures
- CI/CD pipeline attacks
- Open-source software risks
- Poor environment separation
- Weak encryption key management
- Excessive data retention
- Inadequate disaster recovery capabilities
- Lack of real-time monitoring
- Overly complex architectures beyond control
IV. IoT, OT & Cyber-Physical Systems (61–75)
- Unpatched IoT devices
- Insecure IoT supply chains
- Industrial control system (OT) attacks
- Compromised connected medical devices
- Smart grid manipulation
- Smart water system attacks
- Autonomous vehicle interference
- Service robot hijacking
- Environmental sensor manipulation
- Lack of IoT security standards
- Combined physical–digital attacks
- Legacy device update limitations
- Smart city security risks
- Unauthorized physical surveillance
- Unsafe system integrations
V. Human, Social & Existential Risks (76–100)
- Automated social engineering
- Sophisticated multi-channel fraud
- AI-driven disinformation campaigns
- Loss of trust in data and truth
- Attacks on digital election systems
- Education data breaches
- Healthcare system cyber attacks
- Excessive dependence on technology
- Poor user cybersecurity awareness
- Weak security culture
- Cross-border legal conflicts
- Reputation attacks on individuals or organizations
- Abuse of mass surveillance
- Ethical risks of AI
- Attacks on knowledge platforms
- Inability to verify information sources
- Risks from digital nation-states
- Global supply-chain cyber risks
- Difficulty assigning accountability for incidents
- Lack of international security standards
- Digital civilization collapse risks
- Loss of personal digital autonomy
- Loss of control over autonomous systems
- Dependence on monopolistic digital infrastructure
- Risks arising from humanity’s dependence on digital technology
