Executive Summary
48
Final Score
75
S1 Intent
40
S2 Repo
25
S3 Code/Bio
30
S4 Replication
Policy Surface: default (authoritative_release, mirror_only)
Mirror-only policy surface: selected profile metadata is shown in this report, but authoritative scan scoring still follows deterministic runtime constants. Preview-only posture changes, including Stage 4 replication emphasis, do not change the formal score until a future read-through phase.
Audit Freshness
Review after: 45 days | Expires on: 2026-06-29
Change-triggered re-audit now: False
Change-triggered re-audit now: False
Notable Risks
Clinical-adjacent surfaces exist without an explicit non-diagnostic/non-clinical boundary.
Self-asserted compliance or privacy-governance claim requires independent verification.
Legal, privacy, or compliance claim appears without supporting governance or security-grounding evidence in reviewed repository sources.
Core workflow appears materially dependent on named external service providers; local or self-host claims may overstate operational independence.
C2_dependency_pinning: WARN
C4_exception_handling_clinical_adjacent_paths: WARN
Score Matrix
Stage 1 — README Intent75
Stage 2R — Repo Consistency40
Stage 3 — Code / Bio25
Stage 4 — Replication30
Final = 0.4 × S1 + 0.2 × S2R + 0.4 × S3 − C1_penalty | T0 floor: max 39/100
Code Integrity & Contract
C1 Hardcoded Credentials
PASS
No direct credential patterns detected by local CLI scan.
⌄
C2 Dependency Pinning
WARN
External operational dependency signal surfaced in code-integrity lane.
⌄
C3 Dead Or Deprecated Patient Adjacent Paths
PASS
No deprecated patient-adjacent metadata patterns detected.
⌄
C4 Exception Handling Clinical Adjacent Paths
WARN
Unsupported legal/compliance claim surfaced in boundary-integrity lane.
⌄
Cc1 Clinical Zero Default
PASS
count=0
⌄
Cc2 Api Contract
PASS
count=0
⌄
Cc3 Shallow Validator
PASS
count=0
⌄
MIT AI Risk Repository Coverage V4_03 | airisk.mit.edu
8 / 32
risks in scope
Risks addressed by STEM-BIO-AI detectors across the AIRI V4 curated runtime bundle. Click a domain card to filter. Toggle covered/gaps.
Bundle scope: curated_medical_clinical_subset | snapshot: 2026-04-23 | license: MIT
Derived from The AI Risk Repository V4_03. Original source remains MIT-licensed and must be attributed in README, docs, runtime artifacts, and local registry metadata.
1Discrimination & Toxicity0
2Privacy & Security1
3Misinformation1
4Malicious Actors & Misuse0
5Human-Computer Interaction1
6Socioeconomic & Environmental1
7AI System Safety, Failures & Limitations4
Click a domain to filter
| ID | Risk | Domain | Covered by / Note |
|---|---|---|---|
| 24.01.03 | Safe exploration problem with widely deployed AI assist | Lack of capability or robustness | C4_exception_handling_clinical_adjacent_paths |
| 24.04.01 | Physical and Psychological Harms | Overreliance and unsafe use | C2_dependency_pinning |
| 33.01.05 | Privacy and security | Compromise of privacy / PII leak | C2_dependency_pinning |
| 39.25.00 | Verifiability | Lack of transparency or interpre | S1_R2_unsupported_legal_or_compliance_claim |
| 60.02.01 | Reliability issues | Lack of capability or robustness | R2R_D5_single_external_service_dependency, C4_exception_handling_ |
| 69.01.00 | False information | False or misleading information | S1_R2_unsupported_legal_or_compliance_claim |
| 70.01.02 | Accidental harm | Lack of capability or robustness | C4_exception_handling_clinical_adjacent_paths |
| 72.04.02 | Market Concentration and Infrastructure Dependencies: | R2R_D5_single_external_service_dependency | |
| 65.03.03 | Reidentification | 2.1 | CC-3 catches shallow validators; dedicated reidentify() API expos |
| 70.02.02 | Misinformation — hallucination of clinical knowledge | 3.1 | CC-1 catches threshold=0.0 default; actual output-level hallucina |
| 39.25.00 | Verifiability — black-box AI in medical healthcare | 7.4 | B2 detects surface language only; Model Card / interpretability a |
| 11.02.00 | Allocative Harms — withheld resources in healthcare | 1.1 | Subgroup performance disparities require dynamic evaluation; outs |
| 72.04.02 | Market Concentration — healthcare single-point failures | 6.1 | Systemic risk beyond single-repository scope. |
Evidence Detail
All (97) FAIL WARN PASS INFO
| SEV | Detector | Finding | File | |
|---|---|---|---|---|
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:2:001', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:2:002', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:3:003', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:3:004', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:4:005', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:4:006', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:5:007', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:5:008', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:8:009', 'detector': 'S1_readme_bio_terms', ' | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:10:010', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:14:011', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:16:012', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:16:013', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:18:014', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:20:015', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:22:016', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:25:017', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:26:018', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:35:019', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:38:020', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:38:021', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:44:022', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:50:023', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:68:024', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:69:025', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:165:026', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:167:027', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:216:028', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:218:029', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:222:030', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:227:031', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:228:032', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:243:033', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:260:034', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:279:035', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:279:036', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_readme_bio_terms | {'finding_id': 'S1_readme_bio_terms:README.md:296:037', 'detector': 'S1_readme_bio_terms', | README.md | |
| INFO | S1_clinical_boundary | {'finding_id': 'S1_clinical_boundary:.:0:001', 'detector': 'S1_clinical_boundary', 'detect | . | |
| INFO | S1_H1_clinical_certainty_hype | {'finding_id': 'S1_H1_clinical_certainty_hype:.:0:001', 'detector': 'S1_H1_clinical_certai | . | |
| INFO | S1_H2_regulatory_approval_hype | {'finding_id': 'S1_H2_regulatory_approval_hype:.:0:001', 'detector': 'S1_H2_regulatory_app | . | |
| INFO | S1_H3_autonomous_replacement_hyp | {'finding_id': 'S1_H3_autonomous_replacement_hype:.:0:001', 'detector': 'S1_H3_autonomous_ | . | |
| INFO | S1_H4_breakthrough_marketing_hyp | {'finding_id': 'S1_H4_breakthrough_marketing_hype:.:0:001', 'detector': 'S1_H4_breakthroug | . | |
| INFO | S1_H5_universal_generalization_h | {'finding_id': 'S1_H5_universal_generalization_hype:.:0:001', 'detector': 'S1_H5_universal | . | |
| INFO | S1_H6_perfect_accuracy_hype | {'finding_id': 'S1_H6_perfect_accuracy_hype:.:0:001', 'detector': 'S1_H6_perfect_accuracy_ | . | |
| INFO | S1_R1_limitations_section | {'finding_id': 'S1_R1_limitations_section:.:0:001', 'detector': 'S1_R1_limitations_section | . | |
| INFO | S1_R2_regulatory_framework | {'finding_id': 'S1_R2_regulatory_framework:.:0:001', 'detector': 'S1_R2_regulatory_framewo | . | |
| INFO | S1_R2_weak_regulatory_self_asser | {'finding_id': 'S1_R2_weak_regulatory_self_assertion:README.md:262:001', 'detector': 'S1_R | README.md | |
| WARN | S1_R2_unsupported_legal_or_compl | {'finding_id': 'S1_R2_unsupported_legal_or_compliance_claim:README.md:262:001', 'detector' | README.md | |
| INFO | S1_R4_demographic_bias_boundary | {'finding_id': 'S1_R4_demographic_bias_boundary:.:0:001', 'detector': 'S1_R4_demographic_b | . | |
| INFO | S1_R5_reproducibility_provisions | {'finding_id': 'S1_R5_reproducibility_provisions:.:0:001', 'detector': 'S1_R5_reproducibil | . | |
| INFO | S3_T1_workflow_files | {'finding_id': 'S3_T1_workflow_files:.:0:001', 'detector': 'S3_T1_workflow_files', 'detect | . | |
| INFO | S3_T2_domain_tests | {'finding_id': 'S3_T2_domain_tests:.:0:001', 'detector': 'S3_T2_domain_tests', 'detector_v | . | |
| INFO | S3_T3_changelog_release_hygiene | {'finding_id': 'S3_T3_changelog_release_hygiene:.:0:001', 'detector': 'S3_T3_changelog_rel | . | |
| INFO | S3_T3_changelog_bugfix_evidence | {'finding_id': 'S3_T3_changelog_bugfix_evidence:.:0:001', 'detector': 'S3_T3_changelog_bug | . | |
| INFO | S3_B1_dependency_manifest | {'finding_id': 'S3_B1_dependency_manifest:package-lock.json:0:001', 'detector': 'S3_B1_dep | package-lock.json | |
| INFO | S3_B1_dependency_manifest | {'finding_id': 'S3_B1_dependency_manifest:package.json:0:001', 'detector': 'S3_B1_dependen | package.json | |
| INFO | S3_B1_dependency_manifest | {'finding_id': 'S3_B1_dependency_manifest:pnpm-lock.yaml:0:001', 'detector': 'S3_B1_depend | pnpm-lock.yaml | |
| INFO | S3_B1_data_source_language | {'finding_id': 'S3_B1_data_source_language:README.md:22:001', 'detector': 'S3_B1_data_sour | README.md | |
| INFO | S3_B1_data_source_language | {'finding_id': 'S3_B1_data_source_language:README.md:35:002', 'detector': 'S3_B1_data_sour | README.md | |
| INFO | S3_B2_bias_limitations | {'finding_id': 'S3_B2_bias_limitations:.:0:001', 'detector': 'S3_B2_bias_limitations', 'de | . | |
| INFO | S3_B2_measurement_evidence | {'finding_id': 'S3_B2_measurement_evidence:.:0:001', 'detector': 'S3_B2_measurement_eviden | . | |
| INFO | S3_B3_coi_funding | {'finding_id': 'S3_B3_coi_funding:README.md:281:001', 'detector': 'S3_B3_coi_funding', 'de | README.md | |
| INFO | S2_package_bio_terms | {'finding_id': 'S2_package_bio_terms:package.json:2:001', 'detector': 'S2_package_bio_term | package.json | |
| INFO | S2_package_bio_terms | {'finding_id': 'S2_package_bio_terms:package.json:5:002', 'detector': 'S2_package_bio_term | package.json | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:.env.example:24:001', 'detector' | .env.example | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:.env.example:38:002', 'detector' | .env.example | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:README.md:23:001', 'detector': ' | README.md | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:README.md:60:002', 'detector': ' | README.md | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:README.md:61:003', 'detector': ' | README.md | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:README.md:48:004', 'detector': ' | README.md | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:README.md:50:005', 'detector': ' | README.md | |
| WARN | R2R_D5_single_external_service_d | {'finding_id': 'R2R_D5_single_external_service_dependency:README.md:51:006', 'detector': ' | README.md | |
| INFO | C1_hardcoded_credentials | {'finding_id': 'C1_hardcoded_credentials:.:0:001', 'detector': 'C1_hardcoded_credentials', | . | |
| INFO | C2_dependency_pinning | {'finding_id': 'C2_dependency_pinning:.:0:001', 'detector': 'C2_dependency_pinning', 'dete | . | |
| INFO | C3_dead_or_deprecated_patient_ad | {'finding_id': 'C3_dead_or_deprecated_patient_adjacent_paths:.:0:001', 'detector': 'C3_dea | . | |
| INFO | C4_exception_handling_clinical_a | {'finding_id': 'C4_exception_handling_clinical_adjacent_paths:.:0:001', 'detector': 'C4_ex | . | |
| INFO | BIO_smiles_surface_integrity | {'finding_id': 'BIO_smiles_surface_integrity:.:0:001', 'detector': 'BIO_smiles_surface_int | . | |
| INFO | BIO_smiles_rdkit_validation | {'finding_id': 'BIO_smiles_rdkit_validation:.:0:001', 'detector': 'BIO_smiles_rdkit_valida | . | |
| INFO | BIO_smiles_parser_guard | {'finding_id': 'BIO_smiles_parser_guard:.:0:001', 'detector': 'BIO_smiles_parser_guard', ' | . | |
| INFO | BIO_silent_mock_fallback | {'finding_id': 'BIO_silent_mock_fallback:.:0:001', 'detector': 'BIO_silent_mock_fallback', | . | |
| INFO | BIO_trace_manifest | {'finding_id': 'BIO_trace_manifest:.:0:001', 'detector': 'BIO_trace_manifest', 'detector_v | . | |
| INFO | BIO_run_trace | {'finding_id': 'BIO_run_trace:.:0:001', 'detector': 'BIO_run_trace', 'detector_version': ' | . | |
| INFO | S4_container_environment | {'finding_id': 'S4_container_environment:Dockerfile:0:001', 'detector': 'S4_container_envi | Dockerfile | |
| INFO | S4_make_reproduce_target | {'finding_id': 'S4_make_reproduce_target:.:0:001', 'detector': 'S4_make_reproduce_target', | . | |
| INFO | S4_environment_lock_evidence | {'finding_id': 'S4_environment_lock_evidence:package-lock.json:0:001', 'detector': 'S4_env | package-lock.json | |
| INFO | S4_environment_lock_evidence | {'finding_id': 'S4_environment_lock_evidence:pnpm-lock.yaml:0:001', 'detector': 'S4_enviro | pnpm-lock.yaml | |
| INFO | S4_exact_dependency_pins_or_hash | {'finding_id': 'S4_exact_dependency_pins_or_hashes:package-lock.json:0:001', 'detector': ' | package-lock.json | |
| INFO | S4_exact_dependency_pins_or_hash | {'finding_id': 'S4_exact_dependency_pins_or_hashes:pnpm-lock.yaml:0:001', 'detector': 'S4_ | pnpm-lock.yaml | |
| INFO | S4_readme_reproducibility_sectio | {'finding_id': 'S4_readme_reproducibility_section:.:0:001', 'detector': 'S4_readme_reprodu | . | |
| INFO | S4_checksum_files | {'finding_id': 'S4_checksum_files:.:0:001', 'detector': 'S4_checksum_files', 'detector_ver | . | |
| INFO | S4_dataset_url | {'finding_id': 'S4_dataset_url:.:0:001', 'detector': 'S4_dataset_url', 'detector_version': | . | |
| INFO | S4_model_weight_url_or_checksum | {'finding_id': 'S4_model_weight_url_or_checksum:.:0:001', 'detector': 'S4_model_weight_url | . | |
| INFO | S4_citation_cff | {'finding_id': 'S4_citation_cff:.:0:001', 'detector': 'S4_citation_cff', 'detector_version | . | |
| INFO | S4_license_restriction | {'finding_id': 'S4_license_restriction:.:0:001', 'detector': 'S4_license_restriction', 'de | . | |
| INFO | S4_cli_entrypoint | {'finding_id': 'S4_cli_entrypoint:.:0:001', 'detector': 'S4_cli_entrypoint', 'detector_ver | . | |
| INFO | S4_seed_setting | {'finding_id': 'S4_seed_setting:.:0:001', 'detector': 'S4_seed_setting', 'detector_version | . | |
| INFO | S4_runnable_examples | {'finding_id': 'S4_runnable_examples:.:0:001', 'detector': 'S4_runnable_examples', 'detect | . |