Skip to main content

Changelog

All material changes to the knowledge base are documented here. Changes are version-controlled in the GitHub repository.

[1.4.0] — May 2026

Added — Agentic AI risk entries

Six new entries covering risks specific to agentic AI systems:

  • C6 — MCP Attack Surface — security risks from Model Context Protocol server integrations, supply chain compromise, and response injection (MITRE ATLAS v5.3–v5.4)
  • C7 — Multi-Agent Trust & Prompt Injection Chains — injection propagation through inter-agent trust relationships in multi-agent pipelines
  • C8 — Computer-Use Agent Hijacking — visual prompt injection attacks against agents that operate browsers and desktop interfaces
  • F4 — Irreversibility & Scope Creep in Autonomous Systems — irreversible actions and capability accumulation beyond intended scope (OWASP LLM06)
  • B5 — Agentic Logging & Auditability Gaps — forensic and regulatory logging requirements for agentic systems (EU AI Act Art. 12)
  • G5 — Excessive Agency & Uncontrolled Action Chains — enterprise-wide governance of autonomous agent capability (OWASP LLM06)

Updated — Existing entries (MITRE ATLAS v5.0–v5.6 and monitoring queue)

  • C2 — Prompt Injection — added MCP server data exfiltration technique (ATLAS v5.3), jailbreak documentation (ATLAS v5.6), new C2-006 MCP server trust boundary control
  • C4 — Deepfakes — added pet/animal scam incidents, AI-generated evidence fabrication cases, school harassment pattern, Aadhaar identity document fraud
  • C1 — Data Poisoning — added AI agent tool data poisoning (ATLAS v5.2/v5.4), poisoned MCP server supply chain technique (ATLAS v5.4)
  • C5 — AI-Enabled Cyber Attacks — added Generate Malicious Commands (ATLAS v5.2), Machine Compromise techniques (ATLAS v5.1/v5.4/v5.5)
  • B4 — Supply Chain — added AI Supply Chain Rug Pull, Reputation Inflation, and MCP server compromise (ATLAS v5.3–v5.5)
  • E3 — Misinformation — added AI-generated celebrity impersonation incidents, OpenAI covert influence operation disruptions, Meta coordinated inauthentic behaviour cases
  • E1 — Algorithmic Bias — added facial recognition wrongful arrest pattern with documentary source references
  • D3 — Intellectual Property — added AI-generated audiovisual content copyright reproduction case

Automation

  • Workflow 2 source-driven monitoring operational — weekly polling of 14+ sources with AI-assisted classification
  • Model updated to claude-sonnet-4-6

[1.3.0] — May 2026

Brand and domain

Design

  • Full visual re-skin: Playfair Display + DM Sans typography, amber accent, white background
  • New hero copy: "References explain the risks. This explains what to do."
  • Docusaurus upgraded 3.5.2 → 3.10.1

[1.2.0] — May 2026

Structure

  • Layer 1 heading renamed from "Executive card" to "Start here" across all 26 entries — the previous name implied a single audience and excluded everyone who wasn't a board member
  • Schema reference updated to reflect new heading name

New content

  • Everyday tab added to three entries linked from the Fork everyday track:
    • A1 — Hallucination: plain language explanation of AI confident wrong answers, safe vs risky use patterns, link to Fork hallucination scenario
    • C4 — Deepfakes: plain language explanation of voice cloning scams, out-of-band verification, Scamwatch reporting, link to Fork deepfake scenario
    • E1 — Algorithmic Bias: plain language explanation of AI in hiring decisions, right to ask for reasons, link to Fork employment scenario
  • These tabs are written in public voice with no jargon, framework codes, or practitioner vocabulary

Fork everyday track connection

  • A1, C4, and E1 entries now cross-link with the Fork everyday scenario app
  • The Everyday tabs provide the knowledge base entry point for non-practitioner readers arriving from shared Fork scenario cards

[1.1.0] — April 2026

Content

  • Completed all 26 risk entries — 9 additional entries fully drafted to L3+L4 depth (A2, A3, A4, B2, B3, B4, E2, E3, G2)
  • All 26 entries now complete across all four layers
  • AI Risk Training Module launched — all 26 interactive scenarios live, one per KB entry
  • Training links added to all 26 entries (▶ Play this scenario)

Training module

  • 26 choose-your-own-adventure scenarios across all 7 domains
  • Four personas per scenario (Executive, Project Manager, Analyst, Business User); three personas for C1, C2, C3
  • Total training content: approximately 2–3 hours
  • Scenarios grounded in real documented incidents with verified facts

[1.0.0] — March 2026

Initial public release.

Content

  • 17 risk entries across 7 domains (A through G)
  • All four layers drafted for all entries
  • Persona-specific hooks (executive, project manager, security analyst) for all entries
  • Controls summary with owner, effort, and definition of done for all entries
  • Technical implementation with code examples for all entries
  • Scenario seeds for all entries

Verified claims

  • SafeRent settlement figure: $2.275M (court-approved, November 2024)
  • Arup deepfake incident: $25M loss, January 2024, finance worker (not engineer)
  • Waymo recall: 1,212 vehicles, May 2025, gates/chains/barriers (not "thin or suspended")
  • Workday lawsuit: filed 2023, Ninth Circuit ruling March 2025
  • EU AI Act high-risk effective date: August 2, 2026 (Annex III)
  • All EU AI Act effective dates confirmed against Article 113

Frameworks referenced

  • MIT AI Risk Repository v5 (December 2025)
  • NIST AI RMF 1.0 and AI 600-1
  • EU AI Act (Regulation 2024/1689)
  • ISO 42001:2023
  • OWASP LLM Top 10 (2025)
  • MITRE ATLAS
  • APRA CPS 230 (effective July 2025)
  • APRA CPS 234
  • Australian Privacy Act 1988

This is a living document. Updates are triggered by material new incidents, regulatory changes, or new authoritative framework publications. Review cadence: annually at minimum.