Catalogue of Tools & Metrics for Trustworthy AI

These tools and metrics are designed to help AI actors develop and use trustworthy AI systems and applications that respect human rights and are fair, transparent, explainable, robust, secure and safe.

Overview Tools Metrics About the catalogue

Project GuardRail

Website

Github

AI/ML applications have unique security threats. Project GuardRail is a set of security and privacy requirements that AI/ML applications should meet during their design phase that serve as guardrails against these threats. These requirements help scope the threats such applications must be protected against. It consists of a baseline set required for all AI/ML applications, and two additional set of requirements that are specific to continuously learning models and user interacting models respectively. There are four additional questions that are specific to generative AI applications only.

The content of this library comes from a variety of frameworks, lists, and sources, both from academia and industry. We have performed several iterations to refine the library to accurately determine the scope and language of the questions.

For every application, security and privacy threat models are conducted as usual.

As shown in the diagram below, the "Questionnaire for Manual Threat Modeling" defines the library. The 53 threats (and 4 additional generative AI threats) are divided into three categories as shown.

All AI/ML applications must meet the 28 baseline requirements.
If an application is continuously learning, they must meet 6 additional requirements apart from baseline.
If they EITHER train on user data OR interact with users, they must meet 19 additional requirements apart from baseline.

Generative AI questions are differentiated and put into a separate group under each category if applicable.

About the tool

You can click on the links to see the associated tools

Developing organisation(s):

comcast

Tool type(s):

Rating framework
Documentation process
Checklist

Objective(s):

Privacy & Data Governance & Traceability
Robustness
Transparency

Purpose(s):

Event/anomaly detection
Reasoning with knowledge structures/planning

Country of origin:

United States

Lifecycle stage(s):

Build & interpret model
Collect & process data
Plan & design

Type of approach:

Technical
Procedural

Maturity:

Published document

Usage rights:

Creative commons

License:

Creative Commons Attribution Share Alike 4.0 International

Target groups:

Academia/educators/students
Private sector
Professionals

Target users:

All employees

Stakeholder group:

Academia
Business
Technical community

Benefits:

Increased quality results
Reduction in risk of failure
Responsible implementation

Geographical scope:

All countries

People involved:

Operations employees

Risk management stage(s):

Define scope, context, actors and criteria to evaluate

Technology platforms:

Platform neutral

Modify this tool

Use Cases

There is no use cases for this tool yet.

Would you like to submit a use case for this tool?

If you have used this tool, we would love to know more about your experience.

Add use case

Disclaimer: The tools and metrics featured herein are solely those of the originating authors and are not vetted or endorsed by the OECD or its member countries. The Organisation cannot be held responsible for possible issues resulting from the posting of links to third parties' tools and metrics on this catalogue. More on the methodology can be found at https://oecd.ai/catalogue/faq.