Most organisations treat AI risk as a technical problem. Get the data right, test for bias, add a human-in-the-loop, and move on. But a new framework from the Ada Lovelace Institute exposes a blind spot in that thinking: the harm pathways AI creates are not fixed characteristics of systems or people. They shift depending on context, timing, and design choices that most risk assessments never examine.
Everyone is exposed, but not equally
The concept of “vectors of vulnerability” — introduced by researchers Mavis Machirori and Oliver Bruff — reframes how we should think about AI harm. Traditional vulnerability frameworks focus on who is at risk: elderly users, children, people with disabilities. These categories matter, but AI systems introduce something different. They create pathways through which anyone can become vulnerable, depending on circumstances that change over time.
Strategic Reality: Vulnerability in AI is not a fixed trait of users. It is a product of system design, data quality, context, and timing — all of which are within an organisation’s control.
This distinction is not academic. It changes what responsible deployment looks like. A well-tested facial recognition system might work reliably in controlled conditions but create serious vulnerability when photos are repurposed without consent. A legal chatbot might produce accurate answers most of the time but expose individual users to civil liability when it hallucinates case citations. The harm does not come from the technology alone — it comes from the interaction between the technology, its context, and the people using it.
The four dimensions organisations keep missing
The Ada Lovelace Institute framework identifies four dimensions that combine to create vulnerability vectors:
| Dimension | What it covers | Why organisations miss it |
|---|---|---|
| Data quality and composition | Training data gaps, historical biases, representation failures | Assumed to be a one-time data quality check |
| Design choices and resource allocation | System architecture, feature prioritisation, safety investment | Treated as engineering decisions, not harm decisions |
| Context of use | Deployment environment, user expectations, power dynamics | Rarely assessed beyond intended use cases |
| User agency | Ability to opt out, understand outputs, seek alternatives | Often assumed rather than verified |
Critical Context: Most AI risk assessments focus on one or two of these dimensions. The framework’s contribution is showing that vulnerability emerges from their interaction — miss one dimension and your entire risk model has gaps.
Consider the three cases the researchers highlight. Deepfake manipulation weaponises publicly available photos — a context problem that no amount of model testing will catch. AI chatbot legal advice creates liability exposure through hallucinated outputs — a data quality and design choice problem that conventional accuracy metrics obscure. AI companion tools create emotional dependency that increases social isolation — a user agency problem that engagement metrics actively reward.
What risk assessments currently get wrong
The standard approach to AI risk — bias testing, fairness metrics, impact assessments — treats vulnerability as something you can identify in advance and engineer away. The vectors framework suggests this is insufficient for three reasons.
First, vulnerability is contextual. The same system can be safe in one deployment and harmful in another. A recruitment screening tool might perform well when candidates have equal access to information about how it works, but create significant disadvantage when some candidates can game the system and others cannot.
Strategic Insight: Your AI risk assessment is only as good as your understanding of deployment context. Laboratory testing tells you about the system. Field assessment tells you about vulnerability.
Second, vulnerability is temporal. People move in and out of vulnerable states. Someone using an AI financial adviser might be perfectly capable of critical evaluation most of the time, but make consequential decisions during a period of stress or cognitive load. Systems that assume consistent user capacity miss this entirely.
Third, vulnerability compounds. Data gaps can interact with design choices and deployment context to create harm that none of these factors would produce alone. A medical triage system trained on hospital data (which under-represents populations with poor healthcare access) and deployed without human oversight in under-resourced clinics creates compounding vulnerability that no single dimension explains.
What the legal gap means for UK organisations
The researchers make an important observation about legal recourse: without clear frameworks for naming and describing AI vulnerability pathways, affected individuals struggle to seek legal remedy. For UK organisations, this creates a paradox.
The absence of regulation does not mean the absence of liability. As AI harms become more visible and public awareness increases, organisations that have not documented their vulnerability analysis will find themselves exposed — not just to regulatory action, but to reputational damage and legal challenge.
Reality Check: The organisations that will be best positioned when AI regulation arrives are those already doing the vulnerability analysis voluntarily. Waiting for regulation is not a risk-neutral strategy.
The EU AI Act introduces vulnerability assessment requirements for high-risk systems. While the UK is charting its own regulatory path, the direction of travel is clear. Organisations operating in or trading with the EU already need to think about this. Those operating solely in the UK should be thinking about it for competitive and ethical reasons.
A practical framework for getting started
The vectors approach translates into concrete organisational actions. Here is a priority framework based on maturity level:
Organisations just starting with AI governance:
- Map every deployed AI system against the four vulnerability dimensions
- Identify the three highest-risk combinations (where multiple dimensions interact)
- Establish a quarterly review cycle for deployment context changes
Organisations with existing AI governance:
- Audit current risk assessments for dimensional gaps (most will be missing context and agency)
- Add scenario-based vulnerability testing (not just technical testing)
- Create feedback channels for users to report unexpected system behaviour
Organisations with mature AI practices:
- Build vulnerability vectors into procurement and vendor assessment
- Develop internal standards that go beyond regulatory minimums
- Share vulnerability findings with industry peers (pre-competitive safety information)
Implementation Note: Start with your most widely deployed AI system, not your most sophisticated one. The system touching the most users creates the largest vulnerability surface.
Four challenges that will catch organisations off guard
The consent problem. Users consent to using an AI system, but they do not consent to the vulnerability pathways that system creates. A customer using a chatbot for product information has not agreed to have their conversation patterns used for profiling. Existing consent frameworks were not designed for this level of derived exposure.
The supply chain gap. Most AI vulnerability is introduced through third-party models and APIs. Your organisation’s vulnerability assessment means nothing if you cannot trace how upstream providers handle data quality, design choices, and deployment context. Few organisations have this visibility.
Hidden Cost: The real cost of AI vulnerability is not the harm itself — it is the organisational effort required to understand, monitor, and mitigate harm pathways across your entire AI supply chain.
The measurement problem. How do you measure vulnerability before harm occurs? Traditional metrics focus on system performance (accuracy, fairness, reliability). Vulnerability metrics need to capture contextual risk — and most organisations have no tooling for this.
The speed problem. AI systems change faster than vulnerability assessments can keep up. Model updates, fine-tuning, and deployment changes can introduce new vulnerability vectors overnight. Static risk assessments conducted annually or even quarterly will miss critical shifts.
The core question for every UK organisation
The Ada Lovelace Institute’s framework forces a useful question: for each AI system you deploy, can you describe who might become vulnerable, through what pathway, in what context, and at what point in time?
If you cannot answer that question with specificity, your AI governance has a gap. Not because your systems are necessarily harmful, but because you lack the framework to know whether they are.
Take Action: Before your next AI deployment decision, run a vectors-of-vulnerability assessment across all four dimensions. The exercise itself — regardless of what it finds — will improve your organisation’s understanding of where AI risk actually lives.
Three factors will determine whether organisations get this right:
- Governance breadth — Moving from technical bias testing to multi-dimensional vulnerability assessment that includes context, agency, and temporal factors
- Organisational honesty — Acknowledging that current risk frameworks were not designed for the kinds of harm AI systems create, and investing in new approaches
- Proactive positioning — Building vulnerability analysis capability now, before regulation mandates it, to gain competitive advantage and reduce future compliance cost
The Ada Lovelace Institute’s work does not provide all the answers. But it asks the right question: are your AI risk frameworks equipped for the kinds of vulnerability that AI actually creates? For most organisations, the honest answer is no. The ones that act on that answer now will be better prepared for what comes next.
This analysis is based on “Vulnerability in the age of AI” by Mavis Machirori and Oliver Bruff, published by the Ada Lovelace Institute on 26 February 2026. Resultsense provides independent strategic analysis to help UK organisations navigate AI developments with clarity and confidence.