The Neural Impact Chain: When Security Scores Map to Psychiatric Risk Categories
How we mapped 99 BCI attack techniques to DSM-5-TR diagnostic categories — and found that NISS scores correspond to clinical risk clusters (for threat modeling purposes)
The Question Nobody Asked
When a BCI attack disrupts your amygdala, what happens to your mental health?
Not in the hand-wavy “it could cause problems” sense. In the clinical sense. Which specific DSM-5-TR diagnosis maps to that disruption? What ICD-10-CM code would a clinician use? What does the insurance form look like?
Nobody had answered this. The BCI security literature catalogs attacks. The clinical literature catalogs diagnoses. The gap between them is a chasm — and it is exactly the chasm where real patients will fall.
Today we closed it.
99 Techniques, 15 Diagnoses, One Chain
The TARA registry now maps all 99 BCI techniques to DSM-5-TR psychiatric diagnoses through what we call the Neural Impact Chain (NIC):
Technique → Hourglass Band → Brain Structure → Cognitive Function → NISS (how much) + DSM (what kind)
Take QIF-T0010, ELF neural entrainment. It targets bands N4 through N7 — thalamus, basal ganglia, limbic system, and neocortex. Through the NIC, those bands map to structures (PFC, amygdala, hippocampus, striatum), which map to functions (executive function, emotion regulation, memory consolidation, motor selection), which map to diagnoses:
- Primary: Schizophrenia Spectrum (F20), Sleep-Wake Disorders (G47), Dissociative Disorders (F44), ADHD (F90), Substance Use (F10), OCD (F42), Tic Disorders (F95), Major Depressive Disorder (F32), GAD (F41.1), PTSD (F43.10)
- Diagnostic cluster: Cognitive/Psychotic
- Risk class: Direct
Every technique now carries this mapping. Silicon-only techniques (S1-S3 bands, no neural pathway) get risk_class: "none". Everything else gets ICD-10-CM codes, confidence levels, and the neural pathway chain that explains why.
The NISS-DSM Bridge: The Part That Surprised Us
Here is what we did not expect: NISS scores already corresponded to the diagnostic categories.
NISS (Neural Impact Scoring System) has six metrics: BI (Biological Impact), CR (Cognitive Reconnaissance), CD (Cognitive Disruption), CV (Consent Violation), RV (Reversibility), and NP (Neuroplasticity). We designed these to quantify security impact. But when we laid them against DSM-5-TR chapters, the correspondence was immediate:
| NISS Metric | Security Meaning | Diagnostic Category Correspondence |
|---|---|---|
| BI (High/Critical) | Tissue damage | Motor/Neurocognitive disorders |
| CR (High/Critical) | Thought decoding, neural data inference | Cognitive/Psychotic disorders |
| CD (High/Critical) | Perception manipulation, identity modification | Cognitive/Psychotic disorders |
| CV (Elevated/Involuntary) | Consent violation | Mood/Trauma disorders |
| NP (Structural) | Lasting neural change | Persistent/Personality disorders |
| RV (Partial/Irreversible) | Poor recovery | Chronicity modifier |
A technique with CV:E (Elevated) and CR:H/CD:H (High) doesn’t just have a “high security impact.” It specifically corresponds to mood/trauma and cognitive/psychotic risk categories — meaning PTSD, depression, and psychotic features are the primary clinical concerns for threat modeling purposes.
NISS was designed as a security scoring system. The same six metrics that tell a security researcher “this attack is dangerous” correspond to the diagnostic categories a clinician would consider — a structural observation requiring clinical validation, not a validated predictor.
Five Clusters, Not Sixteen Chapters
The DSM-5-TR has roughly 16 chapters relevant to BCI impact. Coloring a grid by 16 values violates Miller’s Law (7±2 items in working memory). Nobody will remember what 16 colors mean.
Instead, we group into five diagnostic clusters that align with the NISS-DSM Bridge:
- Cognitive/Psychotic (16 techniques) — perception, cognition, psychosis. Driven by CG.
- Mood/Trauma (21 techniques) — emotion, consent, autonomy. Driven by CV.
- Motor/Neurocognitive (16 techniques) — movement, tissue, structural. Driven by BI.
- Persistent/Personality (7 techniques) — lasting neural change. Driven by NP/RV.
- Non-Diagnostic (39 techniques) — silicon-only, no neural pathway.
These clusters are neurobiologically driven, not symptom-driven. They align with NIMH’s Research Domain Criteria (RDoC) approach: start from neural mechanisms, derive diagnostic categories. Traditional psychiatry asks “which brain regions are involved in depression?” We ask “if you disrupt the amygdala, which diagnoses emerge?”
The Hourglass Proves Itself Again
The 11-band hourglass model was designed as a security architecture. Each band represents a layer of the BCI stack, from neocortex (N7) through the electrode-tissue interface (I0) to silicon (S1-S3).
What we discovered: each band naturally corresponds to specific brain structures, which naturally correspond to specific diagnoses. N6 (Limbic System) maps to hippocampus, amygdala, and insula — which map to depression, anxiety, PTSD, and dissociative disorders. N5 (Basal Ganglia) maps to striatum and substantia nigra — which map to ADHD, addiction, OCD, and tic disorders. The architecture corresponded to the clinical mapping.
This is the value of a well-designed taxonomy. It reveals relationships you did not design into it.
What This Means
For clinicians: Every TARA technique now carries DSM-5-TR diagnostic codes. When a patient presents after a BCI security incident, the clinician can look up the technique, see the mapped diagnoses, and screen accordingly. The neural pathway chain explains why those diagnoses are relevant.
For regulators: ICD-10-CM codes make this framework directly usable for regulatory submissions, adverse event reporting, and insurance documentation. “This device has 12 techniques with direct risk for F32 (Major Depressive Disorder)” is a sentence a regulator can act on.
For security researchers: NISS scores are now clinically interpretable. The abstract severity numbers map to specific psychiatric risks. This gives security findings clinical weight.
For the field: This is, to our knowledge, the first formal mapping between BCI attack techniques and psychiatric diagnoses via neural mechanism chains. We welcome challenges.
Research Limitation: These technique-to-diagnosis mappings are based on known neuroanatomy and mechanism-first reasoning, developed by a single security researcher. They have not been reviewed or validated by psychiatrists or clinical neuroscientists and should not inform clinical decision-making without independent peer review and clinical validation. See Section 9 of the preprint for the full limitations disclosure.
Try It
The TARA Registrar now has four projection tabs:
- Modality — Impact severity and physical mechanism (toggle between the two)
- Clinical — Therapeutic applications and FDA status
- Diagnostic — DSM-5-TR clusters and ICD-10-CM codes
- Governance — Consent tiers and regulations
Click Diagnostic. The grid recolors by diagnostic cluster. Click any cell. The drawer shows primary and secondary diagnoses, confidence levels, the neural pathway chain, and the NISS-to-DSM correlation.
Every technique that can harm a patient can also heal one. Now we know which patients, and which conditions.
The Neural Impact Chain is documented in QIF Derivation Log, Entry 53. The NISS-DSM Bridge and diagnostic cluster methodology are detailed in the TARA specification. All AI contributions are disclosed in the AI Transparency Log.
AI Transparency Statement: This work was authored by Kevin L. Qi with AI assistance from Claude (Anthropic) and Gemini (Google). The Neural Impact Chain concept, clinical mappings, and NISS-DSM bridge were developed by the author. AI tools assisted with literature review, code generation, and cross-referencing large datasets. All clinical outputs were verified against the DSM-5-TR and peer-reviewed neuroscience literature. A full audit log is available here.