AI is simultaneously the biggest security risk and the biggest security opportunity your organization faces. Here's how to think about it systematically.
The Four Risk Domains
1. Model Risk
The model itself introduces risk. It can hallucinate, producing confident-sounding nonsense. It can be manipulated through prompt injection. It can leak training data. It can amplify biases present in its training set.
Key questions: What decisions does this model influence? What's the blast radius of a wrong answer? Do we have human verification for high-stakes outputs?
2. Data Risk
Every AI interaction involves data. Prompts may contain sensitive information. Responses may be logged. Fine-tuning exposes training data. RAG systems connect to internal repositories.
Key questions: What data flows into the model? Where does output data go? Who has access to interaction logs? What's our data residency posture?
3. Supply Chain Risk
You probably don't control your AI infrastructure. Models come from third parties. APIs run on someone else's servers. Embedding models, vector databases, and orchestration frameworks each introduce dependencies.
Key questions: What happens if your model provider changes terms? Can you switch providers? Do you have contractual protections for data handling?
4. Operational Risk
AI systems fail differently than traditional software. They degrade gracefully—or appear to. A model might start performing worse without obvious errors. Shadow AI proliferates when official channels are too slow.
Key questions: How do we detect model degradation? What's our incident response for AI-related issues? How do we inventory AI usage across the organization?
The Prioritization Framework
You can't address everything. Prioritize based on:
- Data sensitivity: Does this use case touch PII, PHI, or financial data?
- Decision impact: Does AI output directly affect customers, employees, or finances?
- Exposure surface: Is this internal-only or customer-facing?
- Reversibility: Can we undo damage if something goes wrong?
A customer-facing chatbot handling financial advice scores high on all four dimensions. An internal tool helping developers write documentation scores low. Allocate security resources accordingly.
Practical Controls
- Input validation: Screen prompts for sensitive data before they reach the model
- Output filtering: Check responses for PII leakage, hallucination markers, harmful content
- Access controls: Who can use which AI capabilities with which data?
- Logging and monitoring: Full audit trail of interactions, anomaly detection
- Human oversight: Required approval for high-stakes automated decisions
The goal isn't to eliminate AI risk—it's to manage it proportionally while enabling the business value AI provides.
[DRAFT — PENDING REVIEW]
This framework is a starting point. Your specific risk profile depends on your industry, use cases, and regulatory environment.