Let me start with a story that has become lore in our field of AI safety, one that began my journey in AI governance and taught me a great deal about velocity and feedback as critical factors in the assessment of AI risk.

In March 2016, a team at Microsoft launched a self-learning AI chatbot named Tay on Twitter1. The plan seemed solid, the testing thorough, and the controls reasonable. Within a few hours, Tay was engaging naturally with thousands of users, learning from these interactions to become more conversational and engaging. As Microsoft's CTO in Australia at the time, I remember the initial excitement with Tay's rapid adoption and apparently successful deployment. The system was working exactly as designed, adapting and learning from its interactions.

But that same capability – learning and adapting from interactions – would become Tay's undoing. Within just 16 hours, we shut Tay down after it began producing increasingly offensive and inappropriate content, having been manipulated by coordinated efforts to corrupt its learning process. A chatbot designed to engage positively with younger users had transformed into something that spewed vile content, damaging Microsoft's reputation and potentially harming vulnerable users.

The Tay incident was a wake-up call that felt fundamentally different from any cybersecurity crisis I'd encountered before – and I'd dealt with my fair share, from the Slammer worm to advanced persistent threats to modern ransomware. This was something new – the harm emerged and amplified with unprecedented speed. It crystallised for me an awareness that traditional risk assessment approaches would prove inadequate for AI systems.

In the post-mortem that followed, it became clear that the development team had anticipated various risks, including the possibility of subversion from malicious input. But the speed and scale at which these risks manifested in production blindsided everyone. A seemingly low-probability risk rapidly spiralled into a major crisis through feedback loops that conventional risk frameworks couldn't capture, and static controls couldn’t contain. These are exactly the kinds of risks that we face with today's AI systems, and they will only magnify with the adoption of agentic architectures.

The Fundamental Challenge: Dynamic vs. Static Risk

Traditional risk assessment frameworks serve us well for static systems where causes and effects are clearly linked. We know how to evaluate the likelihood of a server failure or estimate the impact of a data breach. But AI systems introduce deeper uncertainties that defy conventional analysis.

A key distinction lies in understanding the difference between AI models and AI systems. AI models – the core neural networks and algorithms – only change when explicitly retrained or fine-tuned. But what researchers at Berkeley2 have recently formalised as "Compound AI Systems" combine these static models with dynamic elements: data pipelines, user interactions, business processes, and the broader environment they operate in. These systems evolve continuously, often in unpredictable ways.

Consider how a content recommendation system works: while its underlying model might remain static between training cycles, the system as a whole constantly shifts. Each user interaction subtly alters the distribution of content being shown, creating feedback loops that can dramatically change behaviour even when the core model hasn't changed at all. What starts as a well-calibrated system for suggesting content can gradually drift toward promoting increasingly extreme viewpoints – not because the model has changed, but because the complex web of interactions around it has shifted the inputs it receives and the patterns it reinforces.

This leads us to one of the most vexing challenges in AI risk assessment: unclear causation chains. In traditional systems, we can usually trace a clear path from cause to effect. A software bug leads to a crash. A security vulnerability leads to a breach. But AI systems can produce harmful outcomes through perfectly normal operation. When a credit scoring algorithm develops a bias against certain demographics, it's often not because of a bug or error – it's because the system is faithfully replicating patterns in its training data or subtly causing user behaviour to change. The harm emerges from complex interactions between the model, its data, and societal factors that may not be immediately obvious.

Further complicating matters is our fundamental uncertainty about AI capabilities. The rapid pace of advancement means that what seems impossible today might be trivial tomorrow. This makes it extraordinarily difficult to assess risks over longer time horizons. A seemingly harmless application might become problematic as underlying AI capabilities evolve – as we've seen with technologies like deepfakes, which transformed from research demonstrations to serious societal concerns in just a few years.

These dynamic characteristics mean that traditional risk matrices – which ask us to plot likelihood against impact on simple scales – feel inadequate for AI systems. How do you assign a likelihood when the system's capabilities might fundamentally change next month? How do you estimate impact when harm might emerge gradually through subtle shifts in behaviour rather than dramatic failures? I believe we need more nuanced approaches that account for the dynamic, evolving nature of AI systems – one that moves beyond point-in-time assessments to consider how risks evolve over time through interaction and feedback.

Traditional Risk Assessment Approaches

Organisations employ a host of different methods to gauge the magnitude of risks, each with distinct strengths and limitations when applied to AI systems.

The standard risk model (risk = probability × impact) serves as a foundation for most assessment frameworks. This approach quantifies risk as an expected value, placing unlikely but catastrophic events on par with likely but minor ones. While intuitive and widely used, this simple formula often masks the nuances of AI risks, particularly those with high uncertainty in probability estimates and heavy-tail impacts. It provides a useful starting point but rarely offers sufficient insight for complex AI systems.

Building on this foundation, risk assessment matrices plot probability against impact, classifying risks into categories (high, medium, low). These matrices excel in communicating risk levels through accessible heat maps, allowing stakeholders to quickly compare diverse risks and prioritise mitigation efforts. Their strength lies in simplicity—they can handle both strategic and operational risks without requiring sophisticated analysis. However, this simplicity comes at a cost: they impose subjective cutoffs between categories and create an illusion of precision despite using coarse ordinal scales. They also oversimplify the interdependencies that characterise AI systems, potentially obscuring how risks evolve through feedback loops. Despite these limitations, in my experience, more than 95% of organisations can function effectively using risk matrices for the majority of their risks, reserving more sophisticated techniques for specific high-stakes contexts like life-critical systems or securities trading.

For a more quantitative approach to uncertainty, Monte Carlo simulations run thousands of random scenarios to model a range of possible outcomes. Instead of point estimates, they produce probability distributions that capture best-case, worst-case, and most-likely outcomes with confidence intervals. This approach proves valuable for AI performance risks where inputs can be probabilistically modelled, helping decision-makers prepare for variability rather than fixed "expected losses." The downside is computational complexity and sensitivity to assumptions—if the probability distributions fed into the simulation are flawed (a common issue with unprecedented AI risks), the outputs may mislead. Monte Carlo simulations work best when you have some data or expert estimates to parameterise the model but add less value when facing complete unknowns.

Bayesian networks represent an even more sophisticated approach, encoding dependencies between risk factors as probabilistic models that update as new evidence emerges. Applied to AI, a Bayesian network might model how factors like data quality, model complexity, and cyber threats combine to influence system reliability. This approach rigorously handles uncertainty and integrates expert knowledge with data, forcing clear-headed reasoning about causal relationships. However, building and validating these networks demands significant expertise and reliable conditional probabilities. For complex AI systems with many interrelated risks, the networks can become unwieldy. In my career, I've implemented a Bayesian network for risk assessment only once—it's a significant undertaking that few organisations pursue.

Finally, scenario analysis takes a narrative approach, constructing detailed "what-if" stories to test organisational readiness. In AI governance, this might involve imagining plausible sequences of events: "What if our chatbot is tricked by a coordinated adversarial campaign during a holiday surge?" While offering no quantitative risk estimates, scenarios accommodate dynamic and emerging risks well, incorporating expert intuition and foresight about how AI systems might behave. They yield rich qualitative insights and spur contingency planning. The drawback lies in their inherent subjectivity—the quality depends entirely on the scenario builder's imagination and knowledge. Scenario analysis works best alongside quantitative methods, complementing them by addressing the "what if we're wrong in our assumptions?" question. The AI 2027 Report is a fascinating example of a scenario analysis that illustrates the method perfectly.3

In practice, risk assessment for AI often combines multiple approaches. There is no universally correct method—the choice depends on context, data availability, and the nature of the risk. The key is ensuring the approach fits the problem: simple models for simple, stable risks; more nuanced techniques for complex and uncertain risks. It's also critical to acknowledge the limitations of each method and, where possible, cross-check results using alternative techniques.

Sidebar: An example of unexpectedly rapid AI risk evolution as deepfakes accelerate from concept to real, present danger

In late 2014, when Ian Goodfellow published his paper on Generative Adversarial Networks4, it seemed like just another academic breakthrough in machine learning. The paper described an elegant way for AI systems to create realistic images by having two neural networks compete against each other - one generating fake images, the other trying to spot them. At conferences and in university labs, researchers marvelled at the mathematical beauty of GANs, seeing them as a fascinating tool for understanding how machines learn. No one imagined that over the next ten years, and especially in the last three years, this theoretical work has spawned a global crisis of synthetic media that might threaten democracy itself.

The transformation from academic paper to worldwide threat was breathtaking in its speed and scope. By early 2017, a Reddit user had already weaponised GANs to create non-consensual deepfake videos, but this required significant technical expertise and computing power. Then came the cascade: FakeApp in January 2018 made deepfake creation accessible to anyone with a laptop. Three months later, Jordan Peele's viral Obama deepfake served as a stark warning about political manipulation. By March 2019, fraudsters were using cloned voices to steal hundreds of thousands of dollars, and within months, state actors were deploying deepfakes to influence political events. The technology that began as an elegant mathematical insight had morphed into an industrial-scale threat, with losses reaching $2.6 billion by 2023. What's most chilling is how the defensive responses lagged - Microsoft's Video Authenticator didn't emerge until 2020, three full years after malicious use began, by which time the democratisation of the technology through free apps and social media had made the problem nearly impossible to contain. In just a few years, we had gone from an innovative academic paper to a fundamental threat to trust in digital media, catching society completely unprepared for the speed and scale of its impact.
And the introduction of ChatGPT 4o Image Generator on March 25th seems to have taken the prevalence of this risk to a new level.

Conceptualising a better way to assess AI risk

While we have developed sophisticated tools for measuring both static risks and dynamic risks in various domains, AI systems combine the worst aspects of both—they can appear stable one moment, then cascade into crisis the next through feedback loops that amplify faster than traditional monitoring systems can track.

Traditional risk assessment works well when you can clearly map cause and effect, gather historical data about failure rates, and evaluate systems that remain relatively constant. Dynamic risk tools like Monte Carlo simulations help us understand how risks evolve over time in complex systems. But AI introduces unique challenges that strain even our most advanced frameworks.

The first challenge involves velocity of change. Microsoft's Tay chatbot illustrated how quickly harm can escalate in AI systems—from isolated questionable responses to full-blown crisis in hours. Traditional IT risks like data corruption typically develop more gradually and follow predictable patterns. Impact velocity—how quickly a risk escalates from minor concern to major crisis—becomes a crucial third dimension alongside likelihood and severity.

Unclear causation chains present another challenge. When a credit scoring algorithm develops a bias against certain demographics, it often isn't due to a bug or error—it's because the system is faithfully replicating patterns in its training data. The harm emerges from complex interactions between the model, its data, and societal factors. This makes it difficult to apply traditional cause-and-effect reasoning to AI risks.

Capability uncertainty further complicates assessment. The rapid pace of AI advancement makes it extraordinarily difficult to evaluate risks over longer time horizons. How do you assign a likelihood to an outcome when the system's capabilities might fundamentally change next month? How do you estimate impact when harm might emerge gradually through subtle shifts in behaviour rather than dramatic failures?

This uncertainty extends beyond technical capabilities to human-AI interaction effects. We're often dealing with systems that can impact human behaviour and social dynamics in unpredictable ways. A chatbot might maintain perfect accuracy while subtly influencing user behaviour in unintended ways. An AI hiring system might make defensible decisions while gradually reshaping organisational culture through its selection patterns.

Traditional frameworks might give us false confidence by reducing complex, dynamic risks to simple numeric scores. A risk rated "low" today might evolve into something serious through feedback loops and emerging behaviours. Conversely, a seemingly "high" risk might prove easily manageable with the right monitoring and controls. I have found these unique challenges call for a more nuanced approach—one that accounts for the dynamic, evolving nature of AI systems and moves beyond point-in-time assessments to consider how risks might evolve over time. At the same time, we can't overcomplicate risk assessment in ways that make it much harder to communicate risk to stakeholders and decision-makers.

Proposing an AI risk ‘amplification factor’

This brings us to two critical concepts that I think can form a foundation for a more comprehensive AI risk assessment: impact velocity and feedback potential.

Impact Velocity: How Fast Risks Escalate

Impact velocity measures how quickly a risk can escalate from first detection to reaching its maximum impact. This isn't about the likelihood of occurrence, but rather the speed at which impacts compound once a problem begins.

Think back to Microsoft's Tay chatbot—the velocity of harm was extraordinary. Within hours, what began as isolated questionable responses accelerated into a full-blown crisis that damaged Microsoft's reputation and potentially harmed users. Contrast this with traditional IT risks like data corruption or even power failure, where problems typically develop more gradually and follow predictable patterns.

High-velocity risks are particularly dangerous because they can outpace normal human response cycles. By the time organisations notice the problem, assemble decision-makers, assess options, and implement responses, a high-velocity risk may have already reached its full destructive potential. Incorporating velocity into risk assessment helps identify scenarios where automated monitoring and pre-approved response protocols may be necessary.

Feedback Potential: How Risks Amplify

Equally important is understanding a system's feedback potential—its capacity to amplify initial problems through self-reinforcing cycles. Feedback loops occur when a system's outputs influence its future inputs, creating potential for exponential rather than linear escalation of impacts.

These feedback loops can take multiple forms:

• Technical feedback loops: When an AI system's outputs directly influence its future inputs, such as a recommendation engine that shapes user preferences and then learns from those shifted preferences.

• Behavioural feedback loops: When users adapt their behaviour in response to an AI system, potentially gaming the system or reinforcing existing biases. For example, job applicants modifying their resumes to match perceived AI preferences.

• Organisational feedback loops: When teams adjust their processes or decisions around AI outputs in ways that reduce human oversight or amplify biases. For instance, customer service managers placing increasing reliance on AI-generated performance metrics.

• Cross-system feedback loops: When multiple AI systems interact with each other, potentially creating complex, emergent behaviours that no single system would exhibit alone.

Systems with high feedback potential require special attention because they can transform minor initial problems into major crises through compounding effects. The more interconnected feedback loops are present, and the faster they operate, the greater the potential for rapid, unexpected escalation.

Putting It Together: The Amplification Factor

When we combine impact velocity with feedback potential, we get what I call the Amplification Factor — a measure of how much a risk might be magnified beyond what traditional likelihood-impact assessments would suggest. The Amplification Factor serves as a multiplier on the base risk score calculated from an assessed impact velocity and feedback potential, elevating risks that might look deceptively moderate in traditional frameworks but have the potential for rapid escalation through feedback loops.

To understand how this works in practice, consider a bank deploying an AI system for credit decision-making. Traditional assessment would focus on the likelihood of biased decisions and their potential impact on customers. But by incorporating velocity and feedback potential, they might realise that biased decisions could compound rapidly: rejected applicants may modify their behaviour in ways that reinforce the initial bias, creating an accelerating cycle of harm that spreads across customer segments. This insight would lead them to implement continuous monitoring of decision patterns rather than relying on periodic reviews.

I think a benefit of this approach lies in how it reveals interconnections that might be missed in traditional assessment. A financial services firm using this method may discover that their trading algorithm's impact extends far beyond immediate investment decisions—perhaps subtly changing how analysts research companies, how traders interpret market signals, and ultimately how capital is allocated across sectors.

Calculating AI Risk Scores: A Step-by-Step Procedure

Here’s how I work to integrate these concepts into a structured assessment methodology:

Step 1: Assess likelihood on a 1-5 scale where:

• 1 = Remote (once in 5+ years)

• 2 = Unlikely (annual)

• 3 = Possible (quarterly)

• 4 = Likely (monthly)

• 5 = Almost Certain (weekly+)

Step 2: Assess impact on a 1-5 scale where:

• 1 = Minimal (minor user frustration)

• 2 = Minor (small financial/reputational impact)

• 3 = Moderate (measurable business impact)

• 4 = Major (significant financial/reputational damage)

• 5 = Severe (catastrophic damage/regulatory intervention)

Step 3: Calculate the Base Risk (1-25):

• Base Risk = likelihood × impact

Step 4: Assess Velocity Score (1-4)

The Velocity Score measures how quickly a risk could escalate from first detection to reaching its maximum impact. This isn't about the likelihood of occurrence, but rather the speed of escalation once a problem begins:

• 1 = Slow (months to manifest): There is sufficient time for deliberate analysis, planning, and implementation of mitigations. Example: A gradual drift in an AI model's performance over months due to subtle data changes.

• 2 = Gradual (weeks to manifest): Problems develop over weeks, allowing for coordinated response but requiring timely action. Example: A financial forecasting AI developing biased predictions that gradually impact business decisions.

• 3 = Fast (days to manifest): Issues escalate within days, requiring rapid response capabilities and pre-planned mitigation strategies. Example: A customer-facing AI chatbot developing problematic patterns that begin affecting customer satisfaction and brand reputation.

• 4 = Lightning (hours to manifest): Crisis can unfold within hours, outpacing normal human response mechanisms. Example: The Tay incident, where inappropriate responses spread virally on social media within hours.

When assessing velocity, consider: How much warning time would we have? How quickly would impacts compound? How fast could we technically implement corrective actions?

Step 5: Assess Feedback Potential Score (1-4)

The Feedback Potential Score evaluates how strongly the system can amplify initial problems through self-reinforcing cycles. This measures both the number and strength of potential feedback loops:

• 1 = Limited feedback potential: Single, slow feedback loop with natural dampening effects. Example: An AI-powered content recommendation system with strong human curation that limits drift.

• 2 = Moderate feedback potential: Either multiple slow loops that gradually compound or a single fast feedback loop. Example: An AI hiring tool that influences candidate pools but with periodic human reviews.

• 3 = High feedback potential: Multiple fast feedback loops with some breaks or circuit-breakers in the system. Example: A trading algorithm that can influence market conditions and then react to those changes, but with trading limits in place.

• 4 = Extreme feedback potential: Multiple fast, interconnected feedback loops with strong amplification and few controls. Example: A social media moderation AI that shapes user behaviour, which then influences future training data, operating in a viral content environment.

When assessing feedback potential, examine: Does the system's output influence its future inputs? Are there multiple stakeholders who can reinforce initial patterns? Are there natural limits or circuit-breakers in the system? How connected is the system to other systems that could create amplification effects?

Step 6: Calculate Final Risk Rating

• Calculate the risk modifier: Amplification Factor = 1 + (0.5 × Velocity × Feedback)

• Calculate final risk rating: Final Risk = Base Risk × Amplification Factor

Applied Examples: The Amplification Factor in Action

Let me walk through three real-world examples to show how this risk scoring system helps to assess the unique dynamics of AI systems. These examples illustrate how seemingly similar base risks can lead to dramatically different final risk scores when we account for velocity and feedback potential.

Example 1: Customer Service AI Going Off-Script

Scenario: An AI-powered customer service chatbot begins occasionally providing inaccurate information about product returns, causing customer confusion.

Likelihood: 4 (Likely - could happen monthly)

• The AI regularly encounters novel customer inquiries not well-represented in training data.

Impact: 2 (Minor - some customer complaints, small PR issues)

• Affects a limited number of customers, with manageable remediation costs.

Base Risk: 8

Velocity: 2 (Gradual - takes weeks to develop problematic patterns)

• Problems emerge gradually as the issue affects more customers, giving the team time to investigate patterns.

• Human agents review a sample of interactions, providing early warning.

Feedback Potential: 1 (Limited - single slow feedback loop)

• Customer frustration may lead to more complicated inquiries, but the system has built-in escalation to human agents when confidence is low.

• Weekly retraining incorporates corrections, preventing most pattern reinforcement.

Amplification Factor: 1 + (0.5 × 2 × 1) = 2

Final Risk Score: 8 × 2 = 16

This example shows a typical operational AI risk. While the base risk score of 8 suggests moderate concern, the modest amplification factor of 2 indicates that, while the situation could worsen over time, the organisation has sufficient time to detect and address issues before they become critical. The gradual velocity and limited feedback loops make this manageable through normal monitoring and correction cycles.

Example 2: Trading Algorithm with Emerging Bias

Scenario: An AI-powered trading algorithm begins to develop a bias toward certain market sectors, potentially leading to suboptimal portfolio concentration.

Likelihood: 2 (Unlikely - annual occurrence)

• The algorithm has robust diversification rules, but shifting market conditions could create unexpected patterns.

Impact: 5 (Severe - major financial losses possible)

• Portfolio concentration in volatile sectors could lead to significant financial losses during market corrections.

Base Risk: 10

Velocity: 3 (Fast - patterns emerge over days)

• Market conditions can change rapidly, and the algorithm rebalances portfolios daily.

• Initial positions could compound quickly in fast-moving markets.

Feedback Potential: 3 (High - multiple fast loops with some breaks)

• The algorithm's trades can influence market prices in less liquid instruments, which then feed back into its own decision-making.

• Other market participants may detect and amplify the algorithm's patterns.

• Risk limits provide some circuit-breakers, but they may trigger too late.

Amplification Factor: 1 + (0.5 × 3 × 3) = 5.5

Final Risk Score: 10 × 5.5 = 55

Here we see how the potential for rapid market feedback loops significantly elevates what might otherwise look like a moderate risk. The base score of 10 already suggests attention, but the amplification factor of 5.5 dramatically increases the final score to 55, indicating this risk deserves priority attention. The high modifier reflects how quickly trading patterns can spiral through market interactions, potentially outpacing normal human oversight mechanisms.

Example 3: Social Media Chat AI (Tay-like Scenario)

Scenario: A public-facing AI chatbot deployed on social media learns from user interactions to improve conversational abilities.

Likelihood: 2 (Unlikely - annual occurrence)

• The system includes content filters and restricted learning parameters.

• Previous testing showed robust performance against most adversarial inputs.

Impact: 4 (Major - significant reputational damage)

• Inappropriate responses could harm users and damage brand reputation.

• Media coverage of AI misbehaviour tends to be extensive.

Base Risk: 8

Velocity: 4 (Lightning - hours to crisis)

• Social media operates 24/7 with global reach and viral sharing mechanics.

• Problematic responses can spread worldwide before the team is even aware.

• Issues can trend on social platforms within hours of first appearance.

Feedback Potential: 4 (Extreme - multiple fast, interconnected loops)

• The system learns from user interactions, potentially reinforcing problematic patterns.

• Coordinated users can deliberately amplify specific behaviours.

• Social media platforms algorithmically promote controversial content, further accelerating spread.

• Media coverage creates additional attention, bringing more users to test system boundaries.

Amplification Factor: 1 + (0.5 × 4 × 4) = 9

Final Risk Score: 8 × 9 = 72

This example beautifully captures why Tay became such a watershed moment in AI safety. With a base risk score of just 8—seemingly comparable to our customer service example—this scenario reaches a final score of 72, the highest in our examples. The extraordinary amplification factor of 9 reflects the perfect storm of lightning-fast velocity and extreme feedback potential inherent in social media environments. The system could transform from functioning normally to crisis in hours, through multiple reinforcing feedback loops that outpace human response capabilities.

Comparative Analysis

Looking at these scores side by side (16, 55, 72), we can see how this approach successfully differentiates between risks that might appear similar under traditional assessment. All three examples started with base risk scores between 8-10, which would typically place them in the same general risk category. But their final scores spread across a wide range, reflecting their dramatically different potential for rapid escalation.

The customer service AI (16) represents a manageable risk suited to standard monitoring and governance controls. The trading algorithm (55) shows a much more significant risk requiring robust preventive controls and real-time monitoring. The social media chatbot (72) reveals an extreme risk demanding extraordinary precautions, potentially including limited deployment, extensive pre-release adversarial testing, and 24/7 monitoring capabilities.

Just one approach to evolving risk for AI

I realise this is just one possible way of trying to factor in these considerations, and it’s far from perfect, but I’ve found the it helps when prioritising AI risks not just by their immediate likelihood and impact, but by their potential to escalate through feedback loops and velocity of harm—precisely the factors that make AI risks so challenging to manage with traditional approaches.

More than eight years after the Microsoft Tay incident, the lesson I took away wasn't just about the need for better testing or more robust content filters. The fundamental insight was that we need new ways to think about and assess risk in systems that learn and adapt. And as we continue pushing the boundaries of AI capability, especially as we introduce greater autonomy to AI agents, this lesson becomes increasingly crucial for any organisation deploying AI systems that interact with the real world.

The framework I’ve put forward here—incorporating velocity and feedback potential into an AI Risk Amplification Factor— is straightforward and practical. It maintains compatibility with existing risk processes while adding the nuance needed to capture AI's dynamic characteristics. I think it can also be a useful way to explain the dynamic nature of AI risks to stakeholders and leadership who might otherwise find more rigorous methods difficult to absorb. I’d love to hear feedback or ideas on how you’re trying to incorporate these aspects of AI risk assessment in your organisation.

As AI systems become more sophisticated and integrated into critical functions, the importance of robust risk assessment will only grow. In my view, the static risk matrices and simple likelihood-impact calculations that served us well for traditional IT systems simply cannot capture the complexities of systems designed to learn and adapt.

In the next article in this series, I'll build on this foundation to explore how organisations can select appropriate risk treatments and controls for AI systems. I’ll go through various control types—preventive, detective, and corrective—matched up with various risk types. Additionally, I'll share a complete template for an AI Risk Management Framework that you can adapt for your own organisation.

The challenges of AI risk management are substantial, but they are not insurmountable. By evolving our risk assessment approaches to match the dynamic nature of AI systems, we can harness their transformative potential while managing their unique risks. I believe the important step is to acknowledge uncertainty, account for feedback loops, and prepare us for the velocity of change that defines AI innovation.

Subscribe for free on Substack to receive the next article in this series and access the complete AI Risk Management Framework template.

Leave a comment

Share