What is AI risk management?

AI risk management is the process of systematically identifying, mitigating and addressing the potential risks associated with AI technologies. It involves a combination of tools, practices and principles, with a particular emphasis on deploying formal AI risk management frameworks.

Generally speaking, the goal of AI risk management is to minimize AI’s potential negative impacts while maximizing its benefits.

AI risk management is part of the broader field of AI governance. AI governance refers to the guardrails that ensure AI tools and systems are safe and ethical and remain that way.

AI governance is a comprehensive discipline, while AI risk management is a process within that discipline. AI risk management focuses specifically on identifying and addressing vulnerabilities and threats to keep AI systems safe from harm. AI governance establishes the frameworks, rules and standards that direct AI research, development and application to ensure safety, fairness and respect for human rights.

In recent years, the use of AI systems has surged across industries. McKinsey reports that 72% of organizations now use some form of artificial intelligence (AI), up 17% from 2023.

While organizations are chasing AI’s benefits—like innovation, efficiency and enhanced productivity—they do not always tackle its potential risks, such as privacy concerns, security threats and ethical and legal issues.

Leaders are well aware of this challenge. A recent IBM Institute for Business Value (IBM IBV) study found that 96% of leaders believe that adopting generative AI makes a security breach more likely. At the same time, the IBM IBV also found that only 24% of current generative AI projects are secured.

AI risk management can help close this gap and empower organizations to harness AI systems’ full potential without compromising AI ethics or security.

Like other types of security risk, AI risk can be understood as a measure of how likely a potential AI-related threat is to affect an organization and how much damage that threat would do.

While each AI model and use case is different, the risks of AI generally fall into four buckets:

• Data risks
• Model risks
• Operational risks
• Ethical and legal risks

If not managed correctly, these risks can expose AI systems and organizations to significant harm, including financial losses, reputational damage, regulatory penalties, erosion of public trust and data breaches.

AI systems rely on data sets that might be vulnerable to tampering, breaches, bias or cyberattacks. Organizations can mitigate these risks by protecting data integrity, security and availability throughout the entire AI lifecycle, from development to training and deployment.

 Common data risks include:

• Data security: Data security is one of the biggest and most critical challenges facing AI systems. Threat actors can cause serious problems for organizations by breaching the data sets that power AI technologies, including unauthorized access, data loss and compromised confidentiality.

• Data privacy: AI systems often handle sensitive personal data, which can be vulnerable to privacy breaches, leading to regulatory and legal issues for organizations.

• Data integrity: AI models are only as reliable as their training data. Distorted or biased data can lead to false positives, inaccurate outputs or poor decision-making.

Threat actors can target AI models for theft, reverse engineering or unauthorized manipulation. Attackers might compromise a model’s integrity by tampering with its architecture, weights or parameters, the core components determining an AI model’s behavior and performance.

Some of the most common model risks include:

• Adversarial attacks: These attacks manipulate input data to deceive AI systems into making incorrect predictions or classifications. For instance, attackers might generate adversarial examples that they feed to AI algorithms to purposefully interfere with decision-making or produce bias.

• Prompt injections: These attacks target large language models (LLMs). Hackers disguise malicious inputs as legitimate prompts, manipulating generative AI systems into leaking sensitive data, spreading misinformation or worse. Even basic prompt injections can make AI chatbots like ChatGPT ignore system guardrails and say things that they shouldn’t.

• Model interpretability: Complex AI models are often difficult to interpret, making it hard for users to understand how they reach their decisions. This lack of transparency can ultimately impede bias detection and accountability while eroding trust in AI systems and their providers.

• Supply chain attacks: Supply chain attacks occur when threat actors target AI systems at the supply chain level, including at their development, deployment or maintenance stages. For instance, attackers might exploit vulnerabilities in third-party components used in AI development, leading to data breaches or unauthorized access.

Though AI models can seem like magic, they are fundamentally products of sophisticated code and machine learning algorithms. Like all technologies, they are susceptible to operational risks. Left unaddressed, these risks can lead to system failures and security vulnerabilities that threat actors can exploit. 

Some of the most common operational risks include:

• Drift or decay: AI models can experience model drift, a process where changes in data or the relationships between data points can lead to degraded performance. For example, a fraud detection model might become less accurate over time and let fraudulent transactions slip through the cracks.

• Sustainability issues: AI systems are new and complex technologies that require proper scaling and support. Neglecting sustainability can lead to challenges in maintaining and updating these systems, causing inconsistent performance and increased operating costs and energy consumption.

• Integration challenges: Integrating AI systems with existing IT infrastructure can be complex and resource-intensive. Organizations often encounter issues with compatibility, data silos and system interoperability. Introducing AI systems can also create new vulnerabilities by expanding the attack surface for cyberthreats. 

• Lack of accountability: With AI systems being relatively new technologies, many organizations don’t have the proper corporate governance structures in place. The result is that AI systems often lack oversight. McKinsey found that just 18 percent of organizations have a council or board with the authority to make decisions about responsible AI governance.

If organizations don’t prioritize safety and ethics when developing and deploying AI systems, they risk committing privacy violations and producing biased outcomes. For instance, biased training data used for hiring decisions might reinforce gender or racial stereotypes and create AI models that favor certain demographic groups over others.

 Common ethical and legal risks include:

• Lack of transparency: Organizations that fail to be transparent and accountable with their AI systems risk losing public trust.

• Failure to comply with regulatory requirements: Noncompliance with government regulations such as the GDPR or sector-specific guidelines can lead to steep fines and legal penalties.

• Algorithmic biases: AI algorithms can inherit biases from training data, leading to potentially discriminatory outcomes such as biased hiring decisions and unequal access to financial services.

• Ethical dilemmas: AI decisions can raise ethical concerns related to privacy, autonomy and human rights. Mishandling these dilemmas can harm an organization’s reputation and erode public trust.

• Lack of explainability: Explainability in AI refers to the ability to understand and justify decisions made by AI systems. Lack of explainability can hinder trust and lead to legal scrutiny and reputational damage. For example, an organization’s CEO not knowing where their LLM gets its training data can result in bad press or regulatory investigations.

Many organizations address AI risks by adopting AI risk management frameworks, which are sets of guidelines and practices for managing risks across the entire AI lifecycle.

One can also think of these guidelines as playbooks that outline policies, procedures, roles and responsibilities regarding an organization’s use of AI. AI risk management frameworks help organizations develop, deploy and maintain AI systems in a way that minimizes risks, upholds ethical standards and achieves ongoing regulatory compliance.

Some of the most commonly used AI risk management frameworks include:

• The NIST AI Risk Management Framework
• The EU AI ACT
• ISO/IEC standards
• The US executive order on AI

In January 2023, the National Institute of Standards and Technology (NIST) published the AI Risk Management Framework (AI RMF) to provide a structured approach to managing AI risks. The NIST AI RMF has since become a benchmark for AI risk management.

The AI RMF’s primary goal is to help organizations design, develop, deploy and use AI systems in a way that effectively manages risks and promotes trustworthy, responsible AI practices.

Developed in collaboration with the public and private sectors, the AI RMF is entirely voluntary and applicable across any company, industry or geography.

The framework is divided into two parts. Part 1 offers an overview of the risks and characteristics of trustworthy AI systems. Part 2, the AI RMF Core, outlines four functions to help organizations address AI system risks:

• Govern: Creating an organizational culture of AI risk management
• Map: Framing AI risks in specific business contexts
• Measure: Analyzing and assessing AI risks
• Manage: Addressing mapped and measured risks

The EU Artificial Intelligence Act (EU AI Act) is a law that governs the development and use of artificial intelligence in the European Union (EU). The act takes a risk-based approach to regulation, applying different rules to AI systems according to the threats they pose to human health, safety and rights. The act also creates rules for designing, training and deploying general-purpose artificial intelligence models, such as the foundation models that power ChatGPT and Google Gemini.

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have developed standards (link resides outside ibm.com) that address various aspects of AI risk management.

ISO/IEC standards emphasize the importance of transparency, accountability and ethical considerations in AI risk management. They also provide actionable guidelines for managing AI risks across the AI lifecycle, from design and development to deployment and operation.

While the AI risk management process necessarily varies from organization to organization, AI risk management practices can provide some common core benefits when implemented successfully.

AI risk management can enhance an organization’s cybersecurity posture and use of AI security.

By conducting regular risk assessments and audits, organizations can identify potential risks and vulnerabilities throughout the AI lifecycle.

Following these assessments, they can implement mitigation strategies to reduce or eliminate the identified risks. This process might involve technical measures, such as enhancing data security and improving model robustness. The process might also involve organizational adjustments, such as developing ethical guidelines and strengthening access controls.

Taking this more proactive approach to threat detection and response can help organizations mitigate risks before they escalate, reducing the likelihood of data breaches and the potential impact of cyberattacks.

AI risk management can also help improve an organization’s overall decision-making.

By using a mix of qualitative and quantitative analyses, including statistical methods and expert opinions, organizations can gain a clear understanding of their potential risks. This full-picture view helps organizations prioritize high-risk threats and make more informed decisions around AI deployment, balancing the desire for innovation with the need for risk mitigation.

An increasing global focus on protecting sensitive data has spurred the creation of major regulatory requirements and industry standards, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the EU AI Act.

Noncompliance with these laws can result in hefty fines and significant legal penalties. AI risk management can help organizations achieve compliance and remain in good standing, especially as regulations surrounding AI evolve almost as quickly as the technology itself.

AI risk management helps organizations minimize disruption and ensure business continuity by enabling them to address potential risks with AI systems in real time. AI risk management can also encourage greater accountability and long-term sustainability by enabling organizations to establish clear management practices and methodologies for AI use. 

AI risk management encourages a more ethical approach to AI systems by prioritizing trust and transparency.

Most AI risk management processes involve a wide range of stakeholders, including executives, AI developers, data scientists, users, policymakers and even ethicists. This inclusive approach helps ensure that AI systems are developed and used responsibly, with every stakeholder in mind. 

By conducting regular tests and monitoring processes, organizations can better track an AI system’s performance and detect emerging threats sooner. This monitoring helps organizations maintain ongoing regulatory compliance and remediate AI risks earlier, reducing the potential impact of threats. 

For all of their potential to streamline and optimize how work gets done, AI technologies are not without risk. Nearly every piece of enterprise IT can become a weapon in the wrong hands.

Organizations don’t need to avoid generative AI. They simply need to treat it like any other technology tool. That means understanding the risks and taking proactive steps to minimize the chance of a successful attack.

With IBM® watsonx.governance™, organizations can easily direct, manage and monitor AI activities. IBM watsonx.governance can govern generative AI models from any vendor, evaluate model health and accuracy and automate key compliance workflows.