NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
Deliverablesdeliverable
deliverable
public-sample

AI Risk Register

A prioritized AI security risk register connecting risks, owners, severity, likelihood, impact, remediation, validation, evidence, and executive decisions.

14-32 pages
Scope AI Product Security AssessmentScope AI Security Maturity BenchmarkScope AI Governance & Security Program Build
Client deliverable
public-sample
14-32 pages
System
AI Risk Register
Environment
Production pilot

# AI Risk Register

Sample Deliverable

Executive Summary

This risk register converts AI security concern into owned work. It prioritizes risks by impact, likelihood, owner, decision state, remediation plan, evidence, and validation status.

The main conclusion is that the product can continue controlled pilot use, but enterprise expansion should be tied to proof of retrieval authorization, agent action-class enforcement, approval context, and AI trace governance.

Heads up

Public sample notice

This is a shortened, synthetic excerpt prepared as a public sample. A client version would include system-specific evidence, implementation references, architecture screenshots, control test results, owner sign-offs, and full supporting documentation. This sample uses Northstar Support Cloud / Customer Support Copilot as the synthetic reference system. This sample is not legal advice, not a compliance certification, not an audit opinion, not a warranty, and not proof that any unreviewed system is secure.
Decision · conditional

Executive risk decision

Accept limited pilot exposure only while critical tool execution remains blocked and the first remediation wave is completed. Do not expand enterprise rollout until the critical and high-risk items have owners, dates, evidence, and retest results.

Metrics

Risk Register Snapshot

Critical risks
2
High risks
4
Medium risks
2
Blocked decisions
1
Retest required
1
Note

Risk must become work

AI risk language is cheap until it becomes an owner, a decision, a remediation action, a validation method, and a date.

Register

Risk register

AI Risk Register

The register tracks the highest-priority AI security risks for a customer-facing copilot using RAG, model-provider routing, tool access, approval workflows, and AI trace logging.

Data unavailable
/Users/ax/server-sync/ghetto/factories/aisecurity-llc/content/deliverables/data/ai-risk-register.json
Unsupported publication data path: /Users/ax/server-sync/ghetto/factories/aisecurity-llc/content/deliverables/data/ai-risk-register.json

Highest-priority risks

Findings

Priority Risk Findings

Finding · critical

Retrieval can expose content the user cannot access directly

Evidence: rag-authz-test-plan

The retrieval layer uses tenant and source filters, but the evidence does not yet prove authorization survives indexing, chunking, semantic retrieval, reranking, and prompt assembly.

Heads up

Why this is critical

This is the AI-specific version of an access-control failure. The leak may appear as a helpful answer rather than a direct document access event.
Finding · critical

Agent tool authority can exceed the intended user action

Evidence: agent-tool-permission-matrix

Tool access is not yet consistently separated into read, suggest, draft, queue, approve, and execute action classes. Without that separation, blast radius is hard to bound.

Finding · high

Human approval lacks enough context to be meaningful

Evidence: approval-context-review

Approval screens do not always show the evidence, target object, before/after diff, model rationale, blast radius, and rollback path needed for meaningful review.

Finding · high

AI traces may store sensitive customer and operational data

Evidence: ai-trace-schema

Prompts, retrieved snippets, outputs, tool calls, and approval records may contain customer-sensitive information. They need explicit classification, retention, access control, redaction, and incident-response treatment.

Executive decisions

Executive decision table

DecisionStatusRationale
Pilot expansionConditionalallowed after retrieval and action-class controls are complete
Enterprise reviewConditionalacceptable if partial controls are disclosed through evidence pack
Critical tool actionsBlockedexecution remains blocked until approval and trace controls are validated
Decision · blocked

Critical tool execution remains blocked

Customer-visible, billing-impacting, destructive, privileged, or third-party webhook execution should remain blocked until approval bundles and trace evidence are validated.

Remediation roadmap

Risk remediation roadmap

PriorityWork itemOwnerTarget
1Prove retrieval authorizationSearch Platform2026-06-15
2Enforce agent action classesAI Platform Engineering2026-06-20
3Upgrade approval contextProduct Operations2026-06-25
4Classify AI tracesSecurity Engineering2026-06-30
5Make AI abuse tests release gatesProduct Security2026-07-05
Checklist

Risk operating rules

Every critical risk needs an accountable owner.
Every high risk needs evidence and a target date.
Every accepted risk needs an executive decision.
Every partial control needs validation criteria.
Every buyer-facing claim must map to evidence.
Every tool-action risk must map to the permission matrix.
Every retrieval risk must map to authorization tests.

Evidence map

Control map

Risk evidence map

The risk evidence map links each risk to the artifact that proves current state or validates remediation.

Data unavailable
/Users/ax/server-sync/ghetto/factories/aisecurity-llc/content/deliverables/data/ai-risk-register.json
Unsupported publication data path: /Users/ax/server-sync/ghetto/factories/aisecurity-llc/content/deliverables/data/ai-risk-register.json
Note

Operating model implication

A risk register is not a spreadsheet artifact. It is the operating spine for AI security governance: intake, triage, owner assignment, remediation, validation, exception handling, and executive reporting.
Artifact

Related artifact: Enterprise AI Security Evidence Pack

The evidence pack turns risk register outputs into buyer-ready answers for procurement and security review.

/deliverables/enterprise-ai-security-evidence-pack

Appendix: risk review questions

Checklist

Questions for every AI risk

What system or workflow creates the risk?
Which user, tenant, provider, data store, or tool boundary is involved?
What is the likely impact?
What evidence proves current state?
Who owns remediation?
What decision has been made?
What validation will prove the risk is reduced?
What buyer-facing answer depends on this risk?