Module 3: Governance & Risk Management · BoK III.A
The four AI risk categories
Operational, legal, security, privacy. The Security risk card carries the most testable vocabulary → Adversarial attacks, Hallucinations, Deepfakes and Data poisoning. Privacy risk adds Data persistence and Data spillover.
Operational, legal, security, privacy. The security card carries the most testable vocabulary.
- Operational → high costs → specialised processors (CPUs and GPUs), training sets often exceeding 500,000 data points, network speeds of 10 GbE or faster; skilled hires; environmental footprint; data corruption and poisoning from insecure data without safeguards like identity and access management.
- Legal → a complex web of laws → noncompliance brings legal and financial repercussions incl. liability for harm caused by AI decisions, plus IP disputes, human rights violations, reputational damage. Counter with governance frameworks, regular legal reviews, collaboration with legal experts.
- Security → adversarial attacks (manipulated input alters outputs) · overreliance on AI for monitoring · hallucinations · deepfakes · data poisoning · false sense of security · AI misuse (automated cyberattacks, phishing, malware). Defences → regular audits, human oversight, continuous updates.
- Privacy → data persistence (data outlives its purpose) · data spillover (unintended individuals' data collected) · AI-generated or derived data complicates informed consent. Counter with data minimisation, transparency, and compliance with GDPR and friends.
Key terms - quick answers
What is “Operational risk”?
AI risk of high costs (processors, large datasets, fast networks), skilled hires, environmental footprint and data corruption/poisoning.
What is “Legal risk”?
AI risk from a complex web of laws, noncompliance, liability for harm, IP disputes, human rights violations and reputational damage.
What is “Security risk”?
AI risk including adversarial attacks, hallucinations, deepfakes, data poisoning, overreliance and false sense of security.
What is “Privacy risk”?
AI risk from data persistence and data spillover, complicated consent; countered by data minimisation, transparency and GDPR.