BrianOnAI logoBrianOnAI

risk

This glossary entry explains risk for AI governance and model risk programs. The sections below summarize what the term means in plain language, why chief AI officers and cross-functional committees track it, where teams often get confused, and—when you are signed in—how it shows up across major industries and in expectations tied to the EU AI Act and NIST AI RMF. Use related links at the end of the page to explore neighboring concepts without losing context.

What It Means

Risk is the combination of how likely something bad (or good) could happen and how much impact it would have on your business objectives. In AI systems, this means considering both the probability that your AI will cause problems and how severe those problems could be for your organization. It's essentially asking 'what could go wrong, how likely is it, and how much would it hurt?'

Why Chief AI Officers Care

CAIOs must quantify and manage AI risks to protect the organization from regulatory penalties, reputation damage, and operational failures. Risk assessment is required for AI governance frameworks and helps prioritize where to invest limited resources for maximum protection. Poor risk management can lead to costly incidents, regulatory investigations, and loss of stakeholder trust.

Real-World Example

A bank's AI loan approval system has a risk of discriminating against certain demographic groups. The probability might be moderate (30% chance of bias emerging over time), but the impact would be severe (regulatory fines, lawsuits, reputation damage, and required system shutdown). This high-impact, moderate-probability combination makes it a significant risk requiring immediate mitigation measures.

Common Confusion

People often confuse risk with just the bad outcome itself, forgetting that risk includes probability. A catastrophic but extremely unlikely event may actually be lower risk than a moderate problem that happens frequently.

Industry-Specific Applications

Premium

See how this term applies to healthcare, finance, manufacturing, government, tech, and insurance.

Healthcare: In healthcare AI, risk encompasses patient safety threats, regulatory compliance failures, and operational disruptions -...

Finance: In finance, AI risk encompasses operational risks like model failures affecting trading algorithms or credit decisions, ...

Premium content locked

Includes:

  • 6 industry-specific applications
  • Relevant regulations by sector
  • Real compliance scenarios
  • Implementation guidance
Unlock Premium Features

Technical Definitions

NISTNational Institute of Standards and Technology
"The composite measure of an event’s probability of occurring and the magnitude or degree of the consequences of the corresponding event. The impacts, or consequences, of AI systems can be positive, negative, or both and can result in opportunities or threats (Adapted from: iso 31000:2018 )"
Source: NIST_AI_RMF_1.0
"A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence."
Source: SP800-12
"An uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives"
Source: IEEE_Soft_Vocab
"effect of uncertainty on objectives"
Source: ISO_IEC_38507

Explore more glossary terms

Discuss This Term with Your AI Assistant

Ask how "risk" applies to your specific use case and regulatory context.

Start Free Trial