Skip to content
Chapter 05 · 11 min

Risk & responsibility

AI introduces risks your existing risk framework doesn't quite cover: a system that's wrong with total confidence, that can leak data, that makes decisions you may be liable for. This chapter is the risk landscape for a decision-maker — what can go wrong, and how to think about it without either panicking or ignoring it.

Risk: likelihood vs impactA grid with likelihood on the horizontal axis and impact on the vertical. The high-likelihood, high-impact corner is where mitigation must go first; the low-low corner can be accepted.impactlikelihood →mitigatefirstaccept

The fluent answer that's confidently wrong is more dangerous than the obvious error — it doesn't trip the alarm.

The risk that's easy to miss: confident wrongness

The defining risk of AI is that it's fluent. A wrong answer in clumsy language raises suspicion; the same wrong answer in polished, confident prose sails through. Models produce plausible-sounding output whether or not they actually know — they're built to, and no amount of prompting fully fixes it. This is what "hallucination" really means: not a glitch, but confident output uncalibrated to actual knowledge.

The business consequence: anywhere an AI's output is trusted without checking, you've introduced a source of confident errors that don't look like errors. The mitigation isn't to make the model perfect — you can't — it's to keep a human in the loop in proportion to the stakes, and to design so a wrong answer is catchable and survivable.

The risk families

Beyond confident wrongness, the risks that matter to a decision-maker cluster into a handful of families:

  • Accuracy & liability — the system is wrong in a way that costs money, breaks a promise, or creates legal exposure. Who's responsible when the AI gets it wrong?
  • Data & privacy — sensitive data leaks, through the model, the provider, or a breach. Real regulatory exposure under CCPA, PIPEDA, HIPAA, and the rest.
  • Security — the new attack surface: the system can be manipulated into misbehaving or leaking (the subject of the AI Security course).
  • Bias & fairness — the model reflects biases in its training data, which becomes your problem the moment it touches decisions about people.
  • Reputational — a branded AI says something embarrassing, harmful, or simply wrong, and it speaks for you.

Prioritising with a risk matrix

You can't eliminate every risk, and trying to is its own failure. Plot each risk by how likely it is and how badly it would hurt, and spend your attention accordingly. The high-likelihood, high-impact corner gets real mitigation; the low-low corner you can knowingly accept.

Risk: likelihood vs impactA grid with likelihood on the horizontal axis and impact on the vertical. The high-likelihood, high-impact corner is where mitigation must go first; the low-low corner can be accepted.impactlikelihood →mitigatefirstaccept
Mitigate the high-likelihood, high-impact corner first. Knowingly accept the low-low. The point is deliberate choices, not zero risk.

The goal isn't a risk-free system — it's a system whose risks you've chosen on purpose and can defend. "We considered that risk, judged it low-impact, and accepted it" is a position you can stand behind. "We never thought about it" is not. The matrix forces the conversation.

Responsible use is a business asset

Treating these risks seriously isn't just defensive — increasingly it's a differentiator. Enterprise customers, especially in regulated North American sectors, ask hard questions about how you handle their data and your AI's failure modes. A clear, honest answer wins business; a hand-wave loses it. The work of being responsible doubles as the work of being trustworthy to buyers.

In one line each

  • The signature AI risk is confident wrongness — fluent output uncalibrated to actual knowledge. Keep humans in the loop in proportion to the stakes.
  • Risk families: accuracy/liability, data/privacy, security, bias/fairness, and reputation.
  • Use a likelihood-vs-impact matrix to mitigate deliberately — the goal is chosen risks you can defend, not zero risk.
  • You're generally liable when your AI is wrong, not the provider; responsible use is also a commercial advantage with enterprise buyers.

Where to go next

Risk & responsibility · AI courses · SDEN