Night Mode LabsBlue Book
AI and Data Platforms

AI Risk and Governance

AI governance should make AI systems safe to adopt without blocking all experimentation. Scope controls to the risk of the use case, data, and actions the system can take.

Risk dimensions

Assess AI use cases by:

  • Data sensitivity.
  • User impact.
  • Autonomy and tool access.
  • Regulatory or contractual exposure.
  • Ability to explain or audit outputs.
  • Failure reversibility.
  • Exposure to external users or untrusted input.

Control tiers

Minimum governance

Every AI system should document:

  • Use case and owner.
  • Approved data types.
  • Model or provider.
  • Evaluation method.
  • Logging and retention approach.
  • Human review expectations.
  • Disablement path.
  • Known limitations.

High-risk controls

High-risk systems may need:

  • Formal approval before launch.
  • Stronger evals and red-team testing.
  • Human-in-the-loop review.
  • Audit trails for prompts, outputs, and tool actions.
  • Bias, safety, and privacy review.
  • Vendor and model risk assessment.

Watchouts

  • Internal tools can still expose sensitive data.
  • AI outputs should not become records of fact without verification.
  • Governance that ignores developer workflow will be bypassed.
  • Treat autonomous tool access as privileged automation.

ML Platform Operations

Previous Page

Platform Product Model

Next Page

On this page

Risk dimensionsControl tiersMinimum governanceHigh-risk controlsWatchouts