In this blog, we’ll explore who is and should be accountable for AI risk within organizations and how to empower them to take this significant responsibility. 

AI Security Risks

What does “AI risk” really mean? AI security risks can refer to a wide range of possibilities, including, but not limited, to:

  • Using the AI engine to access internal resources like backend production systems
  • Getting the AI engine to leak confidential information
  • Convincing an AI engine to provide misinformation

Those risks could be owned by the senior-most security leader, but what about other AI risks, like safety risks?

AI Safety Risks

Read moreUnderstanding the Linux chattr Command: A Comprehensive Guide

AI risks don’t only include security risks, but safety risks, as well. These fall more into the ethical and brand reputation category, such as the AI engine:

  • Saying something inappropriate or widely inaccurate
  • Teaching someone how to harm another
  • Impersonating another individual using personal details about their life

When it comes to AI safety, you could make a compelling case that ownership for these risks spans multiple areas, including Product, Legal, Privacy, Public Relations, and Marketing.

Yes, different elements of AI safety might fall under the purview of each of these teams, but they can’t all own them together. Otherwise, no one will truly own them and nothing will ever get done — good luck getting all of these leaders together for quick decisions.

The Role of The Privacy Team

Read moreMalware Cleaning : Using YARA and ClamAV Signatures

A common solution I’ve seen is that the Privacy team owns AI risks. It doesn’t matter whether your AI models deal with Personally Identifiable Information (PII), the Privacy person, group, or team is already equipped to assess vendors and software systems for data usage and generally has a strong idea of what data is flowing and to where.

Privacy is likely a strong advocate for establishing processes and hiring vendors when it comes to managing AI risks. Unfortunately, the privacy team alone cannot manage the much bigger picture.

Establishing an AI Risk Council

What about the larger questions and decisions that go beyond the purview of Privacy alone? Whose responsibility is it to answer complicated questions, such as:

  • Who are the audiences for the AI model?
  • How do we define an AI safety risk? What are the guardrails that determine an “unsafe” output?
  • What are the legal implications of an LLM interaction gone wrong, and how can we prepare?
  • What’s the best way to represent our AI model to the public accurately?
Read moreHow to Install SSL Certificate in Magento 2?

A best practice should be forming an AI Risk council that is composed of relevant department heads, led by the data protection officer or senior official responsible for privacy.

There will still be decisions that require executive sign-off or buy-in. In these cases, the council should meet regularly to decide and ratify larger company decisions around the company’s use and applicable development of AI. The council ensures that every relevant perspective is made part of the conversation, ideally limiting missteps around managing risk.

I want to acknowledge that creating and gathering a council like this might be easier said than done. If you’re thinking about AI like we are, however, you know it is both a threat and an opportunity. This is something already on the C-suite radar, so why not codify it? The level of difficulty will depend on a number of factors, but, in the end, I believe it’s still worth it to deliver the most comprehensive AI risk management within your organization.

Get Started Managing AI Risk

If these ideas sound good in theory, but the idea of managing AI risk internally is still daunting, you’re not alone. It’s often challenging to know where to start and to truly grasp the massive scope of AI risks within any organization. At HackerOne, we understand that every organization is different and, therefore, has different AI risks. To learn more about how to manage AI security and safety risks within your organization, download our eBook: The Ultimate Guide to Managing Ethical and Security Risks in AI. 

 

  • How to build a website with WordPress and what are the best plugins to use: Building a website with WordPress is an excellent choice due to its versatility, ease of use, and a vast array of plugins that enhance functionality. Here’s a comprehensive guide to building a WordPress website, along with recommendations for the best plugins.
  • What does this property buzzword mean and how does it actually work? Gearing simply means borrowing money to buy an asset. Negative gearing can be a tax strategy used by investors and describes when the income (ie, the rent) made from an investment is less than the expenses it incurs, meaning it’s making a loss.
  • How to Sell Your Ecommerce Business for the Best Value: Selling an ecommerce business can be a very profitable move. You can use the proceeds to invest in other projects, launch new ecommerce business websites, or even retire. For some startups, selling the business is the end goal. Whether you have a dropshipping website, sell with Amazon FBA, or own a large-scale ecommerce business, there’s an opportunity for you to sell.
  • Comprehensive Guide to WordPress Website Development: Developing a WordPress website is a sequential process that requires careful planning, thoughtful execution, and consistent maintenance to ensure it meets the needs of users and achieves its intended goals. This involves a series of clearly defined stages, including planning, designing, content creation, optimisation, and ongoing maintenance.
  • Top 10 High-Paying Jobs AI Won’t Replace in 2025: Artificial Intelligence (AI) is revolutionizing industries, automating repetitive tasks, and reshaping the global workforce. Despite its remarkable advancements, certain professions remain beyond AI’s capabilities due to their reliance on uniquely human traits like creativity, empathy, and critical thinking. This case study explores the 10 highest-paying, fastest-growing jobs in 2025 that AI won’t replace, delving into why these roles are indispensable and how they are evolving in an AI-driven world.
  • Spill Your Guts: What To Wear To Olivia Rodrigo’s Australian Tour: Never afraid of screaming out all the dark, embarrassing things we’ve all thought before, Rodrigo sings about comparing herself to her boyfriend’s ex-girlfriend. If you want an edgy outfit that mimics the music…
  • Top Social Media Plugins for WordPress to Increase Your Sites Reach and Engagement: If you are seeking to enhance your website’s reach and engagement on social media, you have come to the right place. In this article, we will delve into the premier social media plugins tailored for WordPress users. From Social Warfare to Jetpack, these plugins can facilitate seamless sharing of your content across diverse social platforms.Furthermore, we will provide recommendations to optimize your website’s visibility on social media. Keep an eye out for valuable insights!
  • How to Change PuTTY’s Appearance: PuTTY is a widely-used SSH and telnet client for Windows and Linux hosting. While its default appearance is functional, you can customise it to improve aesthetics and usability. Below are the steps to modify PuTTY’s appearance, including changing the font, window size, colours, and cursor options.
  • What programming languages does vBulletin use?: vBulletin was orginally written in perl and used a flat file database system. However, as sites grew they notice that sites could not cope with a large amounts of traffic. This problem has now been fully rectified when vBulletin was converted to php and a mysql database system.

 

Similar Posts