ai-risk-management
AI Risk Management — Beyond Security, the Whole Model Lifecycle
prompt-injection covers the AI security slice — attackers manipulating LLM inputs. This skill covers everything else risk-related about deploying AI / ML systems: governance, fairness, robustness, transparency, monitoring, incident response specific to AI failures, third-party model risk, and compliance with the emerging AI regulatory landscape.
The framing is NIST AI RMF 1.0 (released 2023) — the most widely-adopted voluntary framework — plus the regulatory layer (EU AI Act, US executive orders, sector-specific guidance). Use this skill when you are deploying AI features beyond a chatbot wrapper, when a regulator asks "how do you govern your AI," or when something has gone wrong with an AI system in production.
Cross-references: prompt-injection for prompt-injection / LLM-specific security attacks; threat-modeling for design-time AI risk modeling; incident-triage and breach-patterns for AI-related incident response patterns; csf-mapping for the broader governance frame that AI RMF sits within.
The NIST AI RMF — four functions
Just like the cybersecurity framework, the AI RMF organizes the work into functions. Same shape, different content.
| Function | What it covers |
|---|---|
| Govern (GOV) | Policy, accountability, roles, risk appetite, AI principles, board oversight, governance structures |
| Map (MAP) | Context — what is the AI system, what does it do, who is impacted, what could go wrong, what are the legal / ethical constraints |
| Measure (MEAS) | Evaluate the system — fairness, robustness, accuracy, explainability, privacy, security; quantitative + qualitative metrics |
| Manage (MAN) | Treat the risks — mitigations, monitoring, incident response, decommissioning, ongoing review |