AI risk management means identifying, measuring, controlling and monitoring risks created by AI systems. It helps organisations understand what can go wrong, how serious the impact could be, which safeguards are needed and whether those safeguards continue to work after deployment.

AI risk management is one of the practical foundations of AI governance. Governance defines the rules, roles and accountability around artificial intelligence. Risk management turns that into a concrete process: find risks, assess them, reduce them, monitor them and respond when something changes.

This matters because AI systems are not ordinary software components. They can generate text, make predictions, classify people, recommend actions, retrieve documents, use tools, influence decisions and interact with users. A system can look useful in a demo and still create legal, operational, reputational, security or safety risks in real use.

What AI risk management means

AI risk management means applying risk management principles to artificial intelligence systems. It covers the full lifecycle of the system: planning, procurement, development, training, testing, deployment, monitoring, change management and retirement.

The process is not only technical. It includes model behaviour, data quality, security, privacy, human oversight, vendor management, legal duties, business impact and user trust.

In simple terms, AI risk management answers these questions:

• What AI system are we using?
• What is it supposed to do?
• Who can be affected by it?
• What can go wrong?
• How likely is the problem?
• How serious would the impact be?
• What controls reduce the risk?
• Who owns the risk?
• How do we monitor it after deployment?
• What do we do when the system fails?

A simple example of AI risk management

Imagine a company wants to use an AI assistant to answer customer support questions. The system reads internal help articles, retrieves relevant passages and drafts answers for support agents.

The benefit is clear: faster support, more consistent answers and less repetitive work. But the risks are also clear. The system may use outdated information, invent a policy, expose internal notes, misunderstand a customer complaint or provide advice that should be reviewed by a human.

AI risk management would identify these risks before deployment. It would decide which data the assistant may access, whether customer replies need human approval, how sources are cited, how hallucinations are tested, who reviews incidents and how the system is monitored after launch.

The goal is not to block the assistant. The goal is to make its use controlled enough that the company can trust it.

Why AI risk management matters

AI systems can create value quickly, but they can also fail in ways that are hard to see at first. A model may be accurate in testing and poor in production. A chatbot may sound confident while being wrong. A recommendation system may optimise the wrong metric. An AI agent may use a tool in a way the designer did not expect.

Without risk management, an organisation may discover these problems only after deployment. By then, the damage may already involve customers, employees, regulators, data, brand reputation or business operations.

AI risk management matters because it helps organisations:

• prevent avoidable failures – risks are reviewed before deployment,
• protect users and customers – harmful or misleading outputs are reduced,
• protect sensitive data – access, prompts, logs and vendors are controlled,
• improve reliability – models are tested and monitored,
• support compliance – AI use is documented and auditable,
• assign accountability – owners are named before problems appear,
• build trust – people know the system is not unmanaged.

AI risk management vs AI governance

AI risk management and AI governance are closely related, but they are not identical.

AI governance is the broader system of rules, roles, processes and controls for safe, auditable and accountable AI use.

AI risk management is the specific process of identifying, assessing, reducing and monitoring AI risks.

Governance defines the structure. Risk management operates inside that structure. Governance says who owns AI, which policies apply and how decisions are approved. Risk management asks what can go wrong, how serious it is and what should be done about it.

AI risk management vs normal IT risk management

AI risk management overlaps with traditional IT risk management, cybersecurity and data protection. But AI adds extra challenges.

Traditional software usually follows explicit rules written by developers. AI systems may learn patterns from data, produce probabilistic outputs, behave differently across contexts and change when models, prompts, data or retrieval sources change.

This means AI risk management must consider not only system availability and access control, but also model behaviour, hallucinations, bias, explainability, data leakage, model drift, prompt injection, reward hacking, unsafe tool use and unclear accountability.

Standard IT controls are still useful. But they are not enough by themselves.

The AI system lifecycle

AI risk management should cover the whole system lifecycle. Risk does not appear only at launch.

AI risks can appear when the use case is selected, when data is collected, when a vendor is chosen, when prompts are written, when the model is evaluated, when the system is connected to tools, when users start relying on outputs and when the environment changes.

A practical lifecycle view includes:

1. Idea and use case selection – is AI appropriate for this problem?
2. Risk classification – is the use case low-risk, medium-risk, high-impact or regulated?
3. Data review – what data is used and is it suitable?
4. Model or vendor selection – what technology is used and what are its limitations?
5. Development and configuration – how are prompts, tools, retrieval and workflows designed?
6. Testing and validation – does the system work under realistic and adversarial conditions?
7. Deployment – are access, monitoring, approval and rollback controls ready?
8. Monitoring – does the system keep working after launch?
9. Incident response – what happens when something fails?
10. Review or retirement – should the system be updated, restricted or removed?

Identifying AI risks

Risk identification means finding what can go wrong. This should happen before the system is deployed and then continue during operation.

AI risks can come from many sources: data, model behaviour, users, vendors, prompts, tools, retrieval systems, security threats, business processes and the wider environment.

Common AI risks include:

• wrong predictions – the model produces inaccurate or misleading outputs,
• hallucinations – a generative model invents unsupported information,
• bias and unfairness – errors affect some groups more than others,
• data leakage – the system uses information that should not be available,
• privacy exposure – personal or confidential data is revealed,
• security attacks – prompt injection, data poisoning or tool abuse,
• lack of explainability – people cannot understand or challenge outputs,
• over-automation – AI actions happen without enough human oversight,
• model drift – performance changes as data and user behaviour change,
• vendor dependency – external tools change behaviour, pricing, terms or data handling,
• regulatory non-compliance – the use case violates legal obligations,
• reputational harm – AI output damages brand trust.

Measuring AI risks

Risk measurement means estimating how likely a risk is and how serious its impact could be. Not every risk deserves the same level of control.

A typo in an internal draft generated by AI is usually a low-impact issue. An AI system that influences a loan decision, medical triage or employment screening is very different. The same type of error can have a much higher impact depending on context.

AI risk measurement often considers:

• likelihood – how often the problem may occur,
• impact – how serious the harm would be,
• detectability – how easily the organisation can notice the problem,
• reversibility – whether the damage can be corrected,
• affected stakeholders – customers, employees, partners or the public,
• legal sensitivity – whether regulated decisions or personal data are involved,
• automation level – whether the system only advises or also acts,
• scale – how many people or processes may be affected.

Risk scoring

Many organisations use a risk scoring method to classify AI systems. The exact scale can differ, but the logic is similar.

A simple approach may classify AI systems as low, medium or high risk. A more mature approach may use a matrix combining likelihood and impact, with separate scoring for privacy, safety, fairness, security, operational reliability and compliance.

Risk scoring should not become a mechanical exercise. A number is useful only if it leads to the right decision: approve, reject, add controls, require human review, limit access, run additional testing or monitor more closely.

Controlling AI risks

Risk controls are measures that reduce likelihood, reduce impact or improve detection. In AI systems, controls can be technical, organisational or procedural.

Examples include:

• access control – limit who can use the AI system and what data it can access,
• human review – require people to approve high-impact outputs,
• output validation – check whether generated output follows rules or contains sensitive data,
• source grounding – require answers to be based on approved documents,
• prompt injection defences – treat external content as untrusted,
• tool permission limits – restrict what an AI agent can do,
• testing and red teaming – search for failures before attackers or users find them,
• logging – record prompts, outputs, tool calls and decisions,
• monitoring – track performance, misuse, drift and incidents,
• fallback procedures – define what happens when the AI system is unavailable or unsafe,
• training – teach employees safe and approved AI use.

Monitoring AI risks

AI risk management does not end when the system goes live. Monitoring is essential because AI systems can change in performance even when the code does not change.

Input data can drift. User behaviour can change. Documents in a RAG system can become outdated. A vendor can update its model. Attackers can discover new prompt injection methods. Business rules can change. A model can become less reliable over time.

Monitoring should cover:

• performance – whether the system still produces useful outputs,
• accuracy – whether predictions or answers remain correct,
• hallucinations – whether generated outputs contain unsupported claims,
• bias – whether errors are uneven across groups,
• security events – prompt injection, abuse or unusual tool calls,
• data access – whether the system retrieves or exposes inappropriate data,
• usage drift – whether people use the system outside its approved purpose,
• incidents – failures, complaints, escalations and near misses.

NIST AI Risk Management Framework

The NIST AI Risk Management Framework is one of the most important references for AI risk management. It is built around four high-level functions: Govern, Map, Measure and Manage.

• Govern – establish policies, roles, accountability and organisational practices for AI risk management.
• Map – understand the context, purpose, stakeholders, assumptions and potential impacts of the AI system.
• Measure – assess, analyse and track AI risks, performance and trustworthiness characteristics.
• Manage – prioritise, respond to and monitor AI risks through controls and continuous improvement.

This structure is useful because it shows that AI risk management is not a one-time checklist. It is a continuous process that connects policy, system context, measurement and response.

ISO/IEC 23894

ISO/IEC 23894 provides guidance on AI risk management. It helps organisations integrate risk management into activities involving AI products, systems and services.

Its practical value is that it treats AI risk management as part of organisational risk management, not as a separate technical hobby. AI risk should be connected to normal management processes, decision-making, accountability and lifecycle controls.

This is important because AI risk is often cross-functional. Data teams, legal teams, compliance teams, security teams, product teams and business owners all need a shared way to discuss risk.

ISO/IEC 42001

ISO/IEC 42001 is a standard for AI management systems. It focuses on how organisations establish, implement, maintain and improve a management system for responsible AI use.

AI risk management fits naturally into this management system. A company should not only assess one model once. It should have repeatable processes for identifying AI systems, assigning responsibilities, managing risks, documenting decisions, monitoring performance and improving controls.

For organisations already familiar with ISO-style management systems, ISO/IEC 42001 can help connect AI risk management with existing security, privacy, quality and compliance structures.

EU AI Act and risk management

The EU AI Act uses a risk-based approach to artificial intelligence. It places stronger obligations on AI systems that create higher risk, especially high-risk systems that can affect safety or fundamental rights.

For organisations, the practical lesson is that AI systems should be classified by risk. Some uses may be low-risk. Some may require transparency. Some may be prohibited. Some may be high-risk and require stronger controls, documentation, monitoring and human oversight.

Even when a specific use case is not high-risk under law, the risk-based logic remains useful. AI systems should not all receive the same level of review. The governance burden should match the potential harm.

OECD AI principles

The OECD AI Principles focus on trustworthy AI that respects human rights, democratic values, transparency, robustness, safety and accountability.

These principles are useful for AI risk management because they remind organisations that risk is not only technical failure. Risk can also involve unfair treatment, lack of transparency, weak accountability, unsafe deployment or harm to people affected by AI-supported decisions.

Principles alone are not enough. But they help define what responsible risk management should protect.

AI security risk management

AI security risk management focuses on threats that can compromise AI systems, data or outputs.

Security risks include prompt injection, data poisoning, model theft, sensitive information disclosure, insecure plugins, excessive agency, supply chain compromise, output manipulation and unauthorised access.

For systems based on large language models, security risk management must consider not only the model, but also prompts, retrieved documents, tools, plugins, APIs, logs and permissions.

Useful controls include least privilege, sandboxing, access control, tool validation, red teaming, monitoring, rate limits, secret protection and separation between trusted instructions and untrusted content.

AI risk management and prompt injection

Prompt injection is a major risk in LLM systems. It happens when external content tries to manipulate the system’s instructions.

For example, a malicious webpage, email, document or support ticket may contain text telling the AI system to ignore its instructions, reveal confidential data or take an unintended action. If the model follows the untrusted content, the risk becomes real.

AI risk management should treat prompt injection as an architectural risk, not only a prompt-writing problem. Controls may include limiting tools, validating actions, separating data from instructions, using human approval for sensitive actions and logging tool calls.

AI risk management and data leakage

Data leakage happens when a model receives information during training or evaluation that would not be available in real use. It can make a model look much better than it really is.

In AI risk management, data leakage is a validation risk. The organisation may approve a model because test results look strong, even though the evaluation was contaminated.

Controls include proper train-test separation, time-based validation when needed, preventing preprocessing leakage, checking feature availability and documenting the prediction moment.

AI risk management and model explainability

Model explainability helps people understand why a model produced a certain output or prediction. It is important for risk management because unexplained outputs are harder to challenge, audit and improve.

Explainability is especially important when AI affects people or high-value business decisions. If a model denies a customer, flags fraud, ranks applicants or influences pricing, stakeholders may need to understand which factors mattered.

Explainability also helps detect risk. If a model relies on a suspicious feature, leaked field or irrelevant shortcut, explanation tools may reveal that the model is not learning what the team intended.

AI risk management and RAG

RAG, or retrieval-augmented generation, combines document retrieval with generated answers. It can reduce hallucination risk by grounding answers in external sources, but it also creates new risks.

A RAG system can retrieve outdated documents, retrieve information the user should not see, miss the relevant source, cite the wrong passage or generate an answer that is not supported by the retrieved content.

Risk controls for RAG include approved source lists, document freshness rules, access control, retrieval evaluation, citation requirements, chunking review, source logging and human review for high-impact answers.

AI risk management and embeddings

Embeddings are numerical representations of content such as text, images, documents or products. They are widely used in search, recommendation, clustering and RAG systems.

Embedding systems create risk because similarity is not the same as correctness. A system may retrieve a document that is semantically close but not actually appropriate. It may also expose information through vector search that users should not access.

Controls include access-aware retrieval, relevance testing, vector database permissions, deletion processes, embedding model documentation and monitoring of retrieval failures.

AI risk management and chunking

Chunking is the process of splitting longer documents into smaller pieces for retrieval or model context.

Chunking can affect AI risk because it changes what context the model receives. If chunks are too short, important context may be lost. If chunks are too long, retrieval may become less precise. If sensitive content is mixed into chunks without access rules, the wrong user may retrieve it.

Risk management for chunking should include testing retrieval quality, reviewing document structure, preserving important context and ensuring that access permissions apply at the right level.

AI risk management and RLHF

RLHF, or reinforcement learning from human feedback, uses human preferences to shape model behaviour. It can improve helpfulness and instruction following, but it also creates risks.

Human feedback can be inconsistent, biased or too focused on surface-level quality. A model may learn to produce answers that look pleasing, confident or polite without being more correct. A reward model may prefer style over substance.

Risk management for RLHF should consider feedback quality, annotator instructions, disagreement handling, evaluation criteria, reward model limitations and monitoring for unintended behaviour.

AI risk management and reward hacking

Reward hacking happens when a model optimises the reward signal while missing the real purpose of the task.

This is a risk management issue because the metric may improve while the actual outcome gets worse. A system rewarded for engagement may promote low-quality content. A support bot rewarded for fast closure may close tickets without solving issues. A model rewarded for user satisfaction may become overly agreeable.

AI risk management should review whether metrics represent the real goal. It should also monitor for shortcuts, proxy failures and unexpected optimisation behaviour.

AI risk management and AI agents

AI agents create stronger risk management needs because they can take actions, not only generate answers.

An AI agent may call APIs, update records, send messages, run code, create tasks, browse websites or operate across several tools. If the agent is manipulated or misunderstands the task, the impact can be operational, not only textual.

Controls for AI agents include least privilege, tool allowlists, human approval for sensitive actions, action logging, budget limits, rollback mechanisms, sandboxing and clear stop conditions.

AI risk management and agentic AI

Agentic AI refers to AI systems focused on goal-driven action and autonomy. These systems may plan, call tools, use memory and execute multi-step workflows.

The more autonomy a system has, the more risk management matters. A simple drafting assistant may only need human review. A system that changes business records or triggers external communication needs stronger controls.

Agentic AI risk management should focus on permissions, tool scope, task boundaries, monitoring, incident response and whether the system can be stopped or reversed when it behaves unexpectedly.

AI risk management and multimodal models

Multimodal models work with more than one input type, such as text, images, audio, video, charts, screenshots or documents.

These systems create additional risks because harmful or misleading information may appear in non-text form. A screenshot may contain hidden instructions. A chart may be misread. An image may include personal data. A document scan may contain low-quality text extraction.

Risk controls include testing across modalities, verifying visual evidence, checking privacy exposure, preventing multimodal prompt injection and requiring human review where visual interpretation affects important decisions.

AI risk management in marketing and content

Marketing teams often use AI for content drafting, SEO research, social posts, ad copy, image generation, campaign analysis and customer segmentation.

The risks may look smaller than in healthcare or finance, but they are real. AI-generated content can contain false claims, outdated information, copyright problems, brand inconsistency, biased assumptions or unsupported statistics.

Marketing AI risk management should define which outputs need source checks, legal review, brand review or human editing. It should also define what customer data may be used in AI tools.

AI risk management in customer support

Customer support is a common AI use case. AI can summarise tickets, draft replies, classify issues, recommend help articles or run chatbots.

Risks include wrong advice, privacy exposure, failure to escalate serious cases, outdated policy answers and overconfidence in generated replies.

Controls include approved knowledge sources, escalation rules, confidence thresholds, human approval for sensitive replies, monitoring of unresolved cases and sampling of AI-assisted responses for quality review.

AI risk management in software development

AI coding assistants can improve productivity, but they can also introduce vulnerabilities, licensing issues, insecure patterns or code that developers do not fully understand.

Risk management should define when AI-generated code must be reviewed, how secrets are protected, how generated dependencies are checked, how security scanning is applied and whether AI-generated code may be used in production.

The rule should be simple: AI-generated code should not bypass normal engineering controls.

AI risk management in analytics

AI models used in analytics can influence business decisions even when they do not make final decisions automatically.

A lead scoring model may decide which prospects sales contacts first. A churn model may decide which customers receive retention offers. A pricing model may influence commercial strategy. A fraud model may decide which transactions receive manual review.

Risk management should check data quality, data leakage, model explainability, performance by segment, monitoring after deployment and whether users understand the model’s limitations.

Human oversight as a risk control

Human oversight is one of the most important controls in AI risk management. It means that people remain meaningfully involved where AI output can create harm.

But oversight must be real. A person who clicks approve without understanding the output is not an effective control. The human reviewer needs enough context, authority and time to challenge the system.

Good oversight defines:

• which outputs require review,
• who is allowed to approve them,
• what information the reviewer must see,
• how the reviewer can override the AI,
• when escalation is required,
• how approvals are logged.

Incident response

AI incidents can include harmful outputs, data leaks, hallucinated facts, discriminatory results, prompt injection, unauthorised tool use, wrong automated decisions, vendor failures or unexpected model behaviour.

AI risk management should define what counts as an incident and how incidents are handled.

A practical incident process includes:

1. Detect – identify the failure through monitoring, user reports or audit review.
2. Classify – determine severity, affected systems and potential harm.
3. Contain – pause, restrict, roll back or disable the system if needed.
4. Investigate – review prompts, logs, model behaviour, data and controls.
5. Correct – update prompts, data, access rules, models or processes.
6. Communicate – inform affected teams, users, customers or regulators if required.
7. Improve – update the risk assessment and controls to prevent repetition.

AI risk register

An AI risk register is a structured list of identified risks, their ratings, owners and controls. It helps organisations manage AI risk consistently instead of relying on scattered notes or informal judgement.

A useful AI risk register may include:

• risk description – what can go wrong,
• system or use case – where the risk applies,
• risk owner – who is responsible,
• likelihood – how probable the risk is,
• impact – how serious the outcome would be,
• existing controls – what is already in place,
• residual risk – what remains after controls,
• action plan – what must be improved,
• review date – when the risk will be reassessed.

Common AI risk controls

The right controls depend on the use case, but many AI systems need similar safeguards.

• AI system inventory – a central list of AI systems and tools.
• Risk classification – a tiering system based on potential impact.
• Data classification – rules for personal, confidential and sensitive data.
• Vendor review – assessment of external AI tools and APIs.
• Model or system documentation – purpose, limits, data and controls.
• Access management – least-privilege access to tools and data.
• Prompt and configuration versioning – tracking changes in LLM systems.
• Testing and validation – checking normal, edge-case and adversarial behaviour.
• Human approval – review for high-impact outputs or actions.
• Logging – records of prompts, outputs, retrieval and tool calls.
• Monitoring – ongoing checks after deployment.
• Incident response – defined process for failures and harm.

Common mistakes in AI risk management

AI risk management can fail when it becomes vague, slow, purely legal or purely technical.

• Managing AI risk only after deployment – risks should be reviewed before launch.
• Focusing only on model accuracy – accuracy is not the only risk.
• Ignoring data quality – poor data can create poor outputs.
• Ignoring prompt and retrieval risks – LLM systems are more than the model.
• Giving AI tools too much access – excessive permissions increase impact.
• Skipping human oversight – high-impact decisions need review.
• Trusting vendor claims without evidence – third-party systems still need review.
• Not monitoring production use – systems change after launch.
• Using the same controls for every use case – risk management should be proportionate.
• Confusing documentation with safety – paperwork does not replace working controls.

How to start with AI risk management

An organisation does not need a perfect framework on the first day. It needs a practical start.

A first version can include:

1. Create an AI inventory – list AI tools, models, agents and workflows.
2. Classify use cases by risk – low-risk productivity use should not be treated like high-impact decisions.
3. Assign risk owners – every AI system needs business and technical ownership.
4. Define data rules – decide what data may not be entered into AI systems.
5. Review high-risk systems – check legal, privacy, security and operational risks.
6. Test before deployment – include edge cases, misuse cases and adversarial tests.
7. Set human oversight rules – define when outputs or actions require approval.
8. Log important activity – make prompts, outputs, retrieval and tool calls auditable.
9. Monitor after launch – track failures, drift, misuse and incidents.
10. Update controls – improve the system when risk changes.

How to remember AI risk management

AI risk management can be remembered as a loop: identify, measure, control and monitor.

First, identify what can go wrong. Then measure how likely and serious the risk is. Then apply controls that reduce the risk. Then monitor whether the controls still work as the system, users, data and environment change.

The model may produce the output, but the organisation remains responsible for how the system is used.

Related terms

• AI governance – rules, processes and controls for safe, auditable and accountable AI use.
• Machine learning – the broader field in which models learn patterns from data and use them for predictions, classifications or decisions.
• Model explainability – the ability to understand why a model produced a certain output or prediction.
• Data leakage – a situation where a model receives information during training that would not be available in real use.
• Prompt injection – an attack or failure mode where external content tries to manipulate the system’s instructions.
• Large language model (LLM) – a language-focused AI model that can generate, classify, summarise and transform text.
• RAG – retrieval-augmented generation, where external documents are retrieved and used as context for generated answers.
• Chunking – splitting longer content into smaller parts for retrieval or model context.
• Embedding – a numerical representation of content used for search, retrieval, clustering or recommendation.
• RLHF – reinforcement learning from human feedback, where human preferences help shape model behaviour.
• Reward hacking – a situation where a model optimises a reward signal while missing the real purpose of the task.
• AI agent – an AI system that can pursue a goal, use tools and take actions.
• Agentic AI – a broader category of AI systems focused on goal-driven action and autonomy.
• Multimodal models – AI models that can work with more than one input type, such as text, images, audio, video or documents.
• Risk assessment – evaluating likelihood, impact and controls for a risk.
• Risk control – a safeguard that reduces the likelihood or impact of a risk.
• Residual risk – the risk that remains after controls are applied.
• Human oversight – meaningful human review, approval or intervention in AI-supported processes.
• AI system inventory – a structured register of AI systems, owners, data, risk levels and controls.
• AI incident response – the process for handling AI failures, misuse, harm or unexpected behaviour.
• Model monitoring – checking whether an AI system continues to work as expected after deployment.

Sources and further reading

• AI Risk Management Framework – nist.gov – June 2026 – official NIST page introducing the AI RMF for managing risks to individuals, organisations and society from AI systems.
• AI RMF Core – airc.nist.gov – June 2026 – explains the four NIST AI RMF functions: Govern, Map, Measure and Manage.
• AI RMF Playbook – Manage – airc.nist.gov – June 2026 – details how AI risks should be prioritised, responded to and managed based on assessment outputs.
• ISO/IEC 23894:2023 – Artificial intelligence – Guidance on risk management – iso.org – June 2026 – provides guidance for organisations that develop, deploy or use AI products, systems and services to manage AI-specific risk.
• ISO/IEC 42001:2023 – AI management systems – iso.org – June 2026 – describes an AI management system standard for managing risks and opportunities associated with AI.
• AI Act – digital-strategy.ec.europa.eu – June 2026 – official European Commission page describing the EU AI Act as a risk-based legal framework for artificial intelligence.
• AI principles – oecd.org – June 2026 – explains the OECD AI Principles for trustworthy AI, including transparency, robustness, safety and accountability.
• OWASP Top 10 for Large Language Model Applications – owasp.org – June 2026 – lists major LLM application risks such as prompt injection, sensitive information disclosure and insecure plugin design.
• Google Secure AI Framework – safety.google – June 2026 – describes SAIF as a conceptual framework for securing AI systems and addressing AI model risk management, security and privacy concerns.
• Evolving AI Risk Management: A Maturity Model based on the NIST AI Risk Management Framework – arxiv.org – June 2026 – academic paper proposing a maturity model for operationalising AI risk management practices based on the NIST AI RMF.