Every board we brief has the same concerns about AI: hallucinations, bias, job displacement, regulatory compliance. These are legitimate risks, and they deserve the attention they receive. But they are not the risks that keep AI practitioners up at night.
The risk we worry about is more subtle and more consequential: the risk that AI creates an invisible layer of systemic brittleness in your organisation that you don't discover until it fails.
The Risk That Doesn't Make Headlines
When an AI system makes a mistake, the tendency is to treat it as a technology failure. "The model was wrong." "We need better training data." "Our prompt engineering needs work."
But the most dangerous failures are not model failures — they are integration failures. An AI system that performs perfectly in isolation but subtly degrades when connected to real data flows, real business processes, and real decision-making. The degradation is gradual. It escapes detection because there is no baseline to compare against. And by the time it is visible, it has been compounding for months.
The Four Risk Categories
We categorise AI risk into four layers that boards should understand:
**1. Model Risk.** Can the AI system produce incorrect, biased, or harmful outputs? This is the layer that gets most board attention, and it is the most tractable. Testing, validation, red-teaming, and human-in-the-loop review address model risk effectively.
**2. Integration Risk.** Does the AI system degrade overall system performance when connected to real infrastructure? This is harder to detect because the failure is distributed. It requires end-to-end monitoring that spans the AI system and every system it touches.
**3. Dependency Risk.** What happens when the AI system becomes a critical dependency? If the model provider changes pricing, the embedding API goes down, or the fine-tuning pipeline breaks — what is your fallback? Most organisations don't have one.
**4. Strategic Risk.** What happens when your competitors have AI-driven capabilities that you don't? This is the risk that increases over time and is the hardest to reverse. The organisations that started earlier have data, experience, and operational patterns that cannot be purchased.
What the Board Should Ask
We recommend boards ask four questions of any AI initiative:
**1. What is our monitoring strategy?** Not just for model performance, but for end-to-end system behaviour. How will we know the system is degrading before the business feels it?
**2. What is our fallback?** If the AI system fails completely, what happens? Is there a manual process that can absorb the load? How long will it take to activate?
**3. What is our phase-out plan?** How do we decommission an AI system if it doesn't deliver? What are the criteria for pulling the plug? Who makes that call?
**4. What is our learning cadence?** How are we capturing lessons from this initiative and feeding them into the next one? How is the organisation's AI capability growing over time?
The board's role is not to understand the technical details of AI systems. It is to ensure the right governance, monitoring, and contingency structures are in place. The technology changes too fast to master. The governance principles are durable.
Focus on those principles, and the technology takes care of itself.