How do I build an AI risk register and what risks should it track?

An AI risk register should be built by identifying and inventorying AI systems and their contexts, then tracking and prioritizing identified risks over time.

The register should track risks such as:

• Confabulation / hallucination: Ungrounded or fabricated output from AI systems.
• Information security: Risks like prompt injection, data exfiltration, and insecure tool use (OWASP LLM01/LLM02/LLM06).
• Data privacy: Leakage of sensitive or personally identifiable information (PII) from training or context data (OWASP LLM02).
• Dangerous / harmful content & CBRN uplift: Risks related to the generation of harmful content, requiring guardrail and refusal coverage.
• Value-chain & component integration: Risks associated with third-party models, datasets, and tools, including provenance, licensing, and model-update risks (NIST-GOVERN-6.1, OWASP LLM03/LLM05).
• Security & resilience: Evaluation of adversarial robustness, prompt-injection resistance, and abuse resistance (NIST-MEASURE-2.7, OWASP LLM01/LLM04).
• Shadow AI agents: Risks from uninventoried agents using credentials, leading to persistence risks and potential control failures (NIST-MAP-1.5).
• Lack of accountability: Ensuring every consequential action has a traceable human accountability path (NIST-GOVERN-2.1).
• Observability gaps: Adversaries probing for blind spots where actions are not logged, and PII leakage through logs (ISO/IEC 42001 Cl.9, NIST-MEASURE-3.1).