← All capabilities
Capability 3 of 5
Unsticks Level 2 · Value With Risk
Managing AI Risk.
Leaders set AI boundaries their team will actually respect — without killing speed.
Section 01
Human Layer
Make risk concrete and set rules people will actually follow.
Abstract risk policies produce shadow AI — usage that bypasses sanctioned tools to get the work done. The human move is to translate risk into rules that survive contact with the work, and to design enforcement that does not punish disclosure.
The moves
- H.1Translate risk categories into specific 'do / don't' rules per workflow
- H.2Make sanctioned tools faster than the shadow alternative
- H.3Design incident reporting that protects the reporter
- H.4Train judgment, not just policy memorization
Section 02
AI Layer
Know where the real risks live — data exposure, IP leakage, hallucination, quality.
The AI move is to understand the failure modes of the specific models and pipelines in use. Risk is not a posture; it is a set of specific exposure points that change with each vendor update, each new agent, each new integration.
The moves
- A.1Know which data flows leave the perimeter through which models
- A.2Track hallucination rates in domain-specific work, not on benchmarks
- A.3Distinguish reversible from irreversible AI errors and gate accordingly
- A.4Build adversarial intuition — how this system fails when stressed
Section 03
Anti-patterns
What gets in the way.
- ◆Blanket prohibitions that drive usage underground
- ◆Risk frameworks copied from other industries without domain mapping
- ◆Governance committees disconnected from the workflows they govern