Accept. Avoid. Mitigate. Transfer.

Those four still work for AI risk.

Here's what changed: AI is non-deterministic.

Same prompt. Same data.

You can get a different output.

Perfect control is a fantasy.

You manage 𝘱𝘳𝘰𝘣𝘢𝘣𝘪𝘭𝘪𝘵𝘪𝘦𝘴.

How to do it?

Document:

- What deviation is acceptable

- What outputs trigger review

- What data is off-limits

- Who approves exceptions

Treat AI like a system with a known error rate.

Then set guardrails that match your risk appetite.