Common high-impact risks in prototypes
This list is not exhaustive. It is a practical starting point for deciding what needs immediate evidence or specialist review.
AI-specific controls follow the model's authority
A text suggestion has a different risk than a model that can send email, query private data, edit records, run code, or purchase something. Review what context the model receives, which tools it can call, what it can change, what must be confirmed, and how untrusted content could influence it.
Prompt injection cannot be addressed by a prompt alone. Reduce authority, isolate data, validate tool inputs, require confirmation for consequential actions, and monitor outcomes.
Privacy starts with a data map
Before writing policy language, identify what the product collects, why, where it goes, who receives it, how long it remains, and how a user can exercise relevant choices. A copied policy does not make the implementation accurate.
Escalate when consequence or obligation rises
Use qualified security, privacy, legal, accessibility, or compliance specialists when the product handles regulated or highly sensitive data, high-value transactions, children's data, material safety decisions, or contractual security obligations. A general software review should make that need visible, not pretend to replace it.