The AI Security Decision Flowchart: What Safeguard Do You Need Next?
AI Security / Risk Article
You are inside the AI Security / Risk learning path.
Return to the AI Security / Risk hub anytime to continue the path, use the checklist, or choose the next article.
← Back to AI Security / Risk HubChoose the Safeguard That Matches the Risk
The AI Security Decision Flowchart helps you choose what safeguard to add next. Not every AI workflow needs the same control. A personal brainstorming workflow needs basic privacy rules. A customer-facing workflow needs review, approval, and monitoring. A technical AI agent needs permission controls and abuse testing.
The Decision Flow
- Does the prompt include sensitive data? Remove it, anonymize it, or use an approved controlled tool.
- Will the output affect customers, money, health, hiring, security, or legal claims? Require human review and approval.
- Can the AI access files, tools, APIs, or systems? Apply least privilege and log activity.
- Can the AI take action automatically? Add approval gates, rollback plans, and monitoring.
- Does the workflow use retrieved documents or RAG? Check access controls, retrieval filters, and data exposure risk.
- Could outside content influence the AI? Test for prompt injection and treat untrusted content as data, not instructions.
When in Doubt, Add Review
Human review is the default safeguard when the risk level is unclear. It gives the workflow a pause point before AI output becomes a decision, message, action, or customer-facing result.
The right safeguard is the one that matches what the AI can see, say, or do.
Continue the AI Security / Risk Path
← Back to AI Security / Risk Hub