Practical Checklists

AI Risk Checklists

Practical checklists for slowing down before trusting AI output, sharing sensitive data, using AI-generated code, researching security issues, or deploying AI tools in a team environment.

Showing 5 checklists across 5 areas

General AI Use

1 checklist

Students · Developers · Cybersecurity Analysts · Business Leaders · Compliance/Risk Teams · General Users

Before You Trust an AI Answer

Use this checklist before relying on an AI answer for research, writing, technical work, planning, or decision-making.

Checklist

  • Can I verify the key claims from reliable external sources?
  • Did the AI separate facts from assumptions?
  • Are there names, dates, numbers, citations, or links that need checking?
  • Does the answer depend on current information that may have changed?
  • Would a wrong answer create academic, financial, legal, security, or safety risk?
  • Have I compared the answer against primary sources when the stakes are high?

Recommended action

Treat the answer as a starting point, not a final authority. Verify important claims before acting on them.

Related pitfalls

HallucinationFabricated CitationsOutdated KnowledgeFalse PrecisionOverconfidence

Privacy & Sensitive Data

1 checklist

Developers · Cybersecurity Analysts · Business Leaders · Compliance/Risk Teams · General Users

Before You Paste Sensitive Data

Use this checklist before putting private, regulated, confidential, or security-sensitive information into an AI tool.

Checklist

  • Does the prompt include customer, employee, student, patient, financial, or legal information?
  • Does it include passwords, API keys, tokens, private keys, internal URLs, or infrastructure details?
  • Does it include source code, logs, tickets, architecture diagrams, or incident details that should stay private?
  • Do I know whether this AI tool stores, trains on, or logs submitted data?
  • Is this tool approved by my organization for this type of data?
  • Can I remove, mask, summarize, or anonymize the sensitive parts first?

Recommended action

Remove or mask sensitive information before using AI, and use only approved tools for regulated or confidential data.

Related pitfalls

Sensitive Data ExposurePrompt InjectionTool MisuseUnsafe Automation

Code & Development

1 checklist

Developers · Students · Cybersecurity Analysts

Before You Use AI for Code

Use this checklist before copying, running, committing, or deploying AI-generated code.

Checklist

  • Does the code match my actual framework, version, and file structure?
  • Are all imports, packages, paths, and configuration settings valid?
  • Have I run the code locally and checked the exact error output?
  • Does the code introduce insecure patterns, weak validation, or unsafe defaults?
  • Does it handle errors, edge cases, and unexpected input?
  • Do I understand what the code does before adding it to the project?

Recommended action

Run and review AI-generated code like any external contribution. Do not paste it blindly into a project.

Related pitfalls

Non-runnable CodeVersion MismatchInsecure CodeHallucination

Cybersecurity Research

1 checklist

Cybersecurity Analysts · Developers · Compliance/Risk Teams

Before You Use AI for Cybersecurity Research

Use this checklist when AI is helping with vulnerabilities, CVEs, threat modeling, incident analysis, or security documentation.

Checklist

  • Are CVEs, CWEs, techniques, product names, and versions verified against authoritative sources?
  • Could the AI be inventing exploit paths, attack steps, or vulnerability details?
  • Does the answer distinguish confirmed exploitation from theoretical risk?
  • Are vendor advisories, NVD, CISA KEV, MITRE, or official documentation checked directly?
  • Could the prompt or output expose sensitive logs, indicators, architecture, or incident details?
  • Is human review required before taking action or sharing the analysis?

Recommended action

Use AI to accelerate analysis, but verify security claims with trusted primary sources before acting.

Related pitfalls

HallucinationFabricated CitationsPrompt InjectionSensitive Data ExposureOverconfidence

Team / Organizational Deployment

1 checklist

Business Leaders · Compliance/Risk Teams · Developers

Before Your Team Deploys an AI Tool

Use this checklist before adopting, piloting, or deploying an AI tool in a team or organization.

Checklist

  • What data will users submit, and is that data allowed in the tool?
  • Who is responsible for reviewing AI output before decisions are made?
  • What risks could occur from hallucinations, privacy leakage, prompt injection, or unsafe automation?
  • Does the tool have access to files, email, calendars, browsers, databases, APIs, or other systems?
  • Are there logging, approval, rollback, and incident response procedures?
  • Have users been trained on what the AI can and cannot be trusted to do?

Recommended action

Start with a limited, low-risk pilot and define data rules, review procedures, and approval boundaries before wider use.

Related pitfalls

Sensitive Data ExposureTool MisusePrompt InjectionAutomation BiasOverconfidence