Risks and Limitations of AI ⚠️

AI is powerful but not infallible. Those who understand the risks can actively manage them. Those who ignore them risk not just money, but also trust, reputation, and legal consequences. This lesson prepares you for responsible AI deployment.

---

🎯 What You'll Learn

• The four biggest AI risks and concrete countermeasures
• What AI truly can't do — expectations vs. reality
• Key points of the EU AI Act
• What AI governance means for your daily work

---

The Four Biggest Risks 🚨

1. Hallucinations 🫧

LLMs like GPT-5 or Claude Opus 4.6 sometimes generate plausible-sounding but completely fabricated information. The model "invents" facts, sources, statistics, or even laws — with absolute confidence.

📖 Definition: Retrieval-Augmented Generation (RAG) connects an LLM with a knowledge base. The model generates answers based on verified documents rather than just training data — this drastically reduces hallucinations.

2. Bias 🎭

AI models learn from training data — and inherit its prejudices. An HR tool could systematically disadvantage certain applicant groups. A credit scoring model could discriminate against certain zip codes.

• Countermeasure: Diverse training data, regular bias audits, transparent documentation of model decisions

3. Security Risks 🔐

• Prompt injection: Attackers inject manipulative instructions into AI inputs to trigger unwanted actions
• Data leaks: Confidential information entered in prompts can be exposed through model outputs
• Countermeasures: Input validation, sandboxing, strict separation of confidential data, never enter company data into public models

⚠️ Caution: Never enter passwords, customer data, or confidential business information into publicly accessible AI tools. Use enterprise versions with data privacy guarantees.

4. Data Protection & Compliance 📋

• GDPR: Personal data may only be processed with a legal basis. Check what data flows to AI providers.
• EU AI Act: In force since 2025. Classifies AI systems by risk level (minimal, limited, high, unacceptable). High-risk systems (HR, credit scoring) require extensive documentation and audits.
• Data processing: Sign DPAs (Data Processing Agreements) with all AI providers.

🔑 Remember: Compliance isn't an obstacle — it's a quality mark. Those who use AI responsibly build long-term trust.

---

Expectations vs. Reality 🪞

---

Setting Up AI Governance 🏛️

Safe AI usage requires clear rules:

1. AI usage policy — Who may use which AI tools, for which tasks, with which data?
2. AI register — Document all AI systems in use (mandatory for high-risk systems under the EU AI Act)
3. Quality control — Define how AI outputs are reviewed (four-eyes principle, spot checks, automated tests)
4. Escalation process — What happens when AI produces errors? Who decides on shutdown?
5. Training program — Employees must understand AI risks and use tools competently

🏢 Real-world example: A financial services company established an "AI Board" — an interdisciplinary team from IT, legal, compliance, and business units that approves every new AI deployment before go-live. Result: Zero compliance violations in the first year.

---

📋 Summary

• The four main risks: hallucinations, bias, security vulnerabilities, compliance
• RAG reduces hallucinations; bias audits prevent discrimination
• The EU AI Act creates clear rules — high-risk systems require documentation
• AI governance with usage policies, registers, and quality control is mandatory
• Confidential data never belongs in public AI tools

🎯 Exercise: Create a simple AI usage policy for your team: Which tools are permitted? What data may be entered? Who reviews the results?

---

Next lesson: Your First AI Pilot — from concept to execution in four steps.