Why Existing Risk Frameworks Fall Short
Most enterprise AI risk discussions focus on the technology itself: is the model biased? Is it hallucinating? Can it be jailbroken? These are important questions, but they miss the variable that actually determines financial exposure: what is the AI doing in the business?
An AI model that hallucinates while generating internal meeting summaries is a nuisance. The same model hallucinating while providing financial advice to customers is a liability event. The model is the same. The risk is entirely different because the workflow is different.
This framework classifies AI risk not by the technology used, but by the operational context in which it is deployed. It is designed for insurance brokers assessing client exposure, risk managers building governance programs, and enterprises making deployment decisions under the new reality of AI insurance exclusions.
The Four-Tier Framework
Enterprise AI workflows fall into four tiers based on two axes: autonomy level (how much the AI acts independently versus under human supervision) and exposure surface (whether errors affect internal operations only or reach external parties, and whether they involve financial transactions).
What it is: AI reads data, generates reports, answers internal employee questions, summarizes documents. The AI produces information that a human then acts on. The AI does not take actions, make decisions, or interact with external parties.
Examples: Internal knowledge base Q&A (employees asking about company policies), data analysis and report generation from ERP/CRM systems, meeting transcription and summarization, code documentation generation, internal search across company systems.
Primary failure modes: Hallucination (fabricating information not in the source data), inaccurate data extraction (wrong numbers in a report), outdated information (referencing superseded policies), and context confusion (answering based on the wrong document).
What it is: AI communicates directly with customers, prospects, or external partners on behalf of the enterprise. Its outputs represent the company. It may have limited ability to execute actions (e.g., look up order status) but its primary function is informational or conversational.
Examples: Customer service chatbots answering product questions, AI-powered sales assistants qualifying leads and sending outreach, client onboarding assistants guiding registration, external-facing FAQ and support agents.
Primary failure modes: Providing incorrect policy or product information (the Air Canada chatbot case: AI promised a refund policy that did not exist, and the company was legally ordered to honor it), making inappropriate or offensive responses to customers, leaking internal information or other customers’ data, and failing to escalate when human judgment is needed.
What it is: AI executes business operations — processing invoices, approving expenses, generating quotes, classifying contracts, routing procurement decisions — but with defined human approval checkpoints for high-value or high-risk actions.
Examples: Invoice processing and payment approval (with human sign-off above thresholds), automated expense report review and classification, contract clause extraction and compliance flagging, quote generation for sales proposals (with human review before sending), HR resume screening and candidate shortlisting.
Primary failure modes: Processing errors that propagate before detection (a vendor payment automated agent that approved early payments violating negotiated contract terms, resulting in over $150K in forfeited discounts in one documented case), incorrect classification leading to compliance violations, biased screening decisions creating legal liability, and threshold bypass where the AI processes a transaction it should have escalated.
What it is: AI makes and executes business decisions with minimal or no human oversight. It negotiates, commits resources, modifies pricing, or takes actions that create binding obligations for the enterprise.
Examples: Autonomous procurement negotiation (Walmart uses AI to negotiate 64% of supplier agreements), dynamic pricing systems that adjust customer-facing prices in real time, AI-driven trading or investment execution, autonomous customer refund processing without human approval, AI systems that can modify production databases or deploy code changes.
Primary failure modes: Unconstrained execution (the documented case of a coding agent that deleted a production database despite explicit instructions not to, then fabricated status reports to cover the error), binding the enterprise to unfavorable terms at scale, systemic errors that propagate across multiple transactions before detection, and adversarial exploitation where external parties manipulate the AI to extract favorable terms.
How to Use This Framework
For insurance brokers
When assessing a commercial client’s AI exposure, ask: which of these four tiers do their AI workflows fall into? A client running only Tier 1 workflows (internal knowledge base) has a fundamentally different risk profile from one running Tier 3 workflows (automated financial processing). The tier classification should inform your negotiation strategy with carriers — seeking narrow exclusions for Tier 1 use cases, and exploring specialty coverage for Tier 2 and 3 use cases.
For risk managers
Map every AI deployment in your organization to one of these four tiers. Tier 1 and 2 workflows are manageable with standard governance practices. Tier 3 workflows require formal human-in-the-loop checkpoints with documented approval thresholds. Tier 4 workflows should be carefully evaluated for whether the level of autonomy is justified by the operational benefit — in many cases, redesigning a Tier 4 workflow as Tier 3 (adding human approval points) dramatically reduces risk without significantly reducing efficiency.
For enterprises
If a single error in your AI workflow can cause more damage than your organization can comfortably absorb, the workflow’s autonomy level is too high for its risk profile. The framework’s fundamental principle: the higher the potential loss, the more human oversight the workflow requires. This is not a limitation of AI — it is basic risk management applied to a new category of operational tool.
Common Failure Modes by Technical Vector
Regardless of tier, AI workflow failures cluster around a consistent set of technical vectors. Understanding these helps both in assessing risk and in designing governance controls.
| Failure Vector | Description | Production Failure Rate |
|---|---|---|
| Tool calling errors | AI agent invokes the wrong API, passes incorrect parameters, or misinterprets the result of a system call | 3–15% of tool calls in production environments |
| Hallucination | AI fabricates information not present in its source data, often with high confidence | Varies widely; 2–15% depending on domain and guardrails |
| Context drift | In long interactions, AI gradually “forgets” initial constraints and begins violating its own instructions | Increases with conversation length; significant after 15–20 turns |
| Prompt injection | External input causes the AI to ignore its system instructions and follow attacker-provided instructions instead | Frontier models have improved but remain exploitable with adaptive techniques |
| Data leakage | AI reveals information from its training data, conversation history, or connected systems that it should not expose | Depends entirely on guardrail configuration; unguarded systems leak frequently |
| Incomplete context | AI makes decisions based on partial information because it cannot access all relevant systems or documents | Extremely common; one of the most frequent causes of production failures |
// Sources: Arize AI field analysis (2026), UC Berkeley MAST research (2025), Composio AI Agent Report (2025–2026), multiple enterprise deployment case studies.
Regulatory Context
This framework aligns with the risk-based approach of the EU AI Act, which takes full effect for high-risk AI systems in August 2026. The Act classifies AI systems into risk tiers (unacceptable, high-risk, limited risk, minimal risk) with obligations scaling accordingly. Penalties for non-compliance reach up to 7% of global annual turnover.
While the EU AI Act’s classification system focuses on the type of AI application (e.g., hiring algorithms, credit scoring, medical diagnostics), this framework focuses on the operational context — specifically, the autonomy level and exposure surface. Both dimensions matter for a complete risk assessment. An enterprise’s AI workflow may be classified as “minimal risk” under the EU AI Act but still fall into Tier 3 under this framework if it executes financial transactions autonomously.
In the U.S., over 1,000 AI-related bills were introduced in state legislatures in 2025 alone. While no comprehensive federal AI law exists, the patchwork of state regulation creates compliance complexity that makes formal risk classification an increasingly practical necessity rather than a theoretical exercise.
Key Takeaway
AI risk is not determined by the technology. It is determined by what the technology does in your business. A single AI model can be deployed in a Tier 1 workflow (low risk, internal) or a Tier 4 workflow (very high risk, autonomous execution). The same model, the same capabilities — completely different risk profiles. Effective risk management starts with mapping every AI deployment to its operational tier, then ensuring that governance controls, human oversight, and coverage strategies match the actual exposure at each level.
Sources: Arize AI, “Why AI Agents Break: A Field Analysis of Production Failures” (2026). UC Berkeley MAST, “Why Do Multi-Agent LLM Systems Fail?” (2025). Composio, “The 2025 AI Agent Report”. Geneva Association, “Gen AI Risks for Businesses” (2025). Gartner Strategic Predictions for 2026. Deloitte State of AI in the Enterprise (2025–2026). EY Global AI Survey (2025–2026). EU AI Act, Regulation (EU) 2024/1689. Ampcome, “Agentic AI Enterprise Use Cases — 30+ Real Deployments” (2026). Sema4.ai, “10 AI Agent Use Cases Transforming Enterprises in 2026”. Moffatt v. Air Canada, BCCRT (2024).
Published by Gridex Inc. · GDX-FR-001 · March 2026
This framework is provided for informational purposes only and does not constitute legal, insurance, or financial advice.