Skip to content
AI Risk Library · Security & privacy
The AI risk library

Security & privacy: 10 ways AI gets it wrong

Leaked sensitive information, missing redaction and insecure suggestions. Each failure mode below is phrased as the question people actually ask, with what it looks like in real work — and the layer of the Trust Stack that catches it.

Agreement alone is not proof

Can AI leak sensitive information into its output?

A confidential figure from one document surfaces in an unrelated answer.

Caught by the Risk Reviewer

Does AI encourage pasting confidential data into unsafe tools?

A workflow tells the user to drop private data into a tool with no protection.

Caught by the Risk Reviewer

Why does AI fail to redact personal information?

A name and ID number are left visible in a document meant to be anonymized.

Caught by the Final QA audit

Can AI fail to spot privileged information?

Legally privileged content is treated as ordinary text and exposed.

Caught by the Risk Reviewer

Does AI reuse information it shouldn't?

Data from one client's task shows up in another client's output.

Caught by the Risk Reviewer

Why does AI generate unsafe internal documentation?

An internal doc records secrets that should never be written down.

Caught by the Risk Reviewer

Can AI suggest insecure ways to share files?

It recommends emailing a sensitive file as an open, unprotected attachment.

Caught by the Risk Reviewer

Does AI suggest weak passwords or poor access controls?

A setup guide recommends a shared password and no access limits.

Caught by the Risk Reviewer

Why does AI ignore data retention risk?

A process keeps personal data far longer than it should.

Caught by the Risk Reviewer

Can AI ignore the risk of a third-party vendor?

A tool is recommended with no thought to where it sends the data.

Caught by the Risk Reviewer

One model can’t reliably catch its own mistakes. A council of independent minds can.

Run your work through the council

All 250 failure modes · See also: the Trust Stack