The AI Risk Stack
Depth · Core
Good for: Leaders · Operators · Insurance
AI risk is not one thing; it stacks in layers. A hallucinating model, an agent that floods a process with bad transactions, an unowned system nobody is accountable for, an unanswerable question about who pays when harm occurs, and the slow erosion of customer trust are all “AI risk”, but they are different problems with different fixes. Naming the layers turns a vague worry into a set of addressable parts, and lets you ask two concrete questions of each: what control reduces it, and what insurance transfers the loss when it happens anyway.
That mapping, layer to assurance and layer to insurance, is the organizing idea behind this whole reference. This page sets out the five layers.
Why a stack
Treating AI risk as a single category leads to either paralysis or false comfort. A layered model does two useful things. It shows that a control which addresses one layer, say a strong evaluation suite, does little for another, say unclear governance. And it shows where assurance and insurance each attach: most layers can be both reduced by controls and, increasingly, transferred by cover. The five layers below run from the most technical to the most human.
The five layers
1. Model risk
The AI itself. This is the layer of hallucination, bias, model drift over time, prompt injection and jailbreaks, and plain capability limits. The canonical catalog of these technical failure modes is the OWASP Top 10 for LLM Applications.
- Assurance: evaluation and red-teaming before deployment, runtime guardrails, and production monitoring to catch drift.
- Insurance: the most directly addressed layer so far. Munich Re’s aiSure performance guarantee pays out when measured model performance drops below a threshold, and AIUC-1-backed agent cover responds to failures such as hallucination and prompt injection.
2. Operational risk
The AI inside a business process. Here the concern is not the model in isolation but what happens when it is wired into real workflows: integration faults, automation running at a speed and scale no human reviews, broken human-in-the-loop checks, and dependence on a handful of foundation-model providers, which concentrates risk so that one provider’s outage or regression affects many users at once.
- Assurance: operational monitoring, incident response, change management, and third-party and model-provider risk management.
- Insurance: technology errors and omissions, business interruption, and cyber lines are the closest fit. This is also the layer that prudential regulators reach through operational-risk rules such as APRA’s CPS 230, which does not name AI but captures it as operational and service-provider risk.
3. Governance risk
The organizational layer. The risk that no one owns a given AI system, that there is no policy governing its use, that decisions are undocumented, or more broadly that the organization fails to govern AI and cannot show otherwise.
- Assurance: governance platforms, an AI management system certified to ISO/IEC 42001, clear ownership, policy, and risk registers, and independent audit.
- Insurance: directors and officers cover is the exposed line, as “failure to govern AI” claims emerge and securities regulators treat AI as a potential material disclosure issue.
4. Liability and legal risk
Who is on the hook, and to whom. When an AI causes harm, the causation chain runs through the model provider, the tools and frameworks around it, the integrator, the deployer, and the user, and traditional wordings assume a single negligent party. On top of distributed causation sit regulatory exposure (most concretely the EU AI Act) and questions such as liability for AI output that infringes intellectual property.
- Assurance: contracts that allocate responsibility, documentation and assurance evidence that establish what was done, and alignment to recognized standards.
- Insurance: professional indemnity and technology errors and omissions, the new standalone AI liability policies from MGAs such as Armilla, and product liability. Note that the EU withdrew its proposed AI Liability Directive in October 2025, so the burden-of-proof question it would have eased remains open in Europe.
5. Reputation and trust risk
The loss that does not appear directly on a balance sheet but shows up anyway: brand damage, lost customer trust, and churn after a visible AI failure. It is the hardest layer to quantify and the hardest to transfer.
- Assurance: monitoring, transparency and disclosure (the direction the EU AI Act’s transparency rules push), strong governance, and prepared communications.
- Insurance: largely uninsurable as a direct loss. Some reputational-harm endorsements exist, but this layer is managed and mitigated far more than it is transferred. It is the clearest case for investing in the lower layers, because the cheapest way to protect trust is to not fail visibly in the first place.
The stack at a glance
| Layer | Example failure modes | Assurance controls | Exposed insurance |
|---|---|---|---|
| Model | Hallucination, bias, drift, prompt injection | Evals, red-teaming, guardrails, monitoring | aiSure performance guarantee, AIUC-1 agent cover |
| Operational | Integration faults, automation at scale, provider concentration | Monitoring, incident response, vendor management | Tech E&O, business interruption, cyber |
| Governance | No owner, no policy, failure to govern | Governance platforms, ISO 42001, audit | Directors and officers |
| Liability and legal | Distributed causation, regulatory breach, IP infringement | Contracts, documentation, standards alignment | PI/Tech E&O, AI liability policies, product liability |
| Reputation and trust | Brand damage, lost trust, churn | Monitoring, transparency, governance, comms | Largely uninsurable; manage, do not transfer |
How the layers interact
The layers are not independent; risk flows upward through them. A model-layer fault, a hallucinated answer, becomes an operational incident when an agent acts on it thousands of times, becomes a governance failure if no one owned the check that should have caught it, becomes a liability claim when a customer is harmed, and ends as reputation damage when the story spreads. The practical lesson is that controls are cheapest and most effective low in the stack, while the costs land high in it. Investing in model and operational assurance is, in effect, the most reliable protection for the governance, liability, and reputation layers above.
Where this connects
Each layer points outward to the rest of this reference. The controls in every row are covered in What Is AI Assurance?, the cover in every row in What Is AI Insurance?, and the standards and regulations that set the baseline, ISO/IEC 42001, the NIST AI RMF, the EU AI Act, and the regional rules, are explained in The Standards Landscape Explained. The Landscape section maps the specific players across all of them.
Common questions
What is the AI risk stack? The AI risk stack is a way of organizing AI risk into layers rather than treating it as one undifferentiated worry. This reference uses five layers: model, operational, governance, liability and legal, and reputation and trust. Each layer can be mapped to the controls that address it (assurance) and the cover that transfers its losses (insurance).
What are the layers of AI risk? Five layers. Model risk is the AI itself (hallucination, bias, drift, prompt injection). Operational risk is the AI inside a process (integration faults, automation at scale, provider dependency). Governance risk is organizational (unclear ownership, missing policy). Liability and legal risk is about who is on the hook and regulatory exposure. Reputation and trust risk is the damage to standing that does not show up directly on a balance sheet.
How does the risk stack help with assurance and insurance? It turns a vague worry into addressable parts. For each layer you can ask two concrete questions: what control reduces this risk, and what insurance transfers the loss if it happens anyway. That mapping is the organizing idea behind this whole reference.
Which AI risks can be insured? Model, operational, governance, and liability risks all have at least emerging insurance options, from performance guarantees to AI liability policies and directors and officers cover. Reputation and trust risk is the hardest to transfer and is usually managed through controls and disclosure rather than insured directly.