Quinton Andersonhttps://quintona.github.io/blog/Recent content on Quinton AndersonHugoen-us<link>https://quintona.github.io/blog/posts/agent_risk_management_overview_blog-0.1/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://quintona.github.io/blog/posts/agent_risk_management_overview_blog-0.1/</guid><description><h1 id="from-model-risk-to-agent-risk-a-practical-risk-management-approach-for-organisations-rolling-out-agents">From Model Risk to Agent Risk: A Practical Risk Management Approach for Organisations Rolling Out Agents</h1> <blockquote> <p><strong>Core idea:</strong> Agent risk management is not about proving a technical system is safe at a point in time. It is about governing <strong>delegated autonomy</strong> in a <strong>socio-technical system</strong> so that outcomes stay within policy, performance targets, and risk appetite over time. A socio-technical system with self correcting mechanisms</p></blockquote> <p>SR 11-7 does not mention hallucination rates. It does not define retrieval precision. It has no section on prompt injection, corpus freshness, or agentic decision boundaries. It was issued in 2011, long before today’s enterprise rollout of large language models and agents.<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup></p></description></item></channel></rss>