An AI agent risk register is a simple table that tracks what can go wrong before an agent touches real work. It turns vague concerns into owners, controls, and review dates.
Risk Register Template
| Field | What to capture |
|---|---|
| Agent name | Plain-language name |
| Workflow | Exact process supported |
| Data accessed | Files, systems, customer data |
| Allowed actions | Read, draft, update, send, trigger |
| Risk scenario | What could go wrong |
| Control | How risk is reduced |
| Owner | Business or technical owner |
| Review date | Next review |
Common Agent Risks
- Over-permissioned tool access.
- Unreviewed customer-facing output.
- Missing logs for tool calls.
- Cost spikes from repeated actions.
- Unclear responsibility when output is wrong.
Example Row
| Agent | Risk | Control | Owner |
|---|---|---|---|
| Support reply agent | Sends inaccurate answer | Draft-only mode plus human approval | Support lead |
How to Use This
Create one row per agent and one row per meaningful risk. Review the register before expanding permissions.
Bottom Line
If an agent can take action, it deserves a risk register. The table does not slow adoption; it makes safer adoption repeatable.