AI Safety Risk Management

There are no prerequisites for this simulation, it is LLM agnostic. It is suitable for participants across all levels seeking practical experience in managing AI and Agentic AI system risks.

Target audience

This simulation is designed for:

• Security, risk, assurance, and governance professionals
• Privacy specialists, and DPO’s
• Security operations and IT leaders
• Business managers and decision-makers responsible for AI adoption

By the end of this simulation, participants will be able to:

• Identify the difference between AI systems that recommend versus AI systems that act, and the associated risk implications
• Recognise circular trust vulnerabilities where human oversight depends on AI-generated reports
• Evaluate how multiple Agentic AI systems can work at cross purposes during crisis situations
• Apply regulatory frameworks, including EU AI Act Article 14, ISO/IEC 42001, and NCSC CAF, to NIST AI oversight design
• Assess biometric data collection risks and understand the permanent nature of biometric compromise
• Formulate appropriate responses when automated systems obstruct incident response
• Distinguish between attack vectors (how breaches occur) and root causes (architectural vulnerabilities)

Simulation introduction

• Overview of Agentic AI systems and their roles in modern organisations
• Understanding emerging risk categories beyond traditional cybersecurity
• Key principles of AI oversight and governance

Scenario setup: AI Operations Supervisor role

• Context: Mid-sized UK bank with extensive AI adoption and agentic services
• Incident briefing: Discovery of major fraud involving multiple AI systems
• Team composition and responsibilities

Managing AI risks in practice

• Identifying agentic AI versus advisory AI systems
• Detecting circular trust and reporting dependencies
• Assessing conflicts between concurrent AI systems
• Evaluating human oversight effectiveness

Regulatory frameworks and compliance

• EU AI Act Article 14: Human oversight for high-risk AI
• ISO/IEC 42001: AI Management Systems and risk assessment
• NCSC Cyber Assessment Framework B4.b: Independent monitoring
• GDPR Articles 9 & 34: Biometric data handling and breach notification
• ETSI EN 303 645 / 304 223: Biometric security standards
• ICO Employment Practices Code: Automated worker profiling
• ICO Agentic AI Futures Guidance: Context-aware AI decision-making
• NIS Regulations 2018: Threat intelligence sharing

Simulation exercises

• Hands-on scenario: Responding to fraud incidents with agentic AI systems
• Identifying architectural vulnerabilities and operational friction
• Cross-functional decision-making and collaboration
• Real-time feedback and scenario debrief

Lessons learned and wrap-up

• Human oversight beyond dashboards and AI reports
• Translating simulation insights into organisational AI risk management strategies
• Preparing for future agentic AI deployments

Exams and assessments

There are no formal exams for this simulation. Participants will engage in knowledge checks, scenario-based decisions, and interactive debriefs to consolidate learning outcomes.

Hands-on learning

The simulation includes:

• Gamified exercises placing participants in operational decision-making roles
• Scenario-based problem-solving with multiple AI systems
• Real-time guidance from instructors with expertise in AI risk and governance
• Debriefs highlighting regulatory application and organisational impact