# Agentic Risk Register

> **From The Agentic TPM, Chapter 4.** Every gate review in an agentic program should explicitly assess these seven risk categories. Programs that ship without this discipline ship without knowing how they will fail.

---

## Program metadata

| Field | Value |
|---|---|
| Program name | |
| Program owner (Accountable) | |
| Gate being reviewed | CC / RI / AC / DC / EC |
| Review date | |
| Reviewer(s) | |

---

## Risk assessment

For each category: rate current exposure (LOW / MEDIUM / HIGH), name the primary risk, name the mitigation, and name the owner.

### 1. Model risk

The foundation model can change, regress, be deprecated, or have its pricing altered with little notice. The risk lives outside your team.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(model abstraction layer / multi-model fallback / eval-monitored regression detection)*
- **Owner:**

### 2. Context risk

The information the agent operates on can be wrong, stale, contradictory, or fragmented. Agents do not flag missing context; they fill the gap with plausible invention.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(context infrastructure / four-layer nested memory / retrieval audits)*
- **Owner:**

### 3. Compute risk

Token budgets exceeded, runaway loops, sudden inference cost spikes during scaling.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(autonomous financial guardrails / per-agent quotas / circuit breakers)*
- **Owner:**

### 4. Validation risk

The eval harness misses a class of failure. Outputs pass automated checks but fail in production.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(adversarial cases in eval set / regular eval audits / meta-agent QA layer)*
- **Owner:**

### 5. Trust risk

A customer-facing failure caused by AI output erodes trust faster than the same failure by human error. AI failures carry asymmetric reputational cost.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(human-accountable sign-off / staged rollouts / transparent failure communication)*
- **Owner:**

### 6. Governance risk

Regulatory environment shifts, customer-contract obligations evolve, or internal policy catches up. The program becomes non-compliant six months after launch because the rules changed.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(governance as a continuous function / policy monitoring / compliance checkpoints)*
- **Owner:**

### 7. Talent risk

The skills required (prompt engineering, eval design, model-behavior intuition) are scarce and concentrated. Their departure breaks the program.

- **Current exposure:**
- **Primary risk:**
- **Mitigation:** *(documentation of model-behavior knowledge / cross-training / redundancy)*
- **Owner:**

---

## Gate-specific questions

- **At Concept Commit:** Have we identified the risks in each category?
- **At Runway Investigation:** Do we have mitigation paths for the top risks?
- **At Architecture Commit:** Are the mitigations designed in?
- **At Design Commit:** Are the mitigations broken down into workable items?
- **At Execution Commit:** Are the mitigations operationalized and armed?

---

## Reviewer sign-off

- **Reviewed by:**
- **Date:**
- **Recommendation:** ADVANCE / HOLD / KILL
- **Notes:**
