The enterprise AI agent risk register for 2026 resolves to a 12-column template that captures every risk an enterprise must document under EU AI Act Article 9 and NIST AI RMF Manage function: risk ID, deployment ID, threat class (per OWASP Agentic AI Top 10), likelihood, impact, inherent risk score, control mapping (against the seven-control surface), residual risk score, named accountable individual, review cadence, status, last-reviewed date. The register is operated by the Head of AI Governance, reviewed monthly in the AI governance committee, and queryable in the under-4-business-hour Article 73 incident-response window. The 12-column template integrates the threat surface (OWASP Agentic AI Top 10, claim AM-043), the controls (seven-control surface, claim AM-043), the audit substrate (claim AM-046), and the kill-criterion enforcement (claim AM-047), into a single living artefact. An enterprise that operates the register seriously has substantially completed the Article 9 risk-management system documentation requirement; the register is the single artefact that resolves the cross-reference matrix between operational reality and regulatory framework.
Re-review 10 Jun 2026: external anchors verified — EU AI Act Article 9 text live and unchanged; NIST AI RMF Manage function unchanged; OWASP Agentic Security Initiative publishes the agentic Top 10 (listed on genai.owasp.org as 'OWASP Top 10 For Agentic Applications' — the corpus's 'OWASP Agentic AI Top 10' shorthand maps to this artefact). The 12-column template is house IP; the 4-business-hour window is the corpus's own evidence-assembly design target (per AM-046), not an Article 73 statutory deadline — Article 73's statutory timelines are 15 days standard with shorter windows for severe categories, as the source article's FAQ correctly states. No Q3 2026 AI Office Article 9 guidance published yet; watches unchanged. AI agent risk register template. 60-day review cadence. Watches: (1) European AI Office Article 9 enforcement guidance (expected Q3 2026) that may codify specific register column requirements, (2) ISO/IEC 42001 implementation guidance that may map onto the register format, (3) major case studies in 2026 enforcement actions that establish precedent for what constitutes an adequate register, (4) tooling vendor releases of agent risk register modules (Microsoft Purview, ServiceNow GRC, Archer, OneTrust have signalled native modules in development for 2026).
/holding/AM-057/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when AM-057's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: The enterprise AI agent risk register for 2026 resolves to a 12-column template that captures every risk an enterprise must document under EU AI Act Article 9 and NIST AI RMF Manage function: risk ID, deployment ID, threat class (per OWASP Agentic AI Top 10), likelihood, impact, inherent risk score, control mapping (against the seven-control surface), residual risk score, named accountable individual, review cadence, status, last-reviewed date. The register is operated by the Head of AI Governance, reviewed monthly in the AI governance committee, and queryable in the under-4-business-hour Article 73 incident-response window. The 12-column template integrates the threat surface (OWASP Agentic AI Top 10, claim AM-043), the controls (seven-control surface, claim AM-043), the audit substrate (claim AM-046), and the kill-criterion enforcement (claim AM-047), into a single living artefact. An enterprise that operates the register seriously has substantially completed the Article 9 risk-management system documentation requirement; the register is the single artefact that resolves the cross-reference matrix between operational reality and regulatory framework.
About this register
The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.
Recent corrections in Reporting
- AM-132 · Partial · 10 Jun 2026
One of four legs unanchored on re-review. The claim text attributes '12% of deployments clearing 300%+ ROI with 88% at or below break-even at 12-18 months' to the Stanford DEL 2026 Enterprise AI Playbook. Full-text verification on 10 Jun 2026 found no such figure in that source: the playbook (Pereira, Graylin, Brynjolfsson, Apr 2026) studies 51 successful deployments by design and contains no ROI distribution, no 300%-plus cohort, and no break-even measurement point (full finding at AM-029, correction of 10 Jun 2026). The only verified figure carrying the same 12/88 numerals is IDC research with Lenovo (via CIO.com, Mar 2025): roughly 88% of AI proof-of-concepts never reach production and roughly 12% graduate — a pilot-to-production graduation metric, not an ROI distribution. The Gartner 28%, McKinsey 23%/17%, and MIT NANDA 95% legs verify; they support a small high-performing tail and a large struggling body, but none documents the two-peak bimodal shape the claim asserts. Status Up -> Partial.
- AM-129 · Partial · 10 Jun 2026
One of three read-against anchors unanchored on re-review. The claim text cites 'Stanford Digital Economy Lab Enterprise AI Playbook (12/88 bimodal ROI distribution at 12-18 months)' and frames the realistic ROI band around 'the highest-discipline 12% cohort'. Full-text verification on 10 Jun 2026 found the playbook contains no 12/88 distribution, no bimodal ROI shape, and no 12-18-month ROI measurement point (full finding at AM-029, correction of 10 Jun 2026). The claim's core negative finding — no mid-market enterprise has produced a documented +240% ROI in 90 days under audited conditions — is unaffected; the McKinsey State of AI 2025 and MIT NANDA legs verify and continue to support it. The '12% cohort' framing has no verifiable referent. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric. Status Up -> Partial.
- AM-201 · Partial · 10 Jun 2026
One of four named datasets unanchored on review. The claim text names 'Stanford DEL's 12% clearing 300%+ ROI vs 88% at or below break-even' as one of four independent datasets. Full-text verification on 10 Jun 2026 found the Stanford DEL Enterprise AI Playbook contains no such distribution — it studies 51 successful deployments by design and carries no ROI-realisation failure data (full finding at AM-029, correction of 10 Jun 2026). The McKinsey (23% scaling, 17% EBIT-attribution), Gartner (28% fully paying off), and MIT NANDA (95% no measurable P&L impact) datasets verify; the claim's spine stands on three datasets rather than four. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric from an ROI distribution. Status Up -> Partial.
Reviews coming up in Reporting
- AM-063 · Holding · next +11d (27 Jun 2026)
AI agents executing financial transactions need a four-control bundle (action-approval gates by blast radius, kill-swit…
- AM-061 · Holding · next +11d (27 Jun 2026)
Production agentic-AI costs at scale routinely run multiples of POC projections, and a layered optimisation programme c…
- AM-003 · Partial · next +11d (27 Jun 2026)
GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…