The public conversation about AI risk is dominated by questions about model capabilities — what models can do, what they might be able to do, and what they should be prevented from doing. These are real questions and the people working on them are doing serious work. But the AI risk that matters most in the daily life of most organizations is not about capability. It is about deployment.
A capable model is not, by itself, a risk. It becomes a risk through the decisions an organization makes about where to point it, what to connect it to, what guardrails to wrap it in, what to do when it gets something wrong, and what to do when an employee or customer relies on its output in a way the organization did not anticipate. Each of those is a deployment decision. Each is governed by ordinary institutional processes — procurement, vendor management, IT change control, internal policy. And each is where most organizations are currently underequipped.
The deployment surface, not the model
Consider a clinical decision-support tool built on a general-purpose large language model. The model itself is the same one that millions of people use to draft emails. The risk is not in the model. The risk is in the integration: the documents the tool is allowed to read, the systems it is allowed to write to, the workflows it is inserted into, the clinicians who will use it, the audit trail of its outputs, the fallback when it produces something hazardous. None of those are addressed by training the model better. All of them are addressed — or not — by the deploying organization.
This is not a hypothetical pattern. It is how risk shows up in every regulated deployment we look at. The deployment surface is wide, the people responsible for it sit across many departments, and the institutional knowledge required to govern it well does not yet exist in most organizations.
What this means for the work
This view of risk implies certain priorities.
The first is that AI governance is operational work, not a one-time policy exercise. An organization with a beautifully written AI policy and no mechanism to enforce it is exactly as exposed as an organization with no policy at all. The work of AI governance is the work of building the mechanism — intake processes, risk tiering, model inventory, deployment review, training, monitoring, incident response. The policy document is the artifact, not the substance.
The second is that the people doing this work need experience with operational systems, not just with AI. The interesting questions are usually not about the model. They are about the integration, the data flows, the human factors, and the institutional incentives. These are the questions a serious risk function asks regardless of the technology. They are also the questions that get less attention than they deserve in the AI safety literature.
The third is that the work has to be context-specific. A deployment pattern that is fine in one industry may be reckless in another. The risk surface in a financial trading system is different from the risk surface in an educational tool. Frameworks that generalize across industries can still be useful, but they have to be applied with judgment about the specific deployment.
Independent assessment as a forcing function
One of the practical reasons USIAIS issues certifications is that the assessment process itself surfaces deployment issues that an organization would not have surfaced on its own. The act of being assessed against an external standard forces an organization to inventory its AI systems, articulate its risk decisions, and document its controls in a way that is legible to someone outside the organization. Some of what is surfaced is unwelcome. That is the point.
Certification is not the most important thing an organization can do to deploy AI safely. The most important thing is the operational work itself. But assessment is a forcing function. It accelerates a process that otherwise tends to slip behind every other priority.
We will write more about specific deployment patterns — what we see going well, what we see going poorly, what the most common failure modes look like — in subsequent pieces. For now, the point is simply this: the question of whether AI is being used responsibly in your organization is mostly not a question about AI. It is a question about your organization.