AI Risk, Accuracy & Human Review
Hallucinations, privacy and security risks, and the review workflows that keep AI output trustworthy.
What you'll learn
- Spot AI hallucinations and check facts
- Protect privacy and confidential data
- Build a sensible human-review and approval step
AI tools are genuinely useful, but they fail in ways that are easy to miss precisely because the output looks so polished. A confident, well-written paragraph can contain an invented figure, a misremembered rule, or a leaked piece of private data. The skill that matters most isn’t avoiding AI — it’s using it with your eyes open, so the convenience never quietly turns into a problem. A few habits around accuracy, privacy, and review cover the vast majority of the risk.
The big three risks
Three risks come up again and again. The first is hallucination: the model states something false with total confidence — a made-up statistic, a fake citation, a policy detail that doesn’t exist. It isn’t lying; it’s predicting plausible words, and plausible isn’t the same as true. The second is privacy: pasting confidential customer data, personal information, or unreleased plans into a tool that isn’t approved can leak it or feed it into training. The third is security: AI-generated text or code can carry mistakes or hidden instructions, so it shouldn’t be trusted blindly or run without checking.
Nothing leaves the building until a person has checked the facts and the data.
Catching hallucinations
The defence against hallucination is simple in principle: verify anything that matters before you rely on it. Treat names, numbers, dates, quotes, legal points, and citations as unconfirmed until you’ve checked them against a trusted source. Imagine a copilot drafts a report that includes “revenue grew 23% last quarter.” If that figure wasn’t in your data, it may be invented — a reviewer who checks the source catches it before it reaches a client or a board. The more consequential the claim, the harder you check. A quick way to build the habit is to highlight every specific number, name, and date in an AI draft and treat each highlight as a question you still owe an answer to.
If an AI tells you a fact you would have to defend to your boss, a client, or a regulator, verify it from the source. Confidence in the wording is not evidence it’s correct.
Protecting privacy and security
Be deliberate about what you put into AI tools. Don’t paste confidential customer data, personal information, passwords, or unreleased material into public consumer tools — use the enterprise version your company has approved, where data isn’t used for training and stays within agreed limits. For anything AI-generated that does something — code, formulas, automated messages — review it before it runs, just as you’d review a junior colleague’s work. And be alert to instructions hidden in content the AI reads, which can try to make it misbehave; if an output seems to be acting on an instruction you never gave, stop and check.
Building the review step
The reliable way to manage all of this is a clear human-review and approval workflow: define which AI outputs need a human sign-off before they go out, and who signs off. Low-stakes internal drafts might need only a quick read; anything customer-facing, financial, legal, or irreversible should pass through a named reviewer. Write the rule down so it’s consistent rather than left to chance. The point isn’t to slow everything to a crawl — it’s to match the level of checking to the level of risk. Done well, the workflow becomes invisible: trivial drafts move fast, and the few outputs that could really hurt you get the second pair of eyes they deserve.
Spot it: which risk is this?
Read each situation and decide for yourself, then tap a card to flip it and check your answer.
Sort the outputs
Drag each AI output into the bucket that matches the right level of review — or tap an item, then tap a bucket. Hit Check placement when you’re done.
Here's where each one goes:
- Internal Slack summary → Quick read — low stakes, easily corrected, stays inside the team.
- Client report with revenue figures → Thorough review — customer-facing and contains specific numbers that must be verified.
- Legal clause for a supplier contract → Thorough review — legal content is high-stakes and irreversible once signed.
- Brainstorm list of blog topics → Quick read — internal ideation with no real consequences if imperfect.
- Automated email to 10,000 customers → Thorough review — customer-facing, large scale, and essentially irreversible once sent.
- Rough outline you'll rewrite yourself → Quick read — it's a starting scaffold, not a finished output, so errors are caught in your rewrite.
Tip: drag with a mouse, or tap an item then tap a bucket on touch screens. Get one wrong and the answer key appears.
How to use it
Before you send or publish AI output, run a quick mental checklist: Did I verify every fact that matters? Is any of this confidential, and is the tool approved for it? Does anything here take an action, and has it been reviewed? Who needs to approve this before it goes out? Adopt phrases like “let me check that figure against the source” and “is this an approved tool for customer data?” Make verification and approval the normal final step, and you get the speed of AI without inheriting its mistakes.
Quick check
1. An AI "hallucination" is…
2. A copilot's draft says "revenue grew 23%." You should…
3. The best place for confidential customer data is…