RAG 知识库 — RAI 9 大类别与 LLMOps 深度解析

State Street RAG 项目映射至渣打银行 RAI 框架LLMOps 生产栈 本文件用于 SCB CIB AI Analyst 面试——RAI + LLMOps 深度谈资


1. 渣打 RAI 框架 — 9 大类别映射至 RAG 项目

渣打银行的负责任 AI(Responsible AI)框架定义了 9 个类别,每个 AI 系统都必须满足。以下逐一说明:每个类别意味着什么、我们做了什么、面试中可以怎么说。


1.1 Accountable(可问责)

含义:有人明确对 AI 系统的行为负责。有指定的负责人、决策日志和评审流程。

我们做了什么

  • PM 是指定的模型负责人(不是数据科学家)
  • 每季度与风险团队进行模型风险评审
  • 每个设计决策都有文档记录:为什么选 Azure AI Search 而不是 Pinecone、为什么选 GPT-5.4 mini 而不是旗舰模型、为什么选语义分块而不是固定窗口

面试谈资

“我负责的是业务论证和风险论证。不是模型权重——而是关于做什么、为什么做、以及我们接受了哪些风险的决策。每个设计选择都有书面理由,可以在季度评审中回溯。“


1.2 Fair(公平)

含义:AI 系统不会系统性地偏袒或歧视任何群体。在银行业,这包括客户细分、地域和业务部门。

我们做了什么

  • 检查检索结果是否偏向某个客户的文档(未发现系统性偏差)
  • 对意图分类器进行偏差审计:没有客户细分被系统性误路由
  • 按团队监控采纳率——确保没有团队被落下

面试谈资

“在我们的场景中,公平意味着确保系统对所有客户和所有团队同样有效。我们检查了意图分类器是否对客户 A 和客户 B 的文档查询路由不同——结果没有。我们还按团队追踪采纳率,以发现访问差距。“


1.3 Explainable(可解释)

含义:每个 AI 输出都有明确的原因。用户和审计人员可以理解系统为什么给出特定答案。

我们做了什么

  • 引用标注:每个答案段落标注来源文档名称、章节标题、最后更新时间
  • 置信度分数:向用户展示 Reranker 平均分(绿色/黄色/红色)
  • 一键溯源:点击任何引用即可跳转到原始 SharePoint 文档
  • 没有黑箱答案——如果系统无法解释原因,会说”无法确认”

面试谈资

“RAG 中的可解释性实际上比纯 ML 更自然。每个答案都附带引用——文档名、章节、时间戳。用户可以一键验证。加上置信度指示器,让他们提前知道答案的可信程度。这是内嵌在 UX 中的可解释 AI(XAI),而不是事后附加的。“


1.4 Private(隐私)

含义:个人和敏感数据受到保护。数据不会离开授权边界。

我们做了什么

  • Azure 租户部署:所有数据留在银行的 Azure 基础设施内
  • 无外部 API 调用:拒绝了 OpenAI API,因为数据会离开租户。改用 Azure OpenAI。
  • Azure AD 安全组权限:每个索引文档标记一个 AD 组 ID。查询时,系统读取用户的 AD 组成员身份,过滤掉未授权文档。与 SharePoint 相同的权限模型,在检索层强制执行。

关键术语 — Azure AD 安全组:Azure Active Directory 安全组定义了谁可以访问什么。用户登录时,其组成员身份已知。我们为每个索引文档标记有权访问的组 ID。搜索时,系统过滤结果,仅显示用户所在组可以查看的文档。

面试谈资

“隐私是硬性要求,不是锦上添花。我们明确拒绝了 Pinecone 和 OpenAI API,因为数据会离开我们的基础设施。Azure OpenAI 将所有数据保留在租户内。访问控制方面,Azure AD 安全组在检索层强制执行——与 SharePoint 同一模型,只是在流水线中更早应用。“


1.5 Secure(安全)

含义:AI 系统受到保护,防止未授权访问、篡改和对抗性攻击。

我们做了什么

  • SharePoint 连接器使用现有 Azure AD 认证——没有新增攻击面
  • API 端点在企业防火墙之后,无公网暴露
  • 上线前通过渗透测试
  • Prompt 注入防护:输入清洗层在查询处理前剥离潜在注入模式

面试谈资

“我们没有构建新的访问层。我们复用了 SharePoint 现有的安全模型。连接器使用 Azure AD,所以如果某人没有 SharePoint 访问权限,他也无法通过 RAG 看到文档。上线前我们还跑了渗透测试——干净通过。“


1.6 Transparent(透明)

含义:用户了解系统的能力和局限。系统不会假装知道它不知道的事情。

我们做了什么

  • 置信度指示器:绿色(高)/黄色(需验证)/红色(无法确认)——始终可见
  • 拒绝机制:Prompt 明确指示”如果文档中未提及,请说无法确认”。不猜测。
  • Beta 标签:试用阶段,每个答案标注”试用——请验证”。用户知道系统还在学习中。
  • 每日知识卡片:基于高频搜索推送给用户——帮助用户了解系统知道什么、不知道什么

面试谈资

“透明是关于管理预期。置信度指示器让用户提前知道每个答案的可信程度。拒绝机制意味着系统会说’我不知道’而不是编造答案。在金融领域,一个自信的错误答案比诚实的’我不知道’更糟糕。“


1.7 Auditable(可审计)

含义:系统的行为可以在事后被审查。监管机构和内部审计人员可以追溯发生了什么以及为什么。

我们做了什么

  • 保留完整查询日志(查询、检索文档、生成答案、用户反馈)
  • 每个答案可追溯到源文档版本和时间戳
  • 评估结果每季度归档
  • 坏案例日志附有根因归因(检索失败/幻觉/文档缺失/路由错误)

面试谈资

“每个答案都可以端到端追溯:用户问了什么、检索了哪些文档、LLM 生成了什么、用户是否觉得有用。如果监管机构问’为什么系统在某天给出了这个答案?‘,我们可以在几分钟内重建完整链路。“


1.8 Controllable(可控)

含义:人类可以覆盖 AI 系统。有紧急开关,边缘情况有人工介入。

我们做了什么

  • 人工介入(Human-in-the-loop):置信度分数 < 0.6 → 答案显示”无法确认” + “转人工”选项
  • 紧急开关:系统可随时切换到仅搜索模式(无生成),无需停机
  • 灰度发布:从仅搜索开始,逐步添加生成功能,可即时回滚

面试谈资

“可控性意味着两件事:人类可以覆盖任何单个答案,我们也可以在需要时调低整个系统。低置信度输出进入人工审核——这不是可选的,是硬性规则。系统还有一个’仅搜索’模式,如果我们对生成层失去信心,可以在几秒内切换。“


1.9 Sustainable(可持续)

含义:AI 系统资源高效。考虑了环境和成本影响。

我们做了什么

  • GPT-5.4 mini 而非旗舰模型:计算成本降低 60%,延迟降低 50%——RAG 摘要任务的生成质量相同
  • 缓存:35% 的查询从缓存提供,零 LLM 调用
  • 上下文压缩:动态截断每查询节省 40% token
  • 净效果:相比朴素 RAG(全量文档 + 旗舰模型),计算足迹降低约 70%

面试谈资

“可持续性不只是环保——是不浪费资源。我们选择了更小的模型,因为 RAG 已经提供了上下文。我们缓存了高频查询。我们压缩了上下文窗口。最终结果是比朴素实现少约 70% 的计算量。“


2. LLMOps 技术栈 — 我们搭建的 vs. SCB 需要的

LLMOps = 让 LLM 系统在生产环境中保持可靠、准确和成本可控的运营实践。这是 Demo 和生产系统的区别。

2.1 LLMOps 四大支柱

支柱作用我们搭建的SCB / CIB 候选工具
版本控制追踪每个 Prompt、模型和评估集版本。复现任何历史结果。Git + 配置中的 Prompt 版本标签。每次 Prompt 变更附带评估结果提交。MLflow(模型注册)+ LangSmith(Prompt 版本管理)
监控上线后监控性能退化。异常告警。仪表盘:查询量、延迟 P50/P95/P99、缓存命中率、采纳率。Faithfulness 低于阈值时告警。Evidently(漂移检测)+ WhyLabs(可观测性)
自动化回归每次变更自动触发评估。指标下降则阻止部署。Prompt 变更 → 自动运行 500 对评估集。Recall@5 或 Faithfulness 下降则阻止部署。Promptfoo(LLM 回归测试)+ Ragas(RAG 评估)
成本治理追踪和控制 Token 用量及 API 成本。每查询 Token 计量。缓存(35% 命中率)。GPT-5.4 mini 路由。上下文压缩(节省 40%)。Azure 成本管理 + 自定义 Token 仪表盘

2.2 LLMOps 生命周期 — RAG 专项

Prompt 变更 → 回归测试(自动)→ 指标通过?→ 部署
                                    ↓ 否
                              阻止 + 通知 PM
                                    ↓ 修复
                              重新运行回归

关键阶段

  1. 开发:PM 编写新 Prompt 或调整检索参数。提交至版本控制。
  2. 回归门控:自动评估在 500 对测试集上运行。对比 Recall@5、Precision@5、Faithfulness、Answer Relevance 与基线。
  3. 部署决策:所有指标在容差范围内 → 自动部署。任何指标下降 > 2pp → 阻止,通知 PM。
  4. 生产监控:部署后,仪表盘追踪实时指标。查询模式偏移时触发漂移告警。
  5. 反馈回路:每周人工审核 50 条查询。坏案例归因并反馈至开发。

2.3 监控 — 关注什么

信号告诉你什么行动阈值
Faithfulness 分数LLM 是否仍然基于检索文档生成答案?下降 > 3pp → 检查 Prompt 或上下文质量
采纳率用户是否信任系统?下降 > 5pp → 检查近期坏案例
重复查询率用户是否得到了有用答案?上升 > 5pp → 检索或生成质量问题
延迟 P95系统是否太慢?> 4s → 检查 Reranker 或 LLM 延迟
缓存命中率缓存是否有效?下降 > 10pp → 缓存失效问题
查询量使用量在增长还是下降?下降 > 20% → 用户参与度问题

关键术语 — 数据漂移(Data Drift):用户查询模式随时间变化。新术语出现,旧系统被替换。意图分类器和嵌入模型退化。我们通过每周人工审计发现漂移,并每月重新训练分类器。

2.4 成本治理 — Token 计算

组件Token/查询成本影响
Embedding(输入处理)~200 tok极低(已缓存)
检索(Top-5 原始)~2,500 tok零(搜索,非 LLM)
压缩后上下文~1,500 tok主要 LLM 成本
LLM 生成(输出)~300 tok较低
每查询总计~2,000 tok基线

成本降低杠杆

  1. GPT-5.4 mini 替代旗舰模型:每 Token 成本 -60%
  2. 缓存(35% 命中率):-35% 查询(零 LLM 成本)
  3. 上下文压缩:每查询 -40% Token
  4. 综合效果:相比朴素实现(旗舰模型 + 全量上下文 + 无缓存),成本降低约 80%

3. 面试 Q&A — RAI + LLMOps

Q1:“在受监管的银行中,你如何确保负责任 AI?”

“我从四个维度思考 RAI,这也是我实践过的:

数据隐私——私有部署,数据永远不离开银行基础设施。我明确因这个原因拒绝了两个供应商(Pinecone、OpenAI API)。

公平性——检查模型是否对不同客户细分区别对待。我们每季度对意图分类器进行偏差审计。

可解释性——每个答案都有引用:文档名、章节、时间戳。置信度分数对用户可见。没有黑箱决策。

人工介入——低置信度输出交给人工。不是可选的。硬性规则。

SCB 的 RAI 框架有 9 个类别。我已经在做其中大部分——可问责、公平、可解释、隐私、安全、透明、可审计、可控、可持续。映射是自然的。“

Q2:“什么是 LLMOps?为什么对 CIB 重要?”

“LLMOps 是让 LLM 系统在生产中保持健康的方式。四件事:

版本控制——追踪每个 Prompt 版本、模型版本、评估集版本。没有这个,你无法复现历史结果或知道什么变了。

监控——监控性能退化。Faithfulness 下降?采纳率降低?延迟飙升?你需要仪表盘和告警。

自动化回归测试——每次更改 Prompt,自动运行评估集。指标下降则阻止部署。

成本治理——追踪 Token 用量。使用缓存、上下文压缩和小模型路由。我们相比朴素实现削减了 80% 成本。

作为 PM,我不搭建这些工具。但我需要知道应该存在什么缺少什么会出什么问题。这就是 PM 在 LLMOps 中的职责。“

Q3:“你如何处理 RAG 系统中的模型风险?”

“RAG 中的模型风险与传统 ML 不同。风险是:

检索风险——检索到错误文档。通过混合搜索(向量 + BM25)、Reranker 和查询改写来缓解。

生成风险——LLM 尽管检索正确但仍产生幻觉。通过引用标注、置信度分数、拒绝机制和 Faithfulness 监控来缓解。

漂移风险——用户语言随时间变化,意图分类器退化。通过每周人工审计和每月重训练来缓解。

成本风险——Token 用量失控。通过缓存、压缩和小模型路由来缓解。

我会用 4 页 PPT 向风险团队呈现:风险清单 → 缓解控制 → 监控计划 → 升级流程。季度评审循环。”


最后更新:2026-06-08

RAG Knowledge Base — RAI 9 Categories & LLMOps Deep Dive

State Street RAG project mapped to Standard Chartered RAI framework and LLMOps production stack Use this file for SCB CIB AI Analyst interview — deep talking points on RAI + LLMOps


1. SCB RAI Framework — 9 Categories Mapped to RAG Project

Standard Chartered’s Responsible AI framework defines 9 categories that every AI system must satisfy. Below: what each category means, what we did, and what you can say in the interview.


1.1 Accountable (可问责)

What it means: someone is clearly responsible for the AI system’s behavior. There’s a named owner, a decision log, and a review process.

What we did:

  • PM was the named model owner (not the data scientist)
  • Quarterly model risk review with Risk team
  • Every design decision documented: why Azure AI Search over Pinecone, why GPT-5.4 mini over flagship, why semantic chunking over fixed window

Interview talking point:

“I owned the benefit case and the risk case. Not the model weights — but the decisions about what to build, why, and what risks we accepted. Every design choice had a documented rationale that we could revisit in quarterly reviews.”


1.2 Fair (公平)

What it means: the AI system doesn’t systematically favor or disadvantage any group. In banking, this includes customer segments, geographies, and business units.

What we did:

  • Checked if retrieval results favored one client’s documents over another (no systematic bias found)
  • Ran bias audit on the intent classifier: no client segment was systematically misrouted
  • Monitored adoption rate by team — ensured no team was left behind

Interview talking point:

“In our case, fairness meant making sure the system worked equally well for all clients and all teams. We checked if the intent classifier routed queries from Client A’s documents differently than Client B’s — it didn’t. We also tracked adoption by team to catch any access gaps.”


1.3 Explainable (可解释)

What it means: every AI output has a clear reason. Users and auditors can understand why the system gave a particular answer.

What we did:

  • Citation: every answer paragraph tagged with source document name, section title, last updated time
  • Confidence score: Reranker average score shown to user (green / yellow / red)
  • One-click traceability: click any citation to jump to the original SharePoint document
  • No black-box answers — if the system can’t explain why, it says “cannot confirm”

Interview talking point:

“Explainability in RAG is actually more natural than in pure ML. Every answer comes with a citation — document name, section, timestamp. The user can verify in one click. Plus the confidence indicator tells them upfront how much to trust the answer. That’s XAI built into the UX, not bolted on after.”


1.4 Private (隐私)

What it means: personal and sensitive data is protected. Data doesn’t leave authorized boundaries.

What we did:

  • Azure tenant deployment: all data stays within the bank’s Azure infrastructure
  • No external API calls: rejected OpenAI API because data would leave the tenant. Used Azure OpenAI instead.
  • Azure AD security group permissions: each document indexed with an AD group ID. At query time, the system reads the user’s AD group memberships and filters out unauthorized documents. Same permission model as SharePoint, enforced at the retrieval layer.

Key term — Azure AD security group: Azure Active Directory security groups define who can access what. When a user logs in, their group memberships are known. We tag every indexed document with the group ID that has access. At search time, the system filters results to only show documents the user’s groups can see.

Interview talking point:

“Privacy was a hard requirement, not a nice-to-have. We rejected Pinecone and OpenAI API specifically because data would leave our infrastructure. Azure OpenAI keeps everything in the tenant. For access control, Azure AD security groups are enforced at the retrieval layer — same model as SharePoint, just applied earlier in the pipeline.”


1.5 Secure (安全)

What it means: the AI system is protected against unauthorized access, tampering, and adversarial attacks.

What we did:

  • SharePoint connector uses existing Azure AD authentication — no new attack surface
  • API endpoints behind corporate firewall, no public exposure
  • Penetration test passed before launch
  • Prompt injection protection: input sanitization layer strips potential injection patterns before query processing

Interview talking point:

“We didn’t build a new access layer. We piggybacked on SharePoint’s existing security model. The connector uses Azure AD, so if someone doesn’t have SharePoint access, they can’t see the document through RAG either. We also ran a pen test before launch — passed clean.”


1.6 Transparent (透明)

What it means: users understand the system’s capabilities and limitations. The system doesn’t pretend to know things it doesn’t.

What we did:

  • Confidence indicator: green (high) / yellow (verify) / red (cannot confirm) — always visible
  • Refusal mechanism: prompt explicitly instructs “if not mentioned in documents, say you cannot confirm.” No guessing.
  • Beta label: during trial phase, every answer tagged “trial — please verify.” Users knew the system was still learning.
  • Daily knowledge cards: pushed to users based on high-frequency searches — helped users understand what the system knows and doesn’t know

Interview talking point:

“Transparency is about managing expectations. The confidence indicator tells users upfront how much to trust each answer. The refusal mechanism means the system says ‘I don’t know’ instead of making something up. In finance, a confident wrong answer is worse than an honest ‘I don’t know’.“


1.7 Auditable (可审计)

What it means: the system’s behavior can be reviewed after the fact. Regulators and internal auditors can trace what happened and why.

What we did:

  • Full query log retained (query, retrieved documents, generated answer, user feedback)
  • Every answer traceable to source document version and timestamp
  • Evaluation results archived quarterly
  • Bad case log with root cause attribution (retrieval failure / hallucination / document gap / routing error)

Interview talking point:

“Every answer is traceable end-to-end: what the user asked, which documents were retrieved, what the LLM generated, and whether the user found it useful. If a regulator asks ‘why did the system give this answer on this date?’, we can reconstruct the full chain in minutes.”


1.8 Controllable (可控)

What it means: humans can override the AI system. There’s a kill switch and a human-in-the-loop for edge cases.

What we did:

  • Human-in-the-loop: confidence score < 0.6 → answer shows “cannot confirm” + “escalate to human” option
  • Kill switch: system can be set to search-only mode (no generation) at any time without downtime
  • Gray-scale rollout: started with search-only, added generation gradually, could roll back instantly

Interview talking point:

“Controllability means two things: humans can override any single answer, and we can dial back the whole system if needed. Low-confidence outputs go to human review — that’s not optional, it’s a hard rule. And the system has a ‘search-only’ mode we can switch to in seconds if we lose confidence in the generation layer.”


1.9 Sustainable (可持续)

What it means: the AI system is resource-efficient. Environmental and cost impact are considered.

What we did:

  • GPT-5.4 mini over flagship: 60% lower compute cost, 50% lower latency — same generation quality for RAG summarization tasks
  • Caching: 35% of queries served from cache, zero LLM calls
  • Context compression: dynamic truncation saved 40% tokens per query
  • Net effect: ~70% lower compute footprint vs. naive RAG (full docs + flagship model)

Interview talking point:

“Sustainability isn’t just about green — it’s about not wasting resources. We chose a smaller model because RAG already provides the context. We cached frequent queries. We compressed the context window. The net result is about 70% less compute than a naive implementation.”


2. LLMOps Stack — What We Built vs. What SCB Would Need

LLMOps = the operational practices that keep an LLM system reliable, accurate, and cost-controlled in production. It’s the difference between a demo and a production system.

2.1 Four Pillars of LLMOps

PillarWhat It DoesWhat We BuiltSCB / CIB Tool Candidates
Version controlTrack every prompt, model, and evaluation set version. Reproduce any past result.Git + prompt version tags in config. Every prompt change committed with evaluation results.MLflow (model registry) + LangSmith (prompt versioning)
MonitoringWatch for performance degradation after launch. Alert on anomalies.Dashboard: query volume, latency P50/P95/P99, cache hit rate, adoption rate. Alert if Faithfulness drops below threshold.Evidently (drift detection) + WhyLabs (observability)
Automated regressionEvery change auto-triggers evaluation. Block deployment if metrics drop.Prompt change → auto-run 500-pair evaluation set. If Recall@5 or Faithfulness drops, deployment blocked.Promptfoo (LLM regression testing) + Ragas (RAG evaluation)
Cost governanceTrack and control token usage and API costs.Token metering per query. Caching (35% hit rate). GPT-5.4 mini routing. Context compression (40% savings).Azure cost management + custom token dashboard

2.2 LLMOps Lifecycle — RAG Specific

Prompt change → Regression test (auto) → Metrics pass? → Deploy
                                              ↓ No
                                        Block + alert PM
                                              ↓ Fix
                                        Re-run regression

Key stages:

  1. Development: PM writes new prompt or changes retrieval parameters. Committed to version control.
  2. Regression gate: automated evaluation runs on 500-pair test set. Compares Recall@5, Precision@5, Faithfulness, Answer Relevance against baselines.
  3. Deploy decision: all metrics within tolerance → auto-deploy. Any metric drops > 2pp → blocked, PM notified.
  4. Production monitoring: post-deploy, dashboard tracks real-time metrics. Drift alerts if query patterns shift.
  5. Feedback loop: weekly human audit of 50 queries. Bad cases attributed and fed back to development.

2.3 Monitoring — What to Watch

SignalWhat It Tells YouAction Threshold
Faithfulness scoreIs the LLM still grounded in retrieved docs?Drop > 3pp → investigate prompt or context quality
Adoption rateDo users trust the system?Drop > 5pp → check recent bad cases
Repeat query rateAre users getting useful answers?Rise > 5pp → retrieval or generation quality issue
Latency P95Is the system too slow?> 4s → check Reranker or LLM latency
Cache hit rateIs caching working?Drop > 10pp → cache invalidation issue
Query volumeIs usage growing or declining?Decline > 20% → user engagement issue

Key term — Data drift: user query patterns change over time. New terms appear, old systems get replaced. The intent classifier and embedding model degrade. We caught drift through weekly human audits and retrained the classifier monthly.

2.4 Cost Governance — Token Math

ComponentTokens/QueryCost Impact
Embedding (input processing)~200 tokMinimal (cached)
Retrieval (Top-5 raw)~2,500 tokZero (search, not LLM)
Context after compression~1,500 tokMain LLM cost
LLM generation (output)~300 tokMinor
Total per query~2,000 tokBaseline

Cost reduction levers:

  1. GPT-5.4 mini instead of flagship: -60% cost per token
  2. Cache (35% hit rate): -35% queries (zero LLM cost)
  3. Context compression: -40% tokens per query
  4. Combined effect: ~80% lower cost vs. naive implementation (flagship model + full context + no cache)

3. Interview Q&A — RAI + LLMOps

Q1: “How do you ensure Responsible AI in a regulated bank?”

“I think about RAI in four dimensions that I’ve practiced:

Data privacy — private deployment, data never leaves the bank’s infrastructure. I rejected two vendors (Pinecone, OpenAI API) specifically for this reason.

Fairness — check if the model treats different client segments differently. We ran bias audits on the intent classifier quarterly.

Explainability — every answer has a citation: document name, section, timestamp. Confidence score visible to user. No black-box decisions.

Human in the loop — low-confidence outputs go to a human. Not optional. Hard rule.

SCB’s RAI framework has 9 categories. I was already doing most of these — accountable, fair, explainable, private, secure, transparent, auditable, controllable, sustainable. The mapping is natural.”

Q2: “What is LLMOps? Why does it matter for CIB?”

“LLMOps is how you keep an LLM system healthy in production. Four things:

Version control — track every prompt version, model version, evaluation set version. Without this, you can’t reproduce a past result or know what changed.

Monitoring — watch for performance degradation. Faithfulness dropping? Adoption declining? Latency spiking? You need dashboards and alerts.

Automated regression testing — every time you change a prompt, auto-run the evaluation set. If metrics drop, block the deployment.

Cost governance — track token usage. Use caching, context compression, and small-model routing. We cut costs 80% vs. naive implementation.

As a PM, I don’t set up these tools. But I need to know what should exist and what breaks when something is missing. That’s the PM’s job in LLMOps.”

Q3: “How do you handle model risk in a RAG system?”

“Model risk in RAG is different from traditional ML. The risks are:

Retrieval risk — wrong documents retrieved. Mitigated by hybrid search (vector + BM25), Reranker, and query rewrite.

Generation risk — LLM hallucinates despite good retrieval. Mitigated by citation, confidence scores, refusal mechanism, and Faithfulness monitoring.

Drift risk — user language changes over time, intent classifier degrades. Mitigated by weekly human audit and monthly retraining.

Cost risk — token usage spirals. Mitigated by caching, compression, and small-model routing.

I’d present these to the Risk team with a 4-slide deck: risk inventory → mitigation controls → monitoring plan → escalation process. Quarterly review cycle.”


Last Updated: 2026-06-08