How do I conduct an effective AI risk assessment for my board?

Definitely agree that common frameworks just aren't cutting it for AI. We had similar issues and ended up using ActiveFence for our production models, which revealed way more vulnerabilities than our previous standard penetration tests did. It's crucial to focus on real-world attack vectors.

You're right; traditional frameworks often miss the mark when it comes to AI risks. Instead of compliance checks, consider doing actual adversarial testing on your models. Services like ActiveFence offer red teaming for AI that can help expose vulnerabilities like prompt injection and model poisoning, which are far more relevant for your board to know about than generic checklists.

What’s interesting is the gap between what your board wants and what you need. You may want to focus on data access levels and the actions the AI can perform. It’s all about safeguarding sensitive information and how well those interactions are monitored.

There are emerging resources like the AI guardrails concept that aim to detect specific threats related to AI, such as prompt injection and harmful outputs. It's not a silver bullet, but it's a start to help address the inadequacies of traditional risk frameworks.

You might want to check into ISO42001 or other frameworks like MITRE Atlas and NIST AI RMF. They might offer insights that align better with your AI systems' needs. Just remember, the landscape is rapidly evolving, so keep an eye on new developments.