# Model Risk Management (SR 11-7–Style Framework)

## Scope

This document evaluates risks associated with AI components used in
**Federal FOIA Intelligence Search**.

---

## 1. Model Inventory

| Component | Description |
|----|----|
| LLM | External, general-purpose language model |
| PDF extraction | Optional text extraction utility |
| Visual analytics | Metadata-only plotting |

---

## 2. Intended Use

- Research assistance
- Contextual explanation
- Metadata summarization

**Not intended for:**
- Legal advice
- Evidence creation
- Predictive analysis
- Decision automation

---

## 3. Risk Identification

### Key Risks
- Hallucinated statements
- Citation misuse
- User overreliance
- Misinterpretation of public records

---

## 4. Risk Controls

| Risk | Control |
|----|----|
| Hallucination | Citation anchoring |
| Overconfidence | Disclosure banners |
| Scope creep | Feature flags |
| Data misuse | Public-only constraint |

---

## 5. Validation & Testing

- Manual review of AI outputs
- Cross-checking against citations
- Integrity hashing for auditability

---

## 6. Governance & Oversight

- Phase-based feature rollout
- Hard-gated experimental features
- Maintainer approval for expansions

---

## 7. Change Management

- Version-controlled releases
- Feature flags for AI
- Kill-switch capability

---

## 8. Residual Risk Assessment

Residual risk is **Low to Moderate**, acceptable given:
- Non-decision-making role
- Explicit user warnings
- Absence of automation

---

## SR 11-7 Alignment Summary

This application aligns with **low-risk assistive model classifications**
under SR 11-7-style governance.