Working with Risks

Credo AI provides two complementary risk resources: Risk Types for categorization and Risk Scenarios for specific risk situations.

Risk Types

Risk types categorize the kinds of risks that can be tracked. They include built-in (OOTB) types and custom types created by your organization.

Listing Risk Types

from credoai import CredoAI

client = CredoAI()

# List all risk types
response = client.risk_types.list()
for rt in response.items:
    print(f"{rt.name} (ID: {rt.id})")

# List only custom risk types
custom = client.risk_types.list(custom=True)

# List hidden risk types
hidden = client.risk_types.list(hidden=True)

Creating a Custom Risk Type

from credoai import RiskTypeCreate

risk_type = client.risk_types.create(
    data=RiskTypeCreate(
        name="Supply Chain Risk",
    )
)
print(f"Created: {risk_type.id}")

Updating a Risk Type

For custom risk types, name and description can be updated. For OOTB risk types, only the hidden flag can be updated.

from credoai import RiskTypeUpdate

# Update a custom risk type
updated = client.risk_types.update(
    risk_type_id="rt_abc123",
    data=RiskTypeUpdate(name="Updated Risk Type"),
)

# Hide an OOTB risk type
client.risk_types.update(
    risk_type_id="rt_builtin456",
    data=RiskTypeUpdate(hidden=True),
)

Deleting a Custom Risk Type

Only custom risk types can be deleted. Built-in risk types can be hidden instead.

client.risk_types.delete(risk_type_id="rt_abc123")

Risk Scenarios

Risk scenarios describe specific risk situations. They are read-only resources that can be browsed and attached to use cases.

Listing Risk Scenarios

# List all risk scenarios
response = client.risk_scenarios.list()
for scenario in response.items:
    print(f"{scenario.name} (ID: {scenario.id})")

# Filter by name
response = client.risk_scenarios.list(name="data privacy")

# Filter by ownership type
response = client.risk_scenarios.list(ownership_type="system")

# Filter by risk type
response = client.risk_scenarios.list(risk_type_id="rt_abc123")

# Filter archived scenarios
response = client.risk_scenarios.list(archived=True)

Getting a Risk Scenario

scenario = client.risk_scenarios.get(risk_scenario_id="rs_abc123")
print(f"Name: {scenario.name}")

Attaching to Use Cases

Risk scenarios can be attached to use cases via the fluent API:

from credoai import UseCaseRiskScenarioCreate

use_case = client.use_cases("uc_abc123")

# List attached risk scenarios
scenarios = use_case.risk_scenarios.list()
for s in scenarios.items:
    print(f"  - {s.name}")

# Attach a risk scenario
fetched = client.risk_scenarios.get("rs_abc123")
use_case.risk_scenarios.add(fetched)

# Remove a risk scenario
use_case.risk_scenarios.remove("rs_abc123")

Next Steps

• Learn about Policy Packs for governance controls
• Explore Workflow for stage management
• See the Risk Types API Reference and Risk Scenarios API Reference