In most aerospace environments, you should not create a separate, standalone AI risk method if an established FMEA process already exists. Instead, extend the current FMEA so the AI-enabled function, model, data pipeline, and human decision points are treated as potential contributors to failure modes.
The practical answer is to analyze AI as part of the system that can fail, degrade, mislead, or become invalid outside its intended operating conditions. That means your existing product, process, design, or software FMEA structure can usually remain in place, but the failure modes, causes, controls, and detection methods need to expand.
AI-specific failure causes: incorrect training data, incomplete edge-case coverage, label quality issues, feature extraction errors, model drift, threshold misconfiguration, poor calibration, integration defects, latency, and bad handoff logic to MES, QMS, ERP, inspection, or operator workflows.
Assumption failures: the model may only be valid for certain part families, machine states, environmental conditions, sensor quality levels, or process windows. If those assumptions are violated, the output may still look plausible while being wrong.
Human factors: overreliance on recommendations, weak review criteria, unclear override authority, poor alert design, or inconsistent operator response to AI-generated guidance.
Data lineage and version risks: model version, input data version, rules version, and deployment configuration can all affect outcome quality. If these are not traceable, the FMEA is incomplete.
Monitoring and degradation: the system can perform well during validation and then degrade in production because the process, equipment, material mix, or usage context changed.
A workable pattern is to keep the item or process step from the current FMEA, then add AI-related entries where the AI influences detection, recommendation, classification, prioritization, or control actions.
For each relevant FMEA line, ask:
What function is the AI supporting?
What happens if the AI output is wrong, missing, delayed, biased, stale, or used outside intended scope?
Does the failure create a product risk, process escape risk, maintenance risk, quality system risk, or only an efficiency loss?
What independent controls exist if the AI fails silently?
How would you detect degraded performance before a nonconformance, scrap event, or escape occurs?
What evidence shows the model is still operating within validated limits?
If the AI is advisory only, your FMEA should state that clearly and identify the human review control. If the AI triggers or suppresses actions automatically, the scrutiny should be higher because the consequence and detectability profiles change.
You can usually retain your existing severity, occurrence, and detection scoring method. What changes is how you assign the scores.
Severity: score the business and operational effect of the resulting failure, not the novelty of AI.
Occurrence: estimate based on actual model behavior, data quality history, known edge cases, process variability, and integration reliability. Early pilots often have less stable occurrence estimates than mature deterministic logic.
Detection: many AI risks are hard to detect because outputs may appear credible. If there is no independent verification, detection may be weaker than teams first assume.
Be careful not to under-score occurrence or over-score detection simply because a model performed well in a test set. Production reality in aerospace is often more varied than qualification datasets.
Defined intended use and operating boundaries
Approved training and test data management
Version control for models, prompts, rules, and interfaces
Deployment approval and change control
Fallback procedures if the AI is unavailable or questionable
Human review criteria and override logging
Performance monitoring, drift checks, and revalidation triggers
Traceable links to NCR, CAPA, deviation, and investigation workflows when errors occur
Those controls belong in the FMEA as prevention or detection controls only if they are actually implemented and maintained. Planned controls are not the same as effective controls.
Do not treat AI risk as only a cybersecurity issue. Some risks are data, model, process, and human-use issues rather than malicious threats.
Do not assume a vendor’s validation package maps cleanly to your plant, part mix, or quality system.
Do not separate the AI review from normal change control, configuration management, and traceability expectations.
Do not replace existing FMEA, control plan, software assurance, or engineering review methods unless you have a strong, validated reason. In regulated aerospace environments, replacement adds qualification burden, integration risk, retraining effort, and evidence gaps.
In practice, AI-related risk integration usually fails when teams try to bolt a new model onto a fragmented stack without clarifying system boundaries. If the AI consumes data from legacy MES, ERP, historians, inspection systems, or spreadsheets with inconsistent semantics, your FMEA should reflect that dependency explicitly.
Most plants will need coexistence, not full replacement. The AI layer often sits on top of existing workflows, and that means failure modes can originate in master data, routing revisions, sensor quality, interface timing, or operator workarounds in older systems. Ignoring those brownfield dependencies makes the FMEA look cleaner than reality.
If you need a practical starting point, identify the top few process steps where AI affects acceptance, prioritization, anomaly detection, maintenance decisions, or operator instruction. Add AI-related causes, controls, and detection methods to those existing FMEA lines first. Then connect them to traceability, monitoring, and change control before scaling further.
That approach is usually more durable than launching a parallel AI risk register with no link to shop-floor execution or quality evidence.
Whether you're managing 1 site or 100, Connect 981 adapts to your environment and scales with your needs—without the complexity of traditional systems.
Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.