I personally do not think that embedding it in risk management or best practises should change the way that you currently do that for any other technology/process/application.
As with any "new" technology, you must determine the risk to your organisation and then implement adequate security.
Where I see the largest risk to AI of any sort could be the bi-directional flow of information. Much like Cloud Security, one needs to know if they (their firm) are uploading anything to anyplace what protocols are in place.
Another risk that I see and believe could harm a corporation is plagiarism and privacy (not sure where you are but there are many regulations that need to be taken into account.
So I would do the following:
Identify the risks
Assess the security threats (malware/ransomware, accidents. natural disaster and other.
Analysisand assess the risks
What is the probability? and what could the potential income be?
Mitigate and monitor the Risk
Plan and develop options to reduce the threats
Determine the strategy that works for your organization