# Challenge Questions, Challenge Risk, and Enrich Context Workflow

This notebook demonstrates how to use the challenge_questions, challenge_risk chains, and the enrich_context workflow in RiskGPT.


## 1. Setup and Installation

First, let's install RiskGPT and set up the OpenAI API key.


In [None]:
# Install RiskGPT directly from GitHub (if needed)
# !pip install git+https://github.com/thwolter/riskgpt.git

# Import required modules
import os
from getpass import getpass
import asyncio

# Prompt for OpenAI API key (this way it won't be visible in the notebook)
openai_api_key = getpass("Enter your OpenAI API key: ")
os.environ["OPENAI_API_KEY"] = openai_api_key

# Optional: Set other configuration variables if needed
os.environ["OPENAI_MODEL_NAME"] = "openai:gpt-4.1-nano"  # Default model
os.environ["MEMORY_TYPE"] = "buffer"  # Default memory type

# Configure logging
from riskgpt.logger import configure_logging
configure_logging()


## 2. Create a Business Context

Let's create a business context that we'll use throughout this notebook.


In [14]:
from riskgpt.models.common import BusinessContext
from riskgpt.models.chains.risk import Risk
from riskgpt.models.enums import AudienceEnum

# Create a business context
context = BusinessContext(
    project_id="CLOUD-2023",
    project_description="Migrate on-premises infrastructure to cloud services",
    domain_knowledge="The company is a financial services provider with strict regulatory requirements",
    business_area="IT Infrastructure",
    industry_sector="Financial Services"
)

# Create a sample risk
sample_risk = Risk(
    title="Data Security Breach",
    description="Risk of unauthorized access to sensitive data during migration",
    category="Security",
)


## 3. Challenge Questions Chain

The challenge_questions_chain generates challenging questions from a business context that can be used for internet searches.


In [18]:
from riskgpt.models.chains.questions import ChallengeQuestionsRequest
from riskgpt.chains.challenge_questions import challenge_questions_chain

# Create a request
questions_request = ChallengeQuestionsRequest(
    business_context=context,
    audience=AudienceEnum.risk_internal,
    focus_areas=["data security", "compliance", "service continuity"],
    num_questions=5
)

# Run the chain
async def run_challenge_questions():
    response = await challenge_questions_chain(questions_request)
    print(f"Generated {len(response.questions)} challenging questions:")
    for i, question in enumerate(response.questions, 1):
        print(f"{i}. {question}")
    return response

# Execute the async function
challenge_questions_response = await run_challenge_questions()


2025-06-26 18:19:11,278 - src - INFO - Consumed 821 tokens (0.0001 USD) for 'challenge_questions' using openai:gpt-4.1-nano
2025-06-26 18:19:11,278 - src - INFO - Consumed 821 tokens (0.0001 USD) for 'challenge_questions' using openai:gpt-4.1-nano


Generated 5 challenging questions:
1. What are the specific data security risks associated with migrating sensitive financial data to cloud services under strict regulatory requirements?
2. How can the company ensure compliance with financial industry regulations during the cloud migration process to mitigate legal and operational risks?
3. What potential service continuity challenges might arise during the transition from on-premises infrastructure to cloud, and how can they be proactively addressed?
4. In what ways can cloud service providers' security measures impact the company's ability to meet financial compliance standards and protect client data?
5. What are the key risk factors for data breaches or loss during the migration, and what best practices can mitigate these risks in a regulated financial environment?


## 4. Challenge Risk Chain

The challenge_risk_chain generates challenging questions for a specific risk to help stakeholders better understand and address the risk.


In [20]:
from riskgpt.models.chains.questions import ChallengeRiskRequest
from riskgpt.chains.challenge_risk import challenge_risk_chain

# Create a request
risk_request = ChallengeRiskRequest(
    risk=sample_risk,
    business_context=context,
    audience=AudienceEnum.risk_internal,
    focus_areas=["data encryption", "access controls", "regulatory compliance"],
    num_questions=5
)

# Run the chain
async def run_challenge_risk():
    response = await challenge_risk_chain(risk_request)
    print(f"Generated {len(response.questions)} challenging questions for risk '{sample_risk.title}':")
    for i, question in enumerate(response.questions, 1):
        print(f"{i}. {question}")
    return response

# Execute the async function
challenge_risk_response = await run_challenge_risk()


* 'schema_extra' has been renamed to 'json_schema_extra'
2025-06-26 18:19:48,489 - src - INFO - Consumed 982 tokens (0.0002 USD) for 'challenge_risk' using openai:gpt-4.1-nano
2025-06-26 18:19:48,489 - src - INFO - Consumed 982 tokens (0.0002 USD) for 'challenge_risk' using openai:gpt-4.1-nano


Generated 5 challenging questions for risk 'Data Security Breach':
1. How robust are the existing data encryption protocols during migration, and have they been tested against advanced threat scenarios specific to financial regulatory environments?
2. What specific access control mechanisms are in place for the migration process, and how are they monitored to prevent privilege escalation or insider threats?
3. In what ways might regulatory compliance requirements, such as GDPR or industry-specific standards, influence the design and implementation of data security measures during migration?
4. Have potential vulnerabilities introduced by temporary data storage or transit points during migration been thoroughly assessed, and what mitigation strategies are in place to address them?
5. Are there any blind spots in the risk assessment that assume encryption alone suffices, neglecting the importance of comprehensive logging, audit trails, and real-time monitoring for early breach detection?

  challenge_risk_response = await run_challenge_risk()


## 5. Enrich Context Workflow

The enrich_context workflow enriches a business context with external information from various sources (news, professional, regulatory).


In [21]:
from riskgpt.models.workflows.context import EnrichContextRequest
from riskgpt.workflows.enrich_context import enrich_context

# Create a request
enrich_request = EnrichContextRequest(
    business_context=context,
    focus_keywords=["cloud migration", "financial services", "data security"],
    time_horizon_months=12
)

# Run the workflow
async def run_enrich_context():
    response = await enrich_context(enrich_request)
    print("Sector Summary:")
    print(response.sector_summary)
    print("\nWorkshop Recommendations:")
    for i, rec in enumerate(response.workshop_recommendations, 1):
        print(f"{i}. {rec}")
    if response.full_report:
        print("\nFull Report:")
        print(response.full_report[:500] + "..." if len(response.full_report) > 500 else response.full_report)
    return response

# Execute the async function
enrich_context_response = await run_enrich_context()


* 'schema_extra' has been renamed to 'json_schema_extra'
* 'schema_extra' has been renamed to 'json_schema_extra'
* 'schema_extra' has been renamed to 'json_schema_extra'
* 'schema_extra' has been renamed to 'json_schema_extra'
2025-06-26 18:20:18,080 - src - INFO - Consumed 3670 tokens (0.0006 USD) for 'extract_regulatory_key_points' using openai:gpt-4.1-nano
2025-06-26 18:20:18,080 - src - INFO - Consumed 3670 tokens (0.0006 USD) for 'extract_regulatory_key_points' using openai:gpt-4.1-nano
* 'schema_extra' has been renamed to 'json_schema_extra'
2025-06-26 18:20:18,477 - src - INFO - Consumed 4048 tokens (0.0006 USD) for 'extract_news_key_points' using openai:gpt-4.1-nano
2025-06-26 18:20:18,477 - src - INFO - Consumed 4048 tokens (0.0006 USD) for 'extract_news_key_points' using openai:gpt-4.1-nano
* 'schema_extra' has been renamed to 'json_schema_extra'
2025-06-26 18:20:21,355 - src - INFO - Consumed 3802 tokens (0.0006 USD) for 'extract_linkedin_key_points' using openai:gpt-4.1-na

Sector Summary:
Collected 72 external sources for CLOUD-2023.

Workshop Recommendations:
1. Review source: How Does Infrastructure Modernization Impact Healthcare Security? - HealthTech Magazine (https://healthtechmagazine.net/article/2025/06/how-does-infrastructure-modernization-impact-healthcare-security)
2. Review source: Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options - The Hacker News (https://thehackernews.com/2025/06/microsoft-extends-windows-10-security.html)

Full Report:
Cloud migration involves transferring a financial institution's data, applications, and IT operations from on-premises systems to cloud-based environments, enabling firms to leverage the scalability, flexibility, and efficiency of cloud technology while maintaining secure operations (Pendello, 2023). This process allows organizations to reduce costs, improve data accessibility, and enhance disaster recovery capabilities through incremental data transfer using hybrid solu

  enrich_context_response = await run_enrich_context()


## 6. Combining the Workflows

Now let's see how we can combine these workflows to create a more comprehensive risk analysis.


In [None]:
async def combined_workflow():
    # Step 1: Enrich the context with external information
    print("Step 1: Enriching context with external information...")
    enrich_response = await enrich_context(enrich_request)
    
    # Step 2: Generate challenging questions based on the enriched context
    print("\nStep 2: Generating challenging questions...")
    questions_response = await challenge_questions_chain(questions_request)
    
    # Step 3: Generate challenging questions for a specific risk
    print("\nStep 3: Generating challenging questions for a specific risk...")
    risk_response = await challenge_risk_chain(risk_request)
    
    # Return all responses
    return {
        "enrich_response": enrich_response,
        "questions_response": questions_response,
        "risk_response": risk_response
    }

# Execute the combined workflow
combined_results = asyncio.run(combined_workflow())

# Display a summary of the results
print("\nSummary of Combined Workflow:")
print(f"- Enriched context with {len(combined_results['enrich_response'].workshop_recommendations)} recommendations")
print(f"- Generated {len(combined_results['questions_response'].questions)} challenging questions from business context")
print(f"- Generated {len(combined_results['risk_response'].questions)} challenging questions for risk '{sample_risk.title}'")


## 7. Conclusion

In this notebook, we've demonstrated how to use the challenge_questions, challenge_risk chains, and the enrich_context workflow in RiskGPT. These tools can help risk managers and stakeholders better understand and address risks in their projects.

Key takeaways:
- The challenge_questions_chain generates questions from a business context for internet searches
- The challenge_risk_chain generates questions for a specific risk to help stakeholders address it
- The enrich_context workflow enriches a business context with external information
- These tools can be combined to create a comprehensive risk analysis workflow