Quantify AI tool risk across five dimensions with 16,024+ classified domains. Build a repeatable, auditable risk assessment program.
Traditional risk frameworks were built for software that stores and displays data.
AI tools process data through opaque models, retain it for training, and may leak it into outputs served to others.
With 16,024+ AI-tool domains across 18 categories, manual assessment is impossible.
New tools launch daily with risk profiles too varied for one-at-a-time evaluation.
Each dimension captures a distinct aspect of risk. The composite score across all five produces the tool's overall rating.
What data does the tool accept? Free text, file uploads, API integrations, or screen captures?
Score 1: Read-only, no user data ingested
Score 10: Unrestricted file upload + API access
Does the vendor use submitted data for training? Once data enters a training pipeline, it cannot be deleted from model weights.
Score 1: Contractual no-training guarantee
Score 10: Training with no opt-out or deletion
Where is the vendor incorporated, where does inference occur, and where is data stored?
Score 1: Local jurisdiction, adequate laws
Score 10: No data protection framework
Published privacy policy? SOC 2 or ISO 27001 certification? Responsible disclosure program? Incident response track record?
Score 1: Enterprise-grade compliance posture
Score 10: No identifiable org, no policies
Can the tool execute code, access the internet, interact with APIs, or control browser sessions on the user's behalf?
Score 1: Single narrow function, no connectivity
Score 10: Autonomous agent with code execution
The five dimensions combine into a weighted composite score. Defaults reflect priorities from enterprise CISO research.
These two dimensions most directly determine whether confidential data will be compromised. They get the majority weight.
Cross-border transfer penalties have surged under recent enforcement actions. Regulatory fines can exceed 4% of global revenue.
This Python implementation calculates composite risk scores.
| Tier | Score Range | Decision |
|---|---|---|
| Approved | 0 – 3.0 | Permitted for designated user groups |
| Conditional | 3.0 – 6.0 | Allowed for specific use cases with additional controls |
| Prohibited | 6.0 – 10.0 | Blocked across the entire organization |
A financial institution may set the prohibited threshold at 4.0. A technology company may set it at 7.0.
A code tool scoring 4.5 might be approved for marketing (copy editing) but prohibited for engineering (source code exposure).
AI vendor assessments must go beyond standard questionnaires. Each domain below scores 1–10, aggregating into vendor maturity.
Manual assessment doesn't scale when shadow AI detection reveals hundreds of tools. The API automates initial triage.
Provide accurate starting points for most tools.
Conditional-tier or high-risk tools get the full questionnaire.
AI data flows are more complex than traditional SaaS. Four unique complications drive this complexity.
Text prompts, file uploads, API calls, browser extensions, connected integrations — broader and less controlled than traditional apps.
Neural network internals cannot be inspected. Data may be retained in weights, combined with other inputs, or leak into future outputs.
Raw logs, embeddings, model checkpoints, cached outputs — each with different retention, deletion, and jurisdictional exposure.
Model outputs may contain fragments from your inputs served to other users — an indirect exfiltration channel if data isolation is lacking.
Text, files, APIs, extensions, integrations
Inference, embeddings, fine-tuning, training
Logs, embeddings, weights, caches, backups
Responses, cross-customer leakage, caching
The composite risk score maps directly to enforcement actions in your firewall, proxy, and DLP systems.
Score: 0–3.0
Score: 3.0–6.0
Score: 6.0–10.0
Risk scores are living values, not static snapshots. A mature program recalculates continuously as conditions change.
Tool adds file uploads or API access → capability scope score increases.
Vendor achieves certification → vendor maturity score decreases.
Blocklist reclassifies domain → automatic risk score recalculation triggered.
This script detects changes and triggers automatic recalculation.
Get immediate preliminary assessments via category baselines.
Trigger automatic baseline comparison and tier reassignment.
AI tool risk must integrate into your existing ERM program. It cannot operate as a standalone function.
Extend risk appetite statements to address AI-specific risks: training retention, opaque processing, weight-embedded data.
Add AI tools as a distinct category. Document composite scores, tier assignments, and mitigating controls per tool.
Quantify exposure: tools per tier, shadow AI trends, assessment coverage, incidents, and month-over-month changes.
When incidents occur, recalculate affected scores immediately and review framework weights and thresholds.
The AUP translates it into employee-facing rules: approved tools, prohibited tools, and allowed data classifications.
See our AI Acceptable Use Policy guide for templates and enforcement patterns.
Powered by 16,024+ classified domains. Tell us about your environment and we'll scope a pilot.
Describe your environment size and current risk management tooling and we will recommend an integration path.