AI Risk Exposure Index

Assess likelihood and impact of AI risks across your organization. Get a weighted risk score aligned with NIST AI RMF.

Company Name (Optional)

Assessment Progress0 of 18 risks assessed

Filter by Risk Domain

AI Hallucination in Critical Content

AI generates factually incorrect information presented as truth

Model & Outputs

Examples:

Legal document with fabricated case citations
Medical advice with incorrect dosages
Financial analysis with false data

Regulatory Context:

Professional liabilityConsumer protectionFinancial services regulations

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

10.8

Biased or Discriminatory Outputs

AI generates content reflecting protected-class bias

Model & Outputs

Examples:

Biased job descriptions deterring protected groups
Stereotypical marketing content
Unequal treatment in customer communications

Regulatory Context:

EEOCCivil Rights ActFair Housing Act

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

10.8

Inappropriate or Harmful Content

AI generates offensive, dangerous, or brand-damaging content

Model & Outputs

Examples:

Offensive language in customer communications
Dangerous instructions or advice
Misinformation on sensitive topics

Regulatory Context:

Brand reputationConsumer protectionPlatform liability

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

10.8

PII/PHI/PCI Data Exposure

Sensitive personal data sent to AI systems without authorization

Data & Privacy

Examples:

Customer SSNs included in prompts
Medical records used in AI queries
Credit card data in training datasets

Regulatory Context:

GDPRHIPAAPCI-DSSCCPA

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

13.5

Proprietary Data Exfiltration

Confidential business data leaked through AI interactions

Data & Privacy

Examples:

Trade secrets in prompts
M&A information in AI queries
Source code uploaded to AI tools

Regulatory Context:

Trade secret lawContractual obligationsInsider trading

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

13.5

Training Data Leakage

AI models inadvertently expose training data in outputs

Data & Privacy

Examples:

Competitor data appearing in outputs
Customer information reconstructed from model
Internal documents revealed through prompts

Regulatory Context:

GDPR Right to be ForgottenPrivacy lawsNDA violations

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

13.5

Prompt Injection Attack

Malicious prompts override system instructions or extract data

Security

Examples:

Jailbreak prompts bypassing safety filters
Injection attacks revealing system prompts
Adversarial inputs manipulating outputs

Regulatory Context:

Cybersecurity standardsData protectionSystem integrity

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

11.7

Unauthorized AI Access

Lack of access controls enables unauthorized AI usage

Security

Examples:

Shared credentials for AI tools
No MFA on AI system access
Departed employees retaining access

Regulatory Context:

SOC 2ISO 27001NIST Cybersecurity Framework

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

11.7

AI Supply Chain Risk

Vendor AI tools introduce security or compliance vulnerabilities

Security

Examples:

Unvetted AI vendor with poor security
AI tool hosting data in unapproved regions
Third-party AI model with unknown provenance

Regulatory Context:

Vendor risk managementData residencyThird-party oversight

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

11.7

Intellectual Property Infringement

AI generates content infringing copyrights or trademarks

Legal & Compliance

Examples:

AI-generated images similar to copyrighted works
Code generation including licensed libraries
Content mimicking trademarked material

Regulatory Context:

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

12.6

Regulatory Compliance Violation

AI usage violates industry-specific regulations

Legal & Compliance

Examples:

Unapproved AI in financial advice (FINRA)
AI medical diagnosis without validation (FDA)
AI employment screening without bias testing (EEOC)

Regulatory Context:

FINRAFDAEEOCIndustry-specific regulations

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

12.6

Contractual Breach via AI

AI usage violates customer or vendor contracts

Legal & Compliance

Examples:

Using customer data in AI against contract terms
AI-generated content violating confidentiality
Subprocessor AI tools not disclosed in DPAs

Regulatory Context:

Contract lawData processing agreementsService level agreements

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

12.6

AI Bias in Hiring/Screening

AI tools create adverse impact in employment decisions

Workforce & HR

Examples:

Resume screening AI favoring protected groups
Interview AI with gender bias
Assessment tools with racial disparities

Regulatory Context:

EEOC Uniform GuidelinesTitle VIIADA

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

9.9

Improper Employee Monitoring

AI surveillance violates privacy or labor laws

Workforce & HR

Examples:

AI monitoring without notice
Invasive productivity tracking
Biometric monitoring without consent

Regulatory Context:

GDPR employee rightsState privacy lawsLabor regulations

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

9.9

Misleading AI Financial Advice

AI provides unsuitable or misleading financial guidance

Financial Conduct

Examples:

AI recommending unsuitable investments
Inaccurate risk disclosures
Chatbot providing unauthorized advice

Regulatory Context:

FINRASEC regulationsSuitability requirements

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

11.7

AI-Driven Market Manipulation Risk

AI trading or communications create manipulation concerns

Financial Conduct

Examples:

AI-generated misleading market commentary
Algorithmic trading with unintended effects
AI pump-and-dump content generation

Regulatory Context:

Market manipulation lawsSEC oversightTrading regulations

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

11.7

AI Service Disruption

AI system outage disrupts critical business operations

Operational Resilience

Examples:

AI tool outage halts customer service
Model failure breaks automated workflows
API rate limits stop production systems

Regulatory Context:

Business continuitySLA obligationsCustomer commitments

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

9.0

Over-Reliance on AI Vendor

Critical dependency on single AI vendor creates risk

Operational Resilience

Examples:

No backup if primary AI vendor terminates
Price increases with no alternatives
Vendor policy changes break workflows

Regulatory Context:

Vendor concentration riskBusiness continuityOperational resilience

Likelihood3

Might occur at some time

Impact3

Significant impact, senior management intervention

Control Effectiveness0

0100

How effective are your current controls?

Inherent Risk

9.0

Residual Risk (Weighted)

9.0