AI System Risk Triage
Answer 12 questions about your AI system and generate a basic risk profile with primary risk drivers and recommended controls.
How This Works
- Answer 12 questions about your AI system — covering exposure, data, tool access, controls, testing, and governance.
- The tool calculates a basic risk score and identifies the primary risk drivers from your answers.
- You receive a set of recommended controls drawn from the risk factors identified.
- No data is sent anywhere. Everything runs in your browser. Takes 3–5 minutes.
This is a simplified educational triage, not a formal audit, legal opinion, security certification, or official CIS assessment. Use it as a starting point for structured thinking, not as a compliance tool.
How is risk scored?
Each answer carries a risk weight reflecting how much it increases exposure. Weights are summed into a single score, which maps to four bands:
- Low 0–12 · Moderate 13–24 · High 25–36 · Critical 37+
Recommended controls are drawn from the specific higher-risk answers you select, so the output reflects your system rather than a generic template. This is a simplified educational model for structured thinking — not a calibrated quantitative risk assessment.
Sources & Inspiration
- CIS Controls v8.1 Model Context Protocol (MCP) Companion Guide (Principal Co-author)
- CIS Controls v8.1 AI and LLM Companion Guide (Collaborator)
- CIS Controls v8.1 AI Agents Companion Guide (Collaborator)
Questions and controls are inspired by these guides and adapted into simplified educational form. This tool is not affiliated with or endorsed by CIS.