Review AI-specific risks before they reach production workflows.

AI applications introduce new security questions: which prompts are exposed to untrusted content, which tools agents can call, which outputs are trusted, and which teams own the risk.

High

Prompt Injection

A support bot follows instructions embedded in a customer-uploaded file.

High

Prompt Hijacking

An agent prioritizes a hostile instruction over the user's task.

High

Indirect Prompt Injection

A browser agent reads a page that asks it to reveal private workspace data.

High

Data Leakage

A chatbot response includes confidential account notes from an internal knowledge base.

Medium

Excessive Agency

An agent can modify records and send messages without human approval.

Medium

Insecure Tool Use

An agent triggers a ticketing or email action based on untrusted input.

Medium

Unsafe Output Handling

A generated command, query, or code block is executed without policy checks.

Low

AI Supply Chain Exposure

A third-party model integration lacks owner, purpose, and review metadata.

Risk scoring table

Filter synthetic findings by severity, system type, owner, and status.

8 synthetic findings shown

Risk areaSeveritySystemOwnerStatusFinding
Prompt InjectionHighSupport AssistantAppSecOpen
Prompt HijackingHighAutonomous AgentAI PlatformIn Review
Indirect Prompt InjectionHighBrowser AgentProduct EngineeringOpen
Data LeakageHighRAG ChatbotSecurity OperationsMitigating
Excessive AgencyMediumWorkflow AgentProduct EngineeringOpen
Insecure Tool UseMediumTicketing CopilotAI PlatformPlanned
Unsafe Output HandlingMediumCode AssistantAppSecMitigating
AI Supply Chain ExposureLowVendor ModelGovernancePlanned

Finding details

Remediation steps

  1. Confirm owner and affected fictional AI workflow.
  2. Reduce prompt, tool, or data exposure before broader rollout.
  3. Add approval, logging, and retest criteria to the synthetic action plan.

Remediation checklist

Convert finding review into operational change.

FAQ

AI risk review basics.

Is this showing real customer risk?

No. All findings, teams, owners, systems, and evidence on this site are fictional demo content.

Can filters be used by keyboard?

Yes. Filters, rows, the dialog, and reset controls are keyboard-accessible HTML controls.