AI Security Posture Self-Assessment — Salish AI Security Lab

Answer 10 questions and get an instant AI Security Posture Score with your top prioritized remediation gaps — free, no consultant required.

Structured for SOC 2 · ISO 27001 · NIST AI RMF alignment

Takes 3 minutes

Used by IT and security leads at organizations deploying AI

Acceptable Use Policy

Does your organization have a written, employee-acknowledged policy governing acceptable use of AI tools?

A No formal policy exists B Informal guidelines exist but are not documented or enforced C A formal, signed policy is in place and reviewed at least annually

Shadow AI Inventory

Has your organization inventoried all AI tools currently in use across business units?

A No inventory exists — AI tool adoption is untracked B Some tools are known but there is no formal discovery or tracking process C A formal AI tool registry is maintained and audited periodically

Data Classification

Does your organization classify what types of data may be input into external AI systems?

A No classification or input controls exist B There is informal awareness but no written classification or enforcement C Written data classification tiers with explicit AI input/output controls are enforced

Vendor Risk Assessment

Do you conduct formal security and compliance reviews of AI vendors before adoption?

A No vendor review process exists for AI tools B Basic security reviews occur but lack AI-specific evaluation criteria C A structured AI Vendor Risk Assessment is completed before any tool is approved

Employment Decision Controls

Are AI-assisted HR or employment decisions — hiring, performance, termination — subject to legal and HR pre-approval?

A No controls — managers can use AI tools for employment decisions without approval B Informal awareness that AI in HR is sensitive, but no formal approval requirement C Written policy requires legal and HR pre-approval for any AI use in employment decisions

Incident Response

Does your Incident Response plan address AI-specific scenarios — vendor breach, training data exposure, model compromise?

A The IR plan does not address AI-specific scenarios B AI has been discussed in the context of IR but the plan is not formally updated C A documented AI IR Addendum with vendor notification and regulatory timelines is in place

Employee Training

Have employees received documented training on AI security risks and acceptable use?

A No AI-specific training has occurred B Some communication has gone out but training is not documented or tracked C Formal AI security training with signed acknowledgment records is conducted annually

Privileged Content Controls

Are there explicit controls preventing AI tools from processing privileged or confidential content — legal communications, IP, trade secrets?

A No explicit controls — employees can paste any content into AI tools B Employees are informally advised to be careful, but no enforceable control exists C Written prohibitions on processing privileged content in AI tools are in place and enforced

Output Verification

Are procedures in place to verify AI-generated outputs before use in regulated or high-stakes contexts?

A No verification requirements — AI outputs are used as-is B Individuals are expected to review outputs but there is no formal requirement C Formal output labeling and independent verification requirements exist for regulated contexts

Board & Leadership Oversight

Does executive leadership or the board receive regular reporting on AI-related risks and governance?

A AI risk is not a topic at the board or executive leadership level B Leadership is generally aware but receives no structured reporting C AI risk is a standing board agenda item with defined reporting cadence and oversight responsibilities

Assessment Complete

Your score is ready.

Enter your details below to see your AI Security Posture Score, tier, and the top gaps the lab recommends addressing first.

No spam. Unsubscribe anytime. Results delivered instantly.

Your AI Security Posture Score

—

out of 20 points

—

Assessment Summary

Priority Remediation Gaps

Recommended Next Step

Every gap above is an exposure your next auditor, regulator, or board member will find. Close them before they do.

The EU AI Act Compliance Accelerator includes 11 article-mapped compliance documents covering every domain assessed above — ready to adapt and deploy before the August 2026 enforcement deadline. Built for security and compliance teams.

View Pricing — From $997 →

One-time purchase · Instant download · 7-day money-back guarantee

How Exposed Is Your Organization to AI Risk?

Your score is ready.

Every gap above is an exposure your next auditor, regulator, or board member will find. Close them before they do.