What risk dimensions does this cover?

Five core dimensions for generative-AI deployments — data privacy and confidentiality, hallucination and factual reliability, bias and fairness, security and abuse, and regulatory compliance. Each is scored from your answers and combined into an overall rating.

How is the overall rating computed?

Each dimension produces a 0–100 sub-score from your answers. The overall rating is the worst-weighted combination, because a single high risk (for example exposing health data) should dominate the picture rather than be averaged away by low-risk dimensions.

Does a high score mean I cannot deploy?

No. A high score means apply the listed mitigations and re-assess before deploying — human review, grounding, access controls, a DPA, audit logging. Many high-risk use cases ship safely once mitigations are in place.

Is anything I enter stored?

No. The assessment runs entirely in your browser. Your use case, data, and answers are never uploaded or saved on a server.

AI Risk Assessment Tool

AI risk assessment tool

Most AI incidents are predictable in hindsight — sensitive data pasted into a consumer tool, a hallucinated figure that reached a customer, a biased output that slipped through unreviewed. This tool runs the predictable check before you ship: it walks you through the five risk dimensions that matter for generative AI and turns your answers into a rating plus a prioritised list of mitigations.

How it works

You describe the deployment — the use case, the data it touches, where its output goes, and your industry — then answer guided questions for each of five dimensions: data privacy, hallucination, bias, security, and compliance. Every dimension produces a 0–100 sub-score. The overall rating leans toward the worst dimensions rather than a flat average, because one severe risk (exposing regulated data, or shipping unreviewed output to customers) should dominate. The tool then surfaces the specific mitigations tied to your highest risks.

Tips and notes

Answer honestly about the worst plausible case, not the happy path — risk assessment is for the failure mode. The biggest risk reducers are almost always the same few moves: keep a human in the loop for any consequential decision, ground answers in trusted sources to cut hallucination, restrict and log access, and never feed regulated data into a tool without a data-processing agreement and a no-training endpoint. Re-run the assessment whenever the use case, data, or audience changes, and pair it with the AI usage policy builder so the mitigations become enforceable rules rather than good intentions.