AI Threat Readiness Assessment
How ready is your organisation for AI-specific threats?
A structured 24-capability assessment built on NIST CSF 2.0, purpose-authored for organisations deploying, integrating, or being targeted by AI. Delivers a findings report, heatmap, and roadmap in days.
$4,995 one-time · No subscription · Full report delivered within your assessment
Standard frameworks were not designed for AI-era threats
Traditional NIST CSF assessments cover the controls that matter for conventional attacks. They do not specifically address adversary use of AI, exposure of your own AI systems, model-targeting attacks, AI-assisted social engineering, or supply-chain risk in AI components.
This assessment starts from NIST CSF 2.0 as its backbone, then applies AI-specific capability definitions, BARS anchors, and crosswalks to the frameworks that speak to AI threats directly: MITRE ATLAS, CSA MAESTRO, NIST AI RMF, and NIST SP 800-218.
The result is a credible, audit-defensible baseline that a board, regulator, or cyber insurer can read — and that your security team can action.
24 capabilities across all six NIST CSF 2.0 functions
Each capability has BARS anchors (L1–L5) and a target maturity level calibrated to the buyer profile. Respondents are routed to the capabilities relevant to their role.
- Board AI threat awareness
- Risk appetite recalibration for AI-era threats
- Third-party AI risk policy and contracting
- Security budget posture vs threat trajectory
- Asset inventory including AI assets and data flows
- Vulnerability management coverage and SLA
- External attack surface management
- SBOM and software supply-chain transparency
- Patch and vulnerability remediation cadence
- Configuration hardening automation
- Phishing-resistant MFA coverage
- Privileged access containment and segmentation
- Secure-by-design SDLC, including AI-using systems
- Detection telemetry coverage
- Behavioural and anomaly detection
- AI-augmented triage and threat hunting
- Detection time discipline and measurement
- SOAR and response automation maturity
- Decision rights and escalation paths
- Stakeholder and regulator communication playbooks
- Tabletop exercise frequency and realism
- Immutable backup posture
- Critical-service RTO realism
- Business continuity tested vs AI-attack scenarios
Framework crosswalks included
Every capability is mapped to the frameworks that security teams, auditors, and regulators already reference — so findings slot directly into your existing risk and compliance vocabulary.
MITRE ATLAS v5.4
CSA MAESTRO
NIST AI RMF
NIST SP 800-218
NIST SP 800-30
OWASP LLM Top 10
What you receive
The assessment produces a complete set of findings in the platform and a DOCX export you can rebrand and deliver directly to your board or client.
- Capability heatmap — maturity scores across all 24 capabilities and 6 CSF functions, with gap-to-target overlaid
- AI findings narrative — per-function findings written by the AI engine against your survey responses
- Prioritised recommendations — ordered by impact and gap severity, not alphabetically
- Phased roadmap — 30/60/90 day and 6-month horizon, editable in Word
- DOCX export — full report in an editable Word document, ready to rebrand
Who runs this assessment
CISOs and security leadership
Risk and legal teams
Technology consultants
Internal audit teams
$4,995. One assessment. Full findings.
No subscription. Includes the full capability assessment, multi-stakeholder survey, AI findings report, and DOCX export.