AI Shadow Assurance
Three tracks: what the internet can see, what you optionally disclose as metadata-only posture, and third-party dependency exposure. Each track states what was tested and what was not.
Three proof tracks
We do not merge external sight, internal posture, and supply-chain signals into one score.
External AI exposure
Attacker-visible AI endpoints, public model artifacts, vector-style paths, and weak key indicators from passive external review.
Internal posture (optional)
If you provide approved metadata-only snapshots, we ingest lineage, dataset integrity, pipeline, and RAG-source posture signals. No snapshot means internal posture is not assessed—not assumed safe or breached.
Dependency risk
Third-party libraries and services tied to your external footprint, prioritized with the same verification standard as core findings.
Reporting discipline
Each export lists coverage, method, and limits.
No blended “AI risk score”
External observations stay external. Internal posture stays optional and metadata-only. Dependency findings stay tied to observed components. Reviewers see which track produced each line item.
Coverage rule: missing optional internal posture is a coverage gap in reporting, not evidence of compromise.
Book an AI Shadow walkthrough
See sample outputs for external AI signals, optional internal posture, and dependency items side by side.