Enterprise AI Security Controls Assessment is a comprehensive security evaluation platform designed to assess AI systems across 14 critical security domains. Built for enterprises deploying large language models and AI agents, this tool provides detailed visibility into security controls, compliance posture, and risk exposure across identity and access management, data protection, model security, API security, monitoring, and incident response capabilities.
The assessment engine evaluates organizations against multiple security frameworks and domains, enabling security teams to identify gaps, prioritize remediation, and demonstrate compliance to stakeholders. It is ideal for Chief Information Security Officers (CISOs), security architects, and AI governance teams responsible for securing enterprise AI deployments at scale.
This tool transforms complex AI security requirements into actionable assessments, helping enterprises move from reactive incident response to proactive security controls implementation across their AI infrastructure.
{
"assessmentData": {
"identity_access": {
"mfa_enabled": true,
"rbac_implemented": true,
"service_accounts_managed": true
},
"data_protection": {
"encryption_at_rest": true,
"encryption_in_transit": true,
"data_classification": "implemented"
},
"prompt_injection_defense": {
"input_validation": true,
"sanitization_rules": 12,
"adversarial_testing": false
},
"model_protection": {
"model_versioning": true,
"access_controls": true,
"audit_logging": true
},
"api_security": {
"rate_limiting": true,
"api_keys_rotated": true,
"authentication_required": true
},
"agent_permissioning": {
"least_privilege": true,
"capability_restrictions": true,
"action_audit_trail": true
},
"output_filtering": {
"pii_detection": true,
"content_filtering_rules": 25,
"harmful_content_blocked": true
},
"monitoring_anomaly": {
"real_time_monitoring": true,
"anomaly_detection_enabled": true,
"alert_threshold_configured": true
},
"compliance_mapping": {
"iso_27001_aligned": true,
"gdpr_compliant": true,
"nist_framework_mapped": true
},
"incident_response": {
"ir_plan_documented": true,
"response_team_trained": true,
"notification_procedures": true
},
"encryption_kms": {
"kms_integrated": true,
"key_rotation_policy": "90_days",
"hsm_enabled": false
},
"risk_intelligence": {
"threat_intel_integrated": true,
"vulnerability_scanning": true,
"risk_scoring_automated": true
},
"sessionId": "sess_550e8400e29b41d4a716446655440000",
"timestamp": "2024-01-15T14:30:00Z"
},
"sessionId": "sess_550e8400e29b41d4a716446655440000",
"userId": 12345,
"timestamp": "2024-01-15T14:30:00Z"
}
{
"assessment_id": "asg_660e8400e29b41d4a716446655440001",
"sessionId": "sess_550e8400e29b41d4a716446655440000",
"timestamp": "2024-01-15T14:30:45Z",
"overall_security_score": 82,
"risk_level": "medium",
"domain_scores": {
"identity_access": 90,
"data_protection": 85,
"prompt_injection_defense": 75,
"model_protection": 88,
"api_security": 87,
"agent_permissioning": 80,
"output_filtering": 78,
"monitoring_anomaly": 85,
"compliance_mapping": 92,
"incident_response": 80,
"encryption_kms": 88,
"risk_intelligence": 82
},
"findings": [
{
"domain": "prompt_injection_defense",
"severity": "high",
"finding": "Adversarial testing program not implemented",
"recommendation": "Establish red-team testing for prompt injection scenarios"
},
{
"domain": "output_filtering",
"severity": "medium",
"finding": "Content filtering rules below recommended threshold",
"recommendation": "Increase filtering rules to 40+ for comprehensive coverage"
}
],
"compliance_status": {
"iso_27001": "aligned",
"gdpr": "compliant",
"nist_csf": "mapped"
},
"next_steps": [
"Implement adversarial testing program for prompt injection",
"Expand output filtering rule set",
"Schedule quarterly re-assessment"
]
}
Summary: Root
Description: Health check endpoint to verify API availability and connectivity.
Parameters: None
Response: Returns a successful health status response (HTTP 200).
Summary: Assess Security
Description: Generate a comprehensive AI security controls assessment across all 14 security domains based on provided assessment data.
Parameters:
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
| ------ | ------ | ---------- | ---------- | ------------- |
| assessmentData | object | body | Yes | Assessment data containing controls evaluation across 12 security domains |
| assessmentData.identity_access | object | body | No | Identity and access management controls (authentication, authorization, MFA) |
| assessmentData.data_protection | object | body | No | Data encryption, classification, and handling controls |
| assessmentData.prompt_injection_defense | object | body | No | Input validation and prompt injection prevention measures |
| assessmentData.model_protection | object | body | No | Model versioning, access controls, and integrity protection |
| assessmentData.api_security | object | body | No | API authentication, rate limiting, and endpoint security |
| assessmentData.agent_permissioning | object | body | No | Agent capability restrictions and least privilege implementation |
| assessmentData.output_filtering | object | body | No | PII detection, content filtering, and harmful output blocking |
| assessmentData.monitoring_anomaly | object | body | No | Real-time monitoring and anomaly detection capabilities |
| assessmentData.compliance_mapping | object | body | No | Alignment with compliance frameworks (ISO 27001, GDPR, NIST) |
| assessmentData.incident_response | object | body | No | Incident response plans and procedures |
| assessmentData.encryption_kms | object | body | No | Encryption implementation and key management services |
| assessmentData.risk_intelligence | object | body | No | Threat intelligence and vulnerability management |
| assessmentData.sessionId | string | body | Yes | Unique session identifier for assessment tracking |
| assessmentData.timestamp | string | body | Yes | ISO 8601 timestamp of assessment data collection |
| sessionId | string | body | Yes | Unique session identifier for the request |
| userId | integer | body | No | Optional user identifier for multi-user tracking |
| timestamp | string | body | Yes | ISO 8601 timestamp of the assessment request |
Response: Returns detailed security assessment with domain scores, risk findings, compliance status, and remediation recommendations.
Summary: Get Domains
Description: Retrieve definitions and metadata for all 14 security assessment domains.
Parameters: None
Response: Returns array of security domain definitions including domain keys, names, descriptions, and assessment criteria.
Summary: Get Domain Details
Description: Retrieve detailed information, control requirements, and assessment criteria for a specific security domain.
Parameters:
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
| ------ | ------ | ---------- | ---------- | ------------- |
| domain_key | string | path | Yes | Unique identifier for the security domain (e.g., identity_access, data_protection, prompt_injection_defense) |
Response: Returns detailed domain specification including control objectives, assessment questions, scoring criteria, and compliance mappings.
| Plan | Calls/Day | Calls/Month | Price |
|---|---|---|---|
| ------ | ----------- | ------------- | ------- |
| Free | 5 | 50 | Free |
| Developer | 20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
共 1 个版本