AI agents are hitting production faster than security teams can assess them. Across the industry, dev teams are shipping agentic workflows that read customer emails, query internal databases, and call external APIs, and risk assessments aren't keeping up. It's one of the most common gaps in AI governance right now.
The only way to keep up is to fight fire with fire: augmenting risk assessments with AI to match the pace of AI adoption. That's the idea I've been building on since early 2025.
The results were impressive:
If you ran this right before a meeting and walked in with it, you'd look like an absolute boss. You just found out about the meeting 20 minutes ago and you walk in with a full breakdown of what your focus needs to be.
But augmenting risk assessments was only half the picture. The other half was the things being assessed. Business users and engineers alike are spinning up agentic workflows: news aggregators, customer service bots, internal automation - with tools like n8n. So I picked up n8n and built one myself, because the best way to assess the risk is to understand how it's built.
That experience made it clear: the methodology needed to be packaged into something anyone could pick up and run.
This AI Risk Assessment Tool is that package.
What the Tool Does
Most AI risk assessment approaches leave the methodology up to you. You bring the control mappings, the structure, the threat models - and hope you're consistent across assessments.
The AI Risk Assessment Tool bundles all of that into a repeatable framework built on real standards:
NIST SP 800-30 for risk assessment methodology
NIST Cybersecurity Framework Profile for AI (IR 8596) for AI-specific controls
OWASP Top 10 for LLM Applications and OWASP Top 10 for Agentic Applications for threat mapping
STRIDE for systematic threat modeling per component
This isn't just a chatbot you ask questions. It's a structured approach that quickly walks through a methodology.
The Lethal Trifecta
The tool starts off by applying Simon Willison’s Lethal Trifecta concept for an early-gate triage check. If your system has all three of these factors, it automatically triggers the most rigorous assessment tier:
Factor | The Risk |
|---|---|
Private Data Access | Can the AI access databases, emails, files, or credentials? |
Untrusted Input | Can external parties send data via webhooks, emails, or APIs? |
External Communication | Can the AI send HTTP requests, emails, or post externally? |
Any one of these is manageable. All three together? That's your highest-risk scenario, and the tool flags it immediately so you know what you're dealing with before you invest assessment hours.
Right-Sized Assessments
Not every AI system needs a half-day deep dive. The tool uses a tiered approach:
Tier 1 (15-30 min): Low criticality, internal only, no sensitive data. Quick checklist, move on.
Tier 2 (1-2 hours): Business-critical systems with confidential data. Full STRIDE analysis, control mapping.
Tier 3 (Half-day+): Lethal Trifecta present, regulated data, customer-facing. Full assessment with documented evidence.
The tier selection isn't arbitrary. It's driven by the system profile you build during intake. The tool asks the right questions and routes you to the right depth.
What You Get Out of It
Run the tool against an AI system and you get:
STRIDE threat model with AI-specific threat scenarios per component
OWASP mapping cross-referencing identified threats to LLM Top 10 and Agentic Top 10
85 security controls with NIST CSF mappings, prioritized by your system's risk profile
Risk ratings using NIST SP 800-30 likelihood/impact scales
A structured assessment document ready for stakeholder review
The output isn't a wall of text. It's a formatted risk assessment document with threat tables, control recommendations, and risk ratings. The kind of deliverable you'd bring to a risk committee.
Two Ways to Deploy
Option 1: AI Coding Assistant (e.g. Claude Code)
Best for solo practitioners, consultants, or anyone who wants to run assessments from their own environment.
If you're already using a coding assistant like Claude Code, setup is straightforward. Copy the skill files to your Claude Code skills directory and you get four commands:
/risk-assessment- Full guided assessment/risk-triage- Quick Lethal Trifecta check/threat-model- STRIDE analysis only/risk-report- Generate a document from an existing analysis
Pick the piece you need, run it, get results.
Option 2: Microsoft Copilot Studio
Best for teams embedding this into an enterprise M365 environment where you want broader access through Teams or the web.
The tool includes a monolithic agent configuration for Copilot Studio. Create a new agent, paste the system prompt, upload the knowledge files, and publish to Teams or the web. The repo has step-by-step instructions.
See It in Action
The repo includes a complete example assessment of a real system - the same kind of n8n workflow from the build post. It found 7 threat scenarios, rated the overall risk as LOW-MEDIUM, and recommended approval with monitoring. That's the kind of output you can expect.
Try It Yourself
The tool is open-source under MIT license. Clone the repo, set it up in Claude Code or Copilot Studio, and run it against one of your AI systems:
If you're in GRC and your organization is deploying AI (let's be honest, it is), you need a repeatable way to assess these systems. This tool gives you that.
Contributions are welcome. The repo needs additional threat scenarios for emerging AI architectures, industry-specific control mappings (HIPAA, PCI-DSS, SOC 2), and integrations with GRC platforms. If you build something on top of it, open a PR.
