AI Security Posture¶
Map your AI attack surface. Score your controls. Audit your MCPs. Run a real-risk assessment for the agentic era — not a checkbox exercise.
Why this exists¶
Every organization deploying Copilot, ChatGPT Enterprise, Claude, Cursor, or internal AI tooling just expanded their attack surface in ways their existing security tools don't see.
The CISO is being asked:
- Are we using AI? How? Where? Who? When?
- What data is going to which models?
- What MCP servers are connected? What can they reach?
- Are our AI agents scoped correctly or are they over-privileged?
- What does our blast radius look like if an agent gets compromised?
- Are we aligned with NIST AI RMF? EU AI Act?
No existing platform answers these questions. Shadow IT is now shadow AI, and it's moving 10× faster with a much larger blast radius when it goes wrong.
Salient's AI Security Posture module is built specifically to answer them.
What it does¶
Four capabilities, one coherent workflow:
1. Inventory¶
Catalog every AI tool in use — sanctioned, shadow, under review, or banned. Track:
- Vendor, tool type (LLM / copilot / agent / embedding / MCP server / AI feature)
- Data classification (public / internal / confidential / restricted)
- Authentication method (SSO / managed API key / personal account)
- DPA status, PII exposure, internet egress, MCP connectivity
Auto risk indicators flag common danger patterns: No DPA, Personal account, Unscoped MCP, Shadow AI, PII access.
2. Assess¶
34 security controls across 7 domains, weighted by risk severity, aligned to NIST AI Risk Management Framework (AI RMF):
| Domain | Focus |
|---|---|
| Inventory & Governance | AI tool inventory, policy, shadow AI detection, procurement review, risk owner |
| Data Governance | Classification for AI inputs, DPAs, training opt-out, retention, RAG pipeline controls |
| MCP Security | Server inventory, least privilege, authentication, tool call logging, supply-chain vetting |
| Prompt Security | Injection mitigations, system prompt secrecy, adversarial testing, output filtering |
| Agent Security | Least-privilege agents, human-in-the-loop, action logging, containment, identity management |
| Access Control | RBAC on AI tools, API key secrets management, MFA, access reviews |
| Monitoring & IR | Usage monitoring, AI incident response plan, AI TTX scenarios, cost anomaly alerts |
Answer each control Yes / Partial / No / Not Applicable. The scoring engine produces a weighted overall score and per-domain breakdown.
3. Results¶
The assessment produces:
- Overall score — weighted across all 7 domains (critical-risk controls weighted higher)
- Domain scores — where you're strong, where you're exposed
- Gap list — severity-ordered, with remediation guidance per gap
- Prioritized recommendations — top 8 actions, critical-first
- Markdown report — audit-ready, downloadable, board-suitable
- Twin sync — push the findings into the digital twin as structured facts
4. MCP Audit¶
Every MCP server connected to your platform is audited automatically:
- Transport security (HTTPS enforced? anonymous connections allowed?)
- Authentication (token-based? origin-validated?)
- Tool surface (count, write/execute-capable tools flagged)
- Risk level (critical / high / medium / low) with remediation
Who this is for¶
| Persona | What they need | What this delivers |
|---|---|---|
| CISO | A defensible answer when the board asks about AI risk | Board-ready posture report, scored against NIST AI RMF |
| vCISO / MSSP | Standardized assessment across multiple clients | Per-org inventory + scoring, twin sync for continuity |
| Security engineer | Concrete, prioritized list of what to fix | Severity-ordered gap list with actionable guidance |
| Compliance lead | Evidence for EU AI Act, NIST AI RMF, ISO 42001 readiness | Control mappings + audit-ready markdown reports |
| CTO / AI lead | Safely scale AI adoption | Roadmap from current state to agentic systems |
How it connects to the rest of Salient¶
AI Security Posture isn't a standalone feature — it feeds the compounding intelligence loop that powers everything in Salient:
- Inventory → Digital twin learns about your AI tools
- Assessment → Twin facts get created for sanctioned tools, shadow AI, critical gaps, overall posture score
- Exercises → TTX scenarios become AI-aware (ransomware exercise now references your actual AI stack)
- Compliance → AI Posture evidence contributes to NIST CSF, CIS v8, SOC 2 exports
- Posture → Cross-source synthesis includes AI findings
Every assessment strengthens every other capability.
Get started¶
- Sign in to your Salient workspace
- Navigate to AI Posture in the sidebar (under Data)
- Start with Inventory — add the obvious tools first: ChatGPT, Copilot, Cursor, Claude, internal AI deployments
- Move to Assess — work through the control checklist (34 controls, ~20 minutes)
- Review Results — download the report, sync to twin
- Check MCP Audit — if you have MCP servers connected, they're already scored
See also:
- Control Catalog — full list of 34 controls with guidance
- Scoring Methodology — how the numbers are computed