Every AITBM term and acronym, defined without jargon. Hover any underlined term on the site for a quick definition, or search below.
The framework and the three layers that feed its final score.
The whole framework — a repeatable method for scoring how risky an AI system is, from 0 to 10, without relying on assessor opinion.
The final 0–10 number. It combines all three layers; higher means more residual risk. It can never reach zero because of the α floor.
How strong the system is on its own. 21 checks across five security areas, each scored 0–4. Reported as a five-number profile, not a single score.
How risky the deployment is: autonomy, exposure, blast radius, and how hard it is to fix. Produces the Compound Risk Multiplier (CRM).
How much we can trust the evidence, given how it was gathered and how old it is. Low confidence inflates the score and triggers re-assessment.
A step-up factor (1.00–1.60, capped at 1.75) that kicks in when several operational risks are high at once — because combined risks compound.
The irreducible 15% of risk that remains even with perfect controls. It stops any score from reaching zero — AI risk can't be fully eliminated.
The security areas inside Layer 1. Each holds several 0–4 sub-metrics.
Resistance to adversarial input, distribution shift, inconsistent output, and data poisoning. (4 sub-metrics)
Demographic parity, calibration consistency, representation bias, and counterfactual fairness. (4 sub-metrics)
Explainability, confidence calibration, audit-trail completeness, and model-lineage disclosure. (4 sub-metrics)
Training-data leakage, inference-attack resistance, data minimization, and re-identification risk. (4 sub-metrics)
Keeping an agent inside its limits: scope, escalation, output filtering, side channels, and identity. The axis that carries AITBM's agentic-systems coverage. (5 sub-metrics)
A Containment sub-metric. Can the system prove which agent is acting, and resist impersonation? Critical for agentic and MCP systems where agents call each other and external tools.
The inputs to Layer 3 — how AITBM tracks whether an assessment can still be trusted.
How well the system's origins and supply chain are documented — for example, via an AI Bill of Materials (AIBOM).
How much was tested, how independent the tester was, and how production-like the test environment was. A weak link in any one drags it down.
How recent the evidence is. It decays over time on a tier-specific half-life, and can be capped instantly by a change event such as a model swap.
A 0–1 measure of how far the system has drifted from what was assessed. Higher drift makes freshness decay faster.
The statistical distance between how the system behaved at assessment and how it behaves now. Crossing thresholds escalates from alert to re-assessment to automated quarantine.
How AITBM turns a score into a required level of scrutiny.
A floor a dimension must meet. Failing one flags a severity on its own, regardless of the overall score. A "Critical MVT" means unacceptable risk.
Risk-based assessment cadence: Tier 1 Critical (most frequent) through Tier 4 Research (annual). Higher tiers re-assess more often and let evidence decay faster.
Three assessment depths. Full evaluates all five axes; Standard uses reduced test batteries; Lite covers the core axes only — a practical on-ramp for smaller teams.
Concrete measurements that feed the rubrics — shown here for the new identity sub-metric.
How often an attacker can successfully impersonate an agent. A core test for Cn-5 — lower is better.
How quickly a compromised agent is detected and isolated. Another Cn-5 test — faster is better.
The ecosystem AITBM aligns to, maps against, or improves upon. See Resources for the full alignment.
Open catalog of defensive techniques. AITBM turns each control into a measurable change in the score.
OWASP's AI scoring system and AITBM's predecessor. AITBM addresses its structural gaps.
An OWASP control checklist ("what controls should exist") — a planned input layer for AITBM scoring.
A pass/fail certification with a Lloyd's-backed insurance backstop. It certifies controls; AITBM measures risk — they complement each other.
The traditional software-severity score. AITBM explains why it falls short for non-deterministic AI.
A standard for connecting agents to tools and data. A primary agentic deployment class AITBM is built to assess.
An architecture where a model retrieves documents before answering. AITBM has a dedicated weighting profile for it.
A taxonomy of real-world attacks on AI systems. AITBM aligns its threat coverage and sources case studies from it.
The U.S. NIST framework for managing AI risk. AITBM aligns its method to it.
AI management-system and impact-assessment standards. AITBM aligns its governance and impact methodology to them.
EU law classifying AI systems by risk. AITBM maps to its high-risk classification requirements.
Cryptographic identity standards for workloads and agents, mapped onto the top levels of the Cn-5 rubric.
No terms match your search. Try a shorter word — like "score", "identity", or "drift".