AI Access Security
View the Risk Scores Assigned to GenAI Apps
Table of Contents
View the Risk Scores Assigned to GenAI Apps
Application risk scores help you quickly identify risky GenAI apps, so you can take
action to protect your environment.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following:
|
To help you quickly identify the GenAI applications that pose the greatest threats to
your organization, AI Access Security assigns each GenAI application a
risk score. These risk scores enable you to quickly identify risky AI apps, so you
can take action to protect your environment. For example, to protect your
environment, you could create a policy rule to block the application. You might also
choose to
tag the application as Unsanctioned.
An application's risk score is between 1 (low risk) and 5 (high risk) and is based on
application attributes. Some attributes are common to all SaaS applications, while a
subset of attributes are unique to GenAI applications.
GenAI attributes are attributes such as the data type for user input to
the application, the data type of the output generated by the application, and
whether user-submitted data is used by the application to train its GenAI models.
Based on GenAI attribute values, the risk score calculation determines the GenAI
risk.
In addition to the GenAI attributes, the risk score calculation uses the following
types of attributes to determine the application's general SaaS risk.
- Compliance attributes, which identify whether an application adheres to various regulatory requirements and standards.
- Identity Access Management attributes, which identify an application's authentication and access control capabilities.
- Security and Privacy attributes, which identify product features for protecting data. This category of attributes includes attributes such as whether the application encrypts data at rest and data in transit.
A GenAI application's final risk score is a combination of the general SaaS risk
(calculated from SaaS attributes) and the GenAI risk (calculated from GenAI
attributes). The risk score calculation gives extra weight to the GenAI risk when
determining the final risk score.
- Log in to Strata Cloud Manager.To navigate to the Activity Insights dashboard, select .Navigate to the Applications view.Locate the GenAI applications in the table. If necessary, you can filter the table to show only the GenAI applications.
- Add Filter and add the GenAI Application filter.Set the GenAI Application filter to TRUE.To identify the GenAI applications that pose the greatest threats, examine the risk score values in the Risk column.
Risk Score Meaning 4-5 High Risk — Very likely to be a risk. 3 Medium Risk — Represents a moderate risk. 1-2 Low Risk — Unlikely to be a risk. Take action on the riskiest apps.For example, you can create policy rules to block these applications or tag the applications as Unsanctioned.
