What types of AI risks can I register?

Any risk related to an AI system or its components: bias and fairness, data quality, security vulnerabilities, performance degradation, regulatory non-compliance, IP leakage, misuse, prompt injection, hallucination.

Can I link a risk to a specific model or dataset?

Yes. Risks can link to any sub-component: a specific model, dataset, interface, use case, or action.

How does AI Sigil compute risk scores?

Risk dimensions (likelihood, impact, severity) are captured as structured answers. Computed functions aggregate these into initial and residual severity scores. The score is a structured estimate, not a regulator-issued grade.

What is the relationship between risks and mitigations?

Each risk can have one or more mitigations linked to it. Mitigations are separate entities with their own status, owner, and metadata.

Can I track residual risk after mitigations are applied?

Yes. Each risk carries both an initial risk level and a residual risk level.

How do AI risks connect to compliance controls?

Risks and controls both link to AI systems through the entity graph. A completed control assessment provides evidence that associated risks are being managed.

Does AI Sigil support the NIST AI RMF Manage function?

Yes. The NIST AI RMF Manage function is implemented through the risk register, mitigation tracking, and audit trail.

Can I see all risks across my entire AI portfolio?

Yes. The portfolio view aggregates risks across all AI systems with filters for severity, mitigation status, domain, and system.

Who should be responsible for managing AI risks?

AI Sigil assigns an owner to each risk and each mitigation, tracked with full audit history.

Does AI Sigil support regulatory risk management requirements?

Yes. EU AI Act Articles 9 and 17 require risk-management systems for high-risk AI; the risk register, mitigation tracking, and audit trail directly support these requirements.

Can I export risk data for board reporting?

Yes, via the API for integration with board-reporting tools, plus the portfolio view metrics.

AI Risk Management Software for AI-specific Risks

AI Sigil is AI risk management software that identifies risks where they actually live, on specific models, datasets, and components. The AI risk management software lets you define treatment plans, track mitigations, and connect your risk posture to your compliance program in one place.

What AI risk management software does

The practice of identifying, assessing, and mitigating risks specific to AI systems. It runs on an AI-specific vocabulary and data model: risks live on models, datasets, interfaces, use cases, and actions, not on generic asset records.

Captures bias, hallucination, data drift, prompt injection, model degradation, IP leakage, regulatory non-conformity
Anchors every risk to the component that produces the behavior
Connects the risk register to the compliance control layer through the same AI system inventory

AI Sigil delivers AI risk management software that runs this practice on top of the same AI system inventory that powers its compliance side, so a risk identified on a model is visible from every system that uses that model.

How AI risk management software identifies risks

The AI risk management software registers each risk on the model, dataset, interface, use case, or action where it originates. Inside the AI risk management software, the risk register is a working artefact, not a quarterly export.

Capture domain, severity, likelihood, and treatment strategy as structured metadata
Score initial and residual risk separately, before and after mitigations
Filter your portfolio by severity, mitigation status, domain, AI system, or owner

From risk identified to risk resolved

Identifying a risk is the beginning, not the end. The AI risk management software lets you define one or more mitigations per risk, each with its own owner, status, and timeline.

Define mitigations. One or more per risk, each with owner, status, and due date. The relationship is one-to-many: a single risk can carry several parallel treatments tracked independently.

Implement and link evidence. Documents, test results, and exported files attach to the mitigation they support, so the link from risk to treatment to proof is preserved end to end.

Reassess residual risk. Re-score after mitigations are in place. The posture reflects today, not the day the risk was opened.

AI risk management software unified with compliance

Your risk register and your compliance controls are not separate programs. They share the same entity graph:

Risks link to AI systems
AI systems carry frameworks
Frameworks have controls
Controls have assessments

In the AI risk management software, identifying a risk on a model and assessing the control that governs it happen in the same environment, on the same data. The NIST AI RMF “Manage” function and the EU AI Act risk-management-system obligation (Articles 9 and 17 for high-risk systems) share the underlying records. No exports, no cross-referencing, no reconciliation between tools.

AI risks are not IT risks

Most enterprise risk tools assume the risk lives on an asset, an application, or a process. AI risks live on the components that produce AI behavior: the model, the data that trained it, the prompt that drove it, the interface that shaped its use. They also have a vocabulary of their own. AI risk management software that uses a generic asset model misses this distinction.

Bias and fairness

Disparate impact across groups, originating in datasets, models, and use cases.

Hallucination

Fluent but false output, originating in models, prompt design, and interfaces.

Prompt injection

User-controlled input subverting instructions, originating in interfaces and prompt design.

Model drift

Performance degradation over time, originating in models and the monitoring loop.

Data quality

Stale, incomplete, or unrepresentative training data, originating in datasets.

IP leakage

Sensitive material reproduced in output, originating in models, datasets, and interfaces.

Misuse and dual use

Use beyond intended purpose, originating in use cases and actions.

Compliance non-conformity

Failure to meet a regulatory obligation; cross-cutting and tied into the control library.

AI Sigil vs other AI risk management software

Where each category shines, where it falls short, and how AI Sigil compares on AI-specific risk coverage.

ApproACH

STRENGTH

LIMITATION

Spreadsheet

Cheap, flexible

No audit trail, no entity graph, no residual-risk reassessment workflow

Enterprise risk management suites

Mature workflows, board reporting, integration with enterprise IT

Generic asset model, no AI-specific vocabulary or risk-class scoping

AI Sigil

AI Sigil's AI risk management software anchors AI-specific risks on components, scores residual risk, and unifies with the compliance control layer

Library still expanding

Start with a 14-day free trial.

What to look for in AI risk management software

The AI risk management software you choose has to model risks at the component level, not just at the AI system level. A risk that originates in a training dataset behaves differently from a risk that lives in a prompt design or a deployment interface, and your software has to capture that distinction natively.

It has to score residual risk after mitigations, not just initial risk. AI risk management software that only stores a single severity field cannot represent the full posture lifecycle: identified, treated, reassessed.

And it has to share the same entity graph as your compliance controls. Risk records that sit in a different tool from your control library will drift apart, and you will spend more time reconciling exports than running the program.

AI System Registry

Framework Activation

Controls & Assessments