Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From cybersecurity-skills
Applies NIST AI RMF 1.0 governance, fairness, robustness, transparency, monitoring, and incident response for AI/ML systems beyond prompt security.
npx claudepluginhub briiirussell/cybersecurity-skills --plugin cybersecurity-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:ai-risk-managementThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
`prompt-injection` covers the AI security slice — attackers manipulating LLM inputs. This skill covers everything else risk-related about deploying AI / ML systems: governance, fairness, robustness, transparency, monitoring, incident response specific to AI failures, third-party model risk, and compliance with the emerging AI regulatory landscape.
Guides AI governance and compliance including EU AI Act risk classification, NIST AI RMF assessments, responsible AI principles, ethics reviews, and regulatory requirements for AI systems.
Guides AI governance planning for ML systems, including EU AI Act risk classification, NIST AI RMF implementation, ethics frameworks, and compliance documentation.
Guides DPIA and EU AI Act conformity assessments for AI systems processing personal data. Covers GDPR Art. 6/9/22, training data lawfulness, automated decision-making, bias detection, and NIST AI RMF.
Share bugs, ideas, or general feedback.
prompt-injection covers the AI security slice — attackers manipulating LLM inputs. This skill covers everything else risk-related about deploying AI / ML systems: governance, fairness, robustness, transparency, monitoring, incident response specific to AI failures, third-party model risk, and compliance with the emerging AI regulatory landscape.
The framing is NIST AI RMF 1.0 (released 2023) — the most widely-adopted voluntary framework — plus the regulatory layer (EU AI Act, US executive orders, sector-specific guidance). Use this skill when you are deploying AI features beyond a chatbot wrapper, when a regulator asks "how do you govern your AI," or when something has gone wrong with an AI system in production.
Cross-references: prompt-injection for prompt-injection / LLM-specific security attacks; threat-modeling for design-time AI risk modeling; incident-triage and breach-patterns for AI-related incident response patterns; csf-mapping for the broader governance frame that AI RMF sits within.
Just like the cybersecurity framework, the AI RMF organizes the work into functions. Same shape, different content.
| Function | What it covers |
|---|---|
| Govern (GOV) | Policy, accountability, roles, risk appetite, AI principles, board oversight, governance structures |
| Map (MAP) | Context — what is the AI system, what does it do, who is impacted, what could go wrong, what are the legal / ethical constraints |
| Measure (MEAS) | Evaluate the system — fairness, robustness, accuracy, explainability, privacy, security; quantitative + qualitative metrics |
| Manage (MAN) | Treat the risks — mitigations, monitoring, incident response, decommissioning, ongoing review |
The framework is voluntary but increasingly cited in contracts, RFPs, executive orders, and emerging regulations. Treat it as the lingua franca of AI risk.
Before assessment, build the inventory. Most organizations underestimate how much AI they actually deploy.
| Category | Examples |
|---|---|
| First-party trained models | Recommendation engines, fraud detection, churn prediction, internal ML pipelines |
| First-party LLM use | Customer support chat, content generation, summarization, code generation, embeddings for search |
| Third-party AI features | Stripe Radar (fraud), GitHub Copilot (code completion), Salesforce Einstein, Notion AI, Linear AI |
| Embedded AI in products you ship | Suggested responses, smart defaults, AI sorting / ranking |
| AI in HR / hiring | Resume screening, candidate matching, performance evaluation — high regulatory exposure |
| AI in customer-facing decisions | Pricing, eligibility, content moderation, ad targeting — high regulatory exposure |
For each, record: vendor (if any), training data source, deployment context, who it affects, the decision it informs, how decisions are reviewed.
For each AI system in the inventory, answer:
The categories of evaluation, with the engineering hooks for each:
These metrics often conflict — you cannot maximize all of them simultaneously. The MAP step should have decided which is most important for the use case. For hiring AI, equalized odds matters more than demographic parity. For loan approval, the choice depends on whose interests dominate.
Tooling: Fairlearn (Microsoft), AI Fairness 360 (IBM), What-If Tool (Google), Aequitas (University of Chicago), fairlearn.metrics, aif360.metrics.
For LLMs:
prompt-injection)A model that cannot be explained at all is a model you cannot defend in a regulatory inquiry. For high-impact decisions, explainability is not optional.
privacy-engineering)?See prompt-injection — prompt injection, indirect injection, agent privilege boundaries, MCP security. Output to the AI RMF assessment is the security posture summary.
For each material risk surfaced in MEASURE:
| Risk | Treatment options |
|---|---|
| Bias against protected class | Retrain with balanced data; add constraint to training objective; pre/post-processing fairness corrections; remove the feature; remove the application |
| Hallucination on factual queries | Retrieval-augmented generation; citation requirements; fact-checking step; user warning |
| Drift over time | Monitoring; scheduled retraining; champion-challenger deployment |
| Adversarial robustness gaps | Adversarial training; input validation; rate limiting on probing patterns |
| Lack of explainability for high-stakes decisions | Switch to interpretable model class; add post-hoc explanation; add human-in-the-loop |
| Third-party model with insufficient transparency | Vendor risk review; contractual guarantees on training data; switch to self-hosted alternative |
| PII leakage potential | Differential privacy in training; PII redaction in prompts; output filtering |
The persistent layer that makes the above work over time.
Risk-tiered framework:
# AI Risk Assessment
## System(s): [list]
## Framework: NIST AI RMF 1.0 [+ EU AI Act mapping if applicable]
## Date: [date]
## Assessor: [name]
### Executive summary
[2-3 paragraphs — top risks, governance posture, regulatory exposure, recommended next 90 days]
### AI system inventory
| System | Purpose | Stakeholders | Risk tier (per MAP) | Owner |
|--------|---------|--------------|---------------------|-------|
### MEASURE findings
| System | Category | Finding | Severity |
|--------|----------|---------|----------|
| [name] | Fairness | [Disparity description with metric] | High |
| [name] | Robustness | [Failure mode] | Medium |
### MANAGE plan
| Risk | Treatment | Owner | Deadline |
|------|-----------|-------|----------|
### GOVERN posture
- [ ] AI principles documented and approved
- [ ] AI inventory maintained
- [ ] Approval gate exists for high-impact deployments
- [ ] Model cards / system cards in place for production AI
- [ ] AI incident response defined
- [ ] Decommissioning plans exist
### Regulatory mapping (if applicable)
| Regulation | Status | Action items |
|------------|--------|--------------|
### References / evidence
[Links to model cards, eval reports, audit logs]
Disposition rule (Fixed / Deferred / Accepted Risk) per owasp-audit. AI accepted-risk decisions need both engineering and (often) legal / ethics sign-off depending on system impact.
nist.gov/itl/ai-risk-management-framework (foundational)artificialintelligenceact.eu (community-maintained guide) and official text via EUR-Lex