ClawHub

Enterprise AI Security Controls Assessment

Security

Assess OT/ICS security posture across 30 controls in 6 principles — Business Driven, Risk Based, Enterprise Wide, Methodical, OT Security Focused, and OT Sec...

duplicate of @krishnakumarmahadevan-cmd/ot-security-assessment (1.0.0)

Install

openclaw skills install enterprise-ai-security-controls-assessment

Enterprise AI Security Controls Assessment

Assess your organization's AI security posture across 12 enterprise domains — Identity & Access, Data Protection, Prompt Injection Defense, Model Protection, API Security, Agent Permissioning, Output Filtering, Monitoring & Anomaly Detection, Compliance Mapping, Incident Response, Encryption & KMS, and Risk Intelligence. Each domain covers 5 controls (60 total) and produces prioritized remediation guidance.

Usage

{
  "tool": "enterprise_ai_security_controls_assessment",
  "input": {
    "organization_name": "Acme Corp",
    "industry": "Financial Services",
    "ai_maturity": "intermediate",
    "domains_to_assess": ["identity_access", "prompt_injection_defense", "api_security"],
    "current_controls": {
      "identity_access": {
        "mfa_enabled": true,
        "rbac_implemented": false,
        "service_account_rotation": "manual"
      },
      "prompt_injection_defense": {
        "input_validation": "basic",
        "system_prompt_hardening": false,
        "canary_tokens": false
      }
    }
  }
}

Parameters

ParameterTypeRequiredDescription
organization_namestringName of the organization being assessed
industrystringIndustry vertical (e.g., Financial Services, Healthcare, Retail)
ai_maturitystringCurrent AI maturity level: beginner, intermediate, advanced
domains_to_assessarraySubset of domain keys to assess. Omit to assess all 12 domains
current_controlsobjectKey-value map of existing controls per domain (see domain keys below)

Domain Keys

KeyDomain
identity_accessIdentity & Access Control
data_protectionData Protection
prompt_injection_defensePrompt Injection Defense
model_protectionModel Protection
api_securityAPI Security
agent_permissioningAgent Permissioning
output_filteringOutput Filtering
monitoring_anomalyMonitoring & Anomaly Detection
compliance_mappingCompliance Mapping
incident_responseIncident Response
encryption_kmsEncryption & Key Management (KMS)
risk_intelligenceRisk Intelligence

What You Get

  • Domain-by-domain scorecard — maturity rating per domain (Initial / Developing / Defined / Managed / Optimizing)
  • Control gap analysis — which of the 60 controls are missing, partial, or implemented
  • Prioritized remediation roadmap — Quick Wins (0–30 days), Medium-term (30–90 days), Strategic (90+ days)
  • Compliance alignment — mapped to NIST AI RMF, ISO 42001, SOC 2, and GDPR where applicable
  • Executive summary — board-ready summary of AI security posture

Example Output

{
  "organization": "Acme Corp",
  "overall_maturity": "Developing",
  "overall_score": 42,
  "domain_scores": {
    "identity_access": { "score": 60, "maturity": "Defined", "gaps": 2 },
    "prompt_injection_defense": { "score": 20, "maturity": "Initial", "gaps": 4 },
    "api_security": { "score": 55, "maturity": "Developing", "gaps": 2 }
  },
  "top_risks": [
    "No system prompt hardening exposes models to override attacks",
    "RBAC not implemented — lateral movement risk across AI services",
    "No canary token monitoring for prompt exfiltration"
  ],
  "quick_wins": [
    "Enable RBAC on all AI service accounts (3 days)",
    "Deploy input sanitization layer before LLM endpoints (7 days)",
    "Rotate all AI API keys and set expiry policies (1 day)"
  ],
  "compliance_gaps": ["NIST AI RMF: GOVERN-1.1", "ISO 42001: 6.1.2", "SOC 2: CC6.1"]
}

API Reference

Base URL: https://portal.toolweb.in/apis/security/entaisecconass

EndpointMethodDescription
/GETHealth check
/api/ai-security/assessPOSTRun full assessment
/api/ai-security/domainsGETList all 12 domain definitions
/api/ai-security/domain/{domain_key}GETGet details for a specific domain

Authentication: Pass your API key as X-API-Key header or mcp_api_key argument via MCP.

Pricing

PlanDaily LimitMonthly LimitPrice
Free5 / day50 / month$0
Developer20 / day500 / month$39
Professional200 / day5,000 / month$99
Enterprise100,000 / day1,000,000 / month$299

About

ToolWeb.in — 200+ security APIs, CISSP & CISM certified, built for enterprise AI security practitioners.

Platforms: Pay-per-run · API Gateway · MCP Server · OpenClaw · RapidAPI · YouTube

More in Security