NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
Deliverablesdeliverable
deliverable
public-sample

AI System Inventory / Application Register

A structured inventory of AI-enabled features, owners, models, data classes, retrieval, tools, approvals, traces, and evidence state.

10-20 pages
Scope AI Governance & Security Program BuildScope AI Security Maturity BenchmarkScope AI Product Security Assessment
Client deliverable
public-sample
10-20 pages

Synthetic public-safe inventory of AI-enabled features, product owners, model providers, data classes, retrieval sources, tools, approvals, logging, and evidence state.

System
AI System Inventory / Application Register
Environment
Production pilot

# AI System Inventory / Application Register

Sample Deliverable

Executive Summary

This inventory makes AI ownership visible. It lists AI-enabled systems, owners, model routes, data classes, retrieval sources, tools, approvals, logging, risk tiers, and evidence state.

The result is not a spreadsheet for its own sake. It is the foundation for governance, launch readiness, enterprise review, and product security decisions.

Heads up

Public sample notice

This is a shortened, synthetic excerpt prepared as a public sample. A client version would include system-specific evidence, implementation references, architecture screenshots, control test results, owner sign-offs, and full supporting documentation. This sample uses Northstar Support Cloud / Customer Support Copilot as the synthetic reference system. This sample is not legal advice, not a compliance certification, not an audit opinion, not a warranty, and not proof that any unreviewed system is secure.
Decision · planned

Inventory decision

Use the inventory as the starting point for AI security governance. Any AI system without an owner, risk tier, model route, evidence state, and change-review path should be treated as incomplete.

Metrics

Inventory Snapshot

Systems inventoried
3
Production systems
2
Tier 4 systems
1
RAG-enabled systems
2
Tool-enabled systems
2
Systems with partial evidence
1
Note

You cannot govern what you cannot name

AI security starts by naming the systems, owners, boundaries, data classes, and evidence. Without inventory, governance becomes memory and meetings.

Inventory register

Evidence pack

AI System Inventory

The inventory captures AI-enabled systems, risk tier, deployment state, owners, model routes, retrieval, tool access, approvals, trace logging, and evidence state.

Synthetic public-safe inventory of AI-enabled features, product owners, model providers, data classes, retrieval sources, tools, approvals, logging, and evidence state.
implemented
0
partial
0
missing
0
planned
0

Portfolio overview

AI portfolio overview

SystemStatusRisk tierRAGToolsEvidence state
Northstar Support Cloud / Customer Support Copilotproduction pilotTier 4yesyespartial
Sales Email AssistantdesignTier 2noyesdraft
Internal Policy SummarizerproductionTier 1yesnoimplemented

Required inventory fields

Required inventory fields

FieldRequiredWhy it matters
System owneryesunowned AI systems create remediation and buyer-response gaps
Risk tieryescontrols should map to actual behavior and blast radius
Model routeyesprovider, retention, training-use, and data routing claims depend on route
Retrieval sourcesconditionalRAG creates authorization, source trust, chunking, and prompt-assembly risk
Tool accessconditionaltools convert generation risk into authority and operational blast radius
Trace loggingyesauditability and incident response depend on traces

Portfolio findings

Findings

Portfolio Findings

Finding · high

Critical AI systems still have partial evidence

Evidence: ai-system-inventory-review

The Northstar Support Cloud / Customer Support Copilot is a Tier 4 system with retrieval and tools, but its evidence state is still partial. That should drive assessment and remediation priority.

Finding · critical

Tool-enabled systems need a tool BOM

Evidence: ai-system-inventory-review

The inventory shows multiple systems with tool access. These systems need a tool inventory, action classes, approval requirements, and audit requirements.

Finding · high

Provider boundary claims need route-specific evidence

Evidence: ai-system-inventory-review

Customer-facing provider claims depend on the exact model route, provider terms, retention behavior, and data minimization controls.

Inventory operating rules

Checklist

Inventory operating rules

Every AI system has a named business owner, technical owner, and security owner.
Every production or pilot AI system has a risk tier.
Every model call maps to an approved route.
Every RAG system lists retrieval sources and authorization state.
Every tool-enabled system has a tool inventory and permission matrix.
Every customer-facing system has trace logging and answer-bank coverage.
Every material change triggers inventory refresh.
Decision · conditional

Portfolio review decision

Use the inventory to decide assessment sequence. Start with Tier 4 systems that combine RAG, tools, customer impact, and partial evidence.

Recommended next artifacts

Artifact

Related artifact: AI Security Operating Model Blueprint

The operating model defines how this inventory becomes a repeatable governance workflow.

/deliverables/ai-security-operating-model-blueprint
Artifact

Related artifact: Agent Tool Inventory

The tool inventory expands the tool-enabled rows into tool-specific owners, action classes, approvals, and audit requirements.

/deliverables/agent-tool-inventory
Artifact

Related artifact: Enterprise AI Security Evidence Pack

The evidence pack turns inventory facts into buyer-ready proof.

/deliverables/enterprise-ai-security-evidence-pack