AI Posture Check Take the Check
AI Security · Productized Assessment

Find your AI security gaps before

your auditor or attacker does.

The AI Posture Check is a free 30-question self-assessment that scores your AI security across six dimensions and maps your gaps to OWASP LLM Top 10, NIST AI RMF, and ISO 42001. Built and operated by CWS.

Take the Free AI Posture Check See how scoring works
Mapped to industry-recognized frameworks
  • OWASP LLM Top 10
  • NIST AI RMF
  • ISO 42001
  • EU AI Act
  • MITRE ATLAS
Six scoring dimensions

Every AI deployment scored across the same six dimensions.

Five questions per dimension. Each dimension maps to specific controls in OWASP LLM Top 10, NIST AI RMF, and ISO 42001 Annex A.

Governance

AI policy, accountable owner, inventory, framework alignment.

Explore Governance

Data

Classification, controls, logging, vendor data terms, subject rights.

Explore Data

Prompt

Injection testing, input validation, output filtering, OWASP LLM mapping, red-teaming.

Explore Prompt

Model

Selection, version control, hallucination testing, retirement, theft prevention.

Explore Model

Runtime

Rate limiting, monitoring, isolation, incident response, audit logging.

Explore Runtime

Vendor

Due diligence, contracts, attestations, onboarding, continuous monitoring.

Explore Vendor
Six dimensions, eight-domain program

How the Posture Check maps into the full CWS AI Security Program.

The Posture Check evaluates six dimensions (governance, data, prompt, model, runtime, vendor) that map into CWS's eight-domain AI Security Program. The check gives you a fast self-scored snapshot. The full program adds AI supply chain, monitoring and response, transparency and oversight, and regulatory compliance as paid engagement workstreams.

CHECK · 6 DIMENSIONS
  • Governance
  • Data
  • Prompt
  • Model
  • Runtime
  • Vendor
PROGRAM · 8 DOMAINS
  • Governance
  • Data
  • Prompt
  • Model
  • Runtime
  • Vendor
  • AI Supply Chain

    Model provenance, third-party model risk, dataset lineage, signed-model controls.

  • Monitoring and Response

    Continuous detection across AI workloads. AI-specific incident response runbooks.

  • Transparency and Oversight

    Explainability, documentation, board-level reporting, human-in-the-loop controls.

  • Regulatory Compliance

    EU AI Act, NIST AI RMF, ISO 42001, sector regulators. Mapping plus audit-ready evidence.

See the full AI Security Program
How It Works

Three steps. Ten minutes. Real output.

01

Answer 30 questions

Five questions per dimension. Pick the answer closest to your reality. Don't overthink. The check works on accurate self-reporting, not aspirational thinking.

02

Get your score

Total score plus per-dimension scores. Color-coded tier from Foundation to Leading. Specific gap callouts referencing the questions you scored low on.

03

See your results and decide

Per-dimension breakdown, prioritized recommendations, and framework-aligned next steps render right in your browser. From there: keep going alone, schedule a paid Standard Audit, or book a Discovery Call with CWS. No email required to see results.

Engagements

Three ways to work with CWS on AI security.

Free self-assessment, fixed-fee paid audit, or quarterly retained program. Each engagement led by senior CWS engineers.

01

Free AI Posture Check

10 minutes · Free

30-question self-assessment

  • Total score plus per-dimension breakdown
  • Instant in-browser results, printable on demand
  • OWASP LLM Top 10 mapping for your gaps
  • Prioritized next-step recommendations
Best for: First-time AI risk visibility, internal stakeholder alignment, board-prep input
Take it now
02

Standard AI Posture Audit

2 weeks · Fixed-fee, scoped on call

Senior-engineer paid review of your specific AI deployments

  • Comprehensive technical assessment of named AI deployments
  • Structured review of prompt-injection and jailbreak risk against your AI deployments using OWASP LLM Top 10 test cases. Adversarial testing depth scales with engagement tier.
  • OWASP LLM Top 10, NIST AI RMF, and ISO 42001 mapping
  • Remediation roadmap with effort estimates
  • Executive-ready report
Best for: When you have specific AI deployments live and need to demonstrate diligence to your board, regulator, or customers
Get a Standard Audit Quote
03

Enterprise AI Security Program

12 months minimum · Quarterly retainer

Continuous AI security for portfolio-scale AI deployments

  • Quarterly posture reviews across all named AI systems
  • Continuous monitoring of vendor security posture
  • Detection content authoring for AI-specific threats
  • Incident response retainer
  • Quarterly executive briefings
  • ISO 42001 certification readiness if pursued
Best for: Regulated industries (banking, healthcare, government), multi-tenant AI deployments, or organizations pursuing ISO 42001 certification
Talk to an AI Security Lead
Framework Coverage

Mapped to the frameworks regulators and auditors actually reference.

OWASP LLM Top 10

The defining LLM-application security risk catalog. The AI Posture Check questions on prompt and runtime dimensions map directly.

Read the guide

NIST AI RMF

AI Risk Management Framework. Govern, Map, Measure, Manage. Increasingly cited in US regulator guidance.

Read the guide

ISO 42001

International standard for AI management systems. Certifiable. Enterprise buyers increasingly ask for it.

Read the guide

EU AI Act

Tiered risk obligations including high-risk system requirements. Phased enforcement through 2027.

Read the guide

MITRE ATLAS

Adversary tactics and techniques against AI systems. Adversarial machine learning threat catalog.

Read the guide
Vendor-Specific Guides

AI security guides for the systems you actually use.

FAQ

Frequently asked questions

What is the AI Posture Check?

A free, 30-question self-assessment that scores your AI security across six dimensions: governance, data, prompt, model, runtime, and vendor. Output is a per-dimension score, an overall tier (Foundation, Developing, Mature, or Leading), and an in-browser results page with prioritized recommendations. No email required.

How long does the Posture Check take?

Eight to twelve minutes for most users. Faster if you know your environment well.

Does the Posture Check require me to share AI deployments or technical details?

No. It is a self-assessment. You answer multiple-choice questions about your governance, controls, and posture. No technical scans. No data ever leaves your browser. We do not capture your email or any personal data to show you results.

What happens after I finish the assessment?

Your results render in the browser instantly: total score, per-dimension breakdown, prioritized recommendations, and framework-aligned next steps. From there you can print the page, walk away, or click through to the CWS contact form to discuss a paid follow-up. CWS does not contact you unless you reach out first.

How is the Posture Check different from a paid audit?

The free check is self-reported. A paid Standard Audit is delivered by a senior CWS engineer reviewing your actual AI deployments, including adversarial testing. The free check is calibration; the paid audit is verification.

Which frameworks does the Posture Check map to?

OWASP LLM Top 10, NIST AI RMF, ISO 42001, EU AI Act, and MITRE ATLAS. Your gap report includes specific framework references for each weak dimension.

Can I take the Posture Check for my whole organization or just for one AI deployment?

Either. Most users take it at the organization level. If you want a deployment-specific assessment with adversarial testing, the paid Standard Audit is the right path.

Who built the AI Posture Check?

CWS. We are a cybersecurity professional services firm that delivers AI security programs through channel partners and directly to enterprises.

Ready when you are

Ready to find out where you actually stand?

Free, 10 minutes, instant in-browser results. No email required. No sales call unless you book one.

Take the AI Posture Check Schedule a Discovery Call