AI Features

The Adversarial platform uses AI large language models (LLMs) to automate risk and incident management and streamline communications. AI features are available across three areas: the Risk Register, the Incident Register, and Governance Reporting.

Overview

Feature	What AI does
Risk Register Scoring	Assesses likelihood and impact, explains rationale, identifies associated threat objectives
Incident Register Scoring	Proposes incident severity per the CIRP, explains rationale, identifies associated threat objectives
Governance Reporting	Constructs narrative summaries and explanations of risk and incident data for executive and board reporting

Note

Content generated by AI within the platform is clearly delineated, available for user review and modification, and guided by the prescriptive procedural documents provided by the platform alongside tactical embedding supplements.

Risk Register Scoring

When risks are brought into the register — whether through automated API integrations, bulk CSV imports, or manual entry — AI can be applied individually or in bulk to:

• Assess likelihood and impact ratings
• Memorialize the rationale behind the conclusions
• Discern the threat objectives potentially associated with the risks

To conduct this processing, the AI embeds the available risk details with the Risk Assessment Management Procedure (RAMP) and a tactical embedding supplement in a prompt. The RAMP provides the scoring framework; the supplement incorporates customer-specific context and feedback.

Incident Register Scoring

Incident scoring follows a similar approach. Available incident details are embedded alongside the Cyber Incident Response Procedure (CIRP) and an embedding supplement to:

• Propose incident severity per the CIRP
• Explain the rationale for the proposed severity
• Automatically assign relevant threat objectives with appropriate correlation levels

Severity reasoning is persisted in the incident record, providing a permanent audit trail of the AI’s scoring rationale.

Governance Reporting

Several elements of governance reporting use AI to construct narrative summaries and explanations of included data:

• Executive summary — Takes threat profile data, risk metadata, and incident metadata from the reporting period to identify themes, patterns, and changes. The AI produces section summaries for threats, risks, incidents, and compliance, along with a notice rating indicating which areas require attention.
• Risk management slide — Uses similar prompts to construct a summary of remediation agility.

Embedded fields

The quality of AI scoring depends on the detail captured in each entry. The table below shows which fields are used for each register:

Field	Risk Register	Incident Register
Title	Yes	Yes
Description	Yes	Yes
Initially Reported Urgency (IRU)	Yes	—
Threat Objectives	Yes	Yes

Tip

The Title and Description fields play the most important role. When adequate details are provided in these fields, the AI will disregard the Initially Reported Urgency when making its scoring suggestion. Conversely, when Title and Description lack detail (or one is left blank), the AI will bias or default toward the IRU that was provided.

Data handling and privacy

AI scoring is currently routed to Adversarial’s commercial OpenAI account by default. The ability to train models or otherwise share customer data with OpenAI is explicitly disabled.

The procedural documents (RAMP, CIRP) and tactical embedding supplements that guide AI outputs are available for review on demand. In conjunction with the procedural guides, they provide more deterministic outcomes on risk and incident scoring than most manual team processes in practice.