R47 — AI Inventory Gap

Q: How do security teams mitigate AI Inventory Gap?

In CISO Game, AI Inventory Gap is reduced by Detection (30%), Prevention (30%), Awareness (20%), Identity (10%) subscores. Real-world programs use the same control families, with category investments such as AI System Inventory & Classification.

Q: Why does AI Inventory Gap matter to a CISO?

Severity 7 (Major). AI inventory gap is the foundational governance gap that blocks every other AI-program control: you can't govern what you can't see. Discovery (shadow-AI usage, embedded AI features in SaaS, internal model deployments) is a continuous problem because AI capability is shipping into every product category.

Stress-test AI Inventory Gap in the AI startup scenario Series-B, AI-first, six new AI risks in your register.

Start playing →

R47 AI Severity 7 · Major Residual offset +10

You don't know which AI systems exist in the company. EU AI Act / NIST AI RMF require complete inventory. Without it, conformity assessments fail and you can't classify risk.

What is AI Inventory Gap?

You don't know which AI systems exist in the company. EU AI Act / NIST AI RMF require complete inventory. Without it, conformity assessments fail and you can't classify risk. CISO Game tracks this as R47 in the live risk register, severity 7 (Major), category AI.

How does CISO Game model AI Inventory Gap?

Exposure for R47 runs from 0 to 100, recomputed live as you buy, cancel, or reassign products. How the exposure model works →

Real-world parallel

AI inventory gap is the foundational governance gap that blocks every other AI-program control: you can't govern what you can't see. Discovery (shadow-AI usage, embedded AI features in SaaS, internal model deployments) is a continuous problem because AI capability is shipping into every product category.

How do security teams mitigate AI Inventory Gap?

The dominant subscore levers for this risk are:

Detection subscore — weight 30%
Prevention subscore — weight 30%
Awareness subscore — weight 20%
Identity subscore — weight 10%

Residual offset: +10 exposure points are structural — no product fully removes them. Real-world parallels: zero-day windows, vendor monoculture, regulator unpredictability.

Gated: only active when AI focus is enabled in Setup.

Which investments mitigate AI Inventory Gap?

Products in CISO Game that reduce exposure to R47:

AI System Inventory & ClassificationAI Security

Which related risks should you also watch?

Risks with similar dominant subscores or shared category — addressing one often helps the others:

Why does AI Inventory Gap matter to a CISO?

AI risk is the newest category in the register. AI Inventory Gap requires controls that are still maturing — model cards, AI red-teaming, AI-SPM, prompt-injection detection. CISO Game's AI focus toggle activates these.

How can you test your mitigation strategy?

Click Play CISO Game free to see R47 appear live in your risk register and watch each purchase move the exposure number in real time. No signup required.

Stress-test AI Inventory Gap in the AI startup scenario →