Artificial Intelligence Risk Management
Artificial Intelligence risk attributes provide a deeper assessment of the risks related to AI-generated content in Cloud Services by capturing Large Language Model (LLM) and Agentic AI details for AI categories on the Cloud Registry.
Artificial Intelligence Risk Attributes
The Artificial Intelligence risk score is calculated out of the following categories, attributes, and values defined by Skyhigh CASB.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| AI Security | Agentic AI | AI services that autonomously plan, decide, and take actions by calling tools and services as needed to achieve defined goals with minimal human intervention. |
80 - Yes |
| AI Security | LLM Supported | Does the service offer LLMs (Large Language Models) as part of its service offering? |
80 - Yes |
| AI Security | Jailbreak | Jailbreak is the degree to which a model can be manipulated to generate content misaligned with its intended purpose. | 80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | Toxicity | Toxicity is the degree to which a model generates toxic or harmful content like threats and hate speech. | 80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | Bias | Bias is the degree to which a model generates biased or unfair content that could be introduced due to training data. | 80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | Malware | Malware is the degree to which a model can be manipulated to generate malware or known malware signatures. | 80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | NIST |
Warns if the model lacks alignment with the NIST AI Risk Management Framework, increasing the risk of untrustworthy AI behavior. |
80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | OWASP |
Flags models exposed to critical vulnerabilities outlined in the OWASP Top 10 for LLMs, posing security risks. |
80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | CBRN |
Assess the Al System responses to attack prompts related to chemical, biological, and cybersecurity threats. |
80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
| AI Security | Harmful |
Evaluate AI System behavior to attack prompts related to physical, emotional, or social harm. |
80 - High Risk 40 - Medium Risk 10 - Low Risk 50 - Not Publicly Known 0 - NA |
NOTES:
- LLM risk attributes are zero-weighted and not part of Skyhigh's default risk scoring. However, you can override the risk scores on the Risk Management. For details about editing the risk category weights, see Edit Global Risk Weighting.
- To restore default risk attributes, select Skyhigh Default, and then click Restore on the Risk Management (found under Governance > Risk Management).
Strengthen AI Security with Agentic AI Attribute
Agentic AI refers to AI services that autonomously plan, decide, and act to achieve defined goals without direct instruction. Unlike traditional AI, which responds only to explicit prompts, agentic systems can use tools, access services, and carry out multi-step actions with minimal human involvement. For instance, they can automatically execute workflows, call APIs or cloud services, modify data configurations, share data with external tools, and act on behalf of an employee.
Due to these capabilities, Agentic AI can manipulate user data or configurations, potentially leading to compliance failures and regulatory penalties. If you do not identify Agentic AI within the services, organizations may struggle to pinpoint the root causes of AI-driven activities and incidents. By flagging Agentic AI in cloud services, organizations can identify the services capable of autonomous actions, implement appropriate security controls, and strengthen governance over AI-related risks.
Using the Agentic AI attribute in Skyhigh Cloud Registry allows organizations to detect and track services that utilize Agentic AI. It improves visibility into risk assessment and overall AI security posture.
Key benefits of identifying Agentic AI in your cloud services:
- Classify the service as higher risk
- Apply enhanced monitoring and controls
- Make informed allow/block decisions
- Improve audit and compliance alignment
- Reduce exposure from autonomous actions
View Agentic AI Risk Attribute Values
To view the Agentic AI risk attribute values for an AI service:
- Go to Governance > Cloud Registry.
- Select the Filters tab.
- Select Agentic AI from the Risk Attributes menu.
- Select the required checkboxes (such as Not Publicly Known, NA, NO, or YES), and then click Apply.
Here, we have selected Yes and No checkboxes as an example.
- Select any AI service from the table.
- On the Registry Overview page, select the Risk tab.
- Select the Artificial Intelligence risk category.
- Expand the Agentic AI attribute to view the attribute values.
To download the PDF, click Actions > Create Report > Business Report.
You can override the Agentic AI risk weights on the Risk Management page.
View Agentic AI Attribute Column on the Cloud Registry Page
To view the Agentic AI column on the Cloud Registry page:
- Go to Governance > Cloud Registry > Filters.
- Select Agentic AI from the Risk Attributes menu.
- Select the required checkboxes (such as Not Publicly Known, NA, NO, or YES), and then click Apply.
Here, we have selected Yes and No checkboxes as an example.
- From the Actions menu, select Settings > Edit Table Columns.
- In the Edit Table Columns dialog, expand Risk Attributes, and select Agentic AI.
- Click Save Table Settings.
The Agentic AI attribute column appears on the Cloud Services table.
To create a report, go to the Actions menu > Create Report.
View Agentic AI on the Service Groups Page
To view the Agentic AI-supported services in the Service Groups page:
- Go to Governance > Service Groups.
- Create a service group for Agentic AI using rules. To create a service group, see Create a Service Group.
- On the Service Groups page, select the Filters tab.
- Select Agentic AI from the Risk Attributes menu.
- Select the required checkboxes (such as Not Publicly Known, NA, NO, or YES), and then click Apply.
Here, we have selected the Yes checkbox as an example.
