Subodh KCSubodh KC/systems
let's talk →
Interactive Security Tools

AI Security Tools
& Calculators

Assess your internal AI application's security posture with interactive tools — blast radius, agent capability matrix, prompt-injection scenarios, and downloadable checklists.

July 15, 2026By Subodh KC

Educational notice: These tools provide preliminary assessments for planning purposes. They do not replace a formal security review or legal compliance assessment.

Synopsis

Building internal AI applications with Streamlit, RAG, and MCP creates a new attack surface that traditional application security does not fully address. These interactive tools help you estimate blast radius, map agent capabilities to risk levels, browse real-world prompt-injection scenarios, and download structured checklists for vendor due diligence and incident evidence preservation. Use them alongside the Streamlit architecture guide and the secure RAG architecture guide.

AI Blast Radius Calculator

Estimate the potential exposure surface of your AI application based on data, users, tools, and deployment.

AI Blast Radius Calculator

Estimate the potential exposure surface of an internal AI application based on data sensitivity, user count, tool access, and deployment model.

Blast Radius: Low

Score: 3 / 48

Limited exposure surface. Basic controls and documentation are likely sufficient.

  • Document the AI system in your AI inventory with data types and user populations
  • Enable basic audit logging for all model interactions and tool calls
  • Review access controls quarterly — ensure only intended users can reach the application
  • Keep the tool allow-list minimal: remove any tool that is not actively used
How is this score calculated?

The score is the sum of weighted factors:

  • Data type (0–9): No sensitive data = 0, Public = 1, Internal = 3, Confidential = 6, PII = 7, PHI/Biometric = 9
  • User scale (1–8): 1–10 users = 1, 11–100 = 3, 101–1,000 = 5, 1,000+ = 8
  • Tool access (1–10): Read-only = 1, Write = 5, Action = 8, Admin = 10
  • Deployment (1–7): Local = 1, Internal server = 2, Cloud = 4, Public = 7
  • MCP connected: +3 (external tool discovery expands attack surface)
  • RAG enabled: +2 (document corpus is an injection vector)
  • Automatic execution: +5 (no human checkpoint before actions)
  • Multi-tenant: +4 (cross-tenant leakage risk)

Risk bands: 0–7 Low, 8–17 Moderate, 18–29 High, 30+ Critical.

Industry scenarios — click to load:

AI Agent Read / Write / Action Matrix

Map what your AI agent can do with each resource type. Risk is automatically classified based on capability and data sensitivity.

AI Agent Read / Write / Action Matrix

Map what your AI agent can do with each resource type. The matrix automatically classifies risk level based on capability and data sensitivity.
Resource
Read
Write
Action
Admin
Public knowledge base
Internal documents (non-sensitive)
Internal documents (confidential)
Customer records
Employee records
Financial data
Health information (PHI)
Biometric identifiers
Source code / IP
Security incidents
Administrative configs
External APIs (email, payments, ticketing)

How to use: Click a cell to toggle that capability for that resource. Risk is automatically classified based on the combination.

Risk levels:

  • LowMinimal risk. Standard logging and access controls are sufficient.
  • MediumModerate risk. Requires RLS, authorization checks, and audit logging.
  • HighHigh risk. Requires human approval, server-side authorization, and evidence-grade logging.
  • CriticalCritical risk. Requires mandatory human approval, multi-party authorization, full audit trail, and adversarial testing.

Prompt-Injection & AI Security Scenario Library

Browse real-world attack vectors, examples, and defense strategies for internal AI applications.

Prompt-Injection & AI Security Scenario Library

A browsable library of real-world AI security attack vectors, examples, and defense strategies for internal AI applications.

Automated detection: The HAIEC platform provides deterministic analysis for prompt injection, RAG poisoning, tool abuse, authentication gaps, and tenant-isolation weaknesses — alongside runtime adversarial testing and evidence-grade outputs.

What These Tools Don't Cover

These tools provide preliminary assessments. They are not a substitute for a formal security review.

Runtime adversarial testing

The calculator and matrix estimate exposure based on your inputs. They do not execute live prompt-injection attacks, RAG poisoning attempts, or cross-tenant access tests against your running application.

Code-level vulnerability analysis

These tools do not inspect your source code, MCP server definitions, RAG pipeline configuration, or authorization logic for implementation-level vulnerabilities.

Regulatory compliance determination

The tools do not assess whether your specific deployment triggers obligations under TRAIGA, EU AI Act, HIPAA, NYC LL 144, or other regulations. Compliance depends on jurisdiction, data types, use case, and user population.

Vendor security verification

The tools do not verify whether your AI vendor actually enforces the controls they claim. Use the vendor due-diligence checklist for structured procurement evaluation.

Need comprehensive analysis? The HAIEC AI Exposure Assessment performs deterministic code analysis, runtime adversarial testing, and produces evidence-grade compliance documentation.

Industry Coverage

The blast radius calculator includes one-click scenario presets for common industry deployments. Here is how the risk factors differ by industry.

Healthcare (PHI)

Typical profile: PHI data, 100–1,000+ users, action tools (lab lookups, order entry), RAG from EHR, internal server deployment.Key risks: RAG poisoning via clinical documents, PHI leakage in model prompts to external APIs, unauthorized access through shared clinical workstations, HIPAA breach notification obligations.Regulatory: HIPAA, TRAIGA (if using AI for clinical decisions), state health privacy laws.

Financial Services

Typical profile: Confidential/financial data, 100–1,000+ users, action tools (trade tickets, email), RAG from research corpus, auto-approval enabled.Key risks: Indirect injection via uploaded research notes, unauthorized trade execution, insider data leakage through shared RAG corpus, SEC/FINRA reporting obligations.Regulatory: SEC, FINRA, SOX, GDPR (if EU clients), TRAIGA.

HR / Hiring

Typical profile: PII/biometric data, 10–100 users, admin tools (candidate status changes), cloud deployment, RAG from resume database.Key risks: Algorithmic bias in screening decisions, disparate impact on protected classes, unauthorized use of biometric data (facial analysis), missing bias audits, failure to notify candidates of AI use.Regulatory: NYC Local Law 144 (bias audits + candidate notice), Illinois HB-3773 + AIVIA, California FEHA regulations (Oct 2025), Colorado SB 189 (Jan 2027), EU AI Act Annex III (high-risk), Texas HB 149, Maryland HB 1202.

Legal

Typical profile: Confidential/privileged data, 10–100 users, read-only tools, RAG from case documents, internal server.Key risks: Privilege waiver through AI processing, RAG poisoning via opposing party documents, unauthorized disclosure of case strategy, malpractice exposure from hallucinated citations.Regulatory: State bar AI ethics rules, ABA Model Rules 1.1 (competence) and 1.6 (confidentiality), EU AI Act (if EU clients).

Retail / E-commerce

Typical profile: Public/internal data, 1,000+ users, read-only or write tools, cloud or public deployment, RAG from product catalog.Key risks: Customer PII exposure through chatbot interactions, prompt injection via customer messages, pricing manipulation through RAG poisoning of product data, CCPA/GDPR data deletion obligations.Regulatory: CCPA, GDPR, state consumer privacy laws, FTC AI guidelines.

Small Business

Typical profile: Internal data, 1–10 users, read-only tools, local or internal server, no RAG or MCP.Key risks: Shadow AI (employees using personal ChatGPT with company data), lack of formal AI policy, missing vendor review for adopted SaaS AI tools, no incident response plan.Regulatory: Generally lighter obligations, but CCPA (if California customers), GDPR (if EU customers), and industry-specific rules may still apply.

How to Use These Tools Together

Scenario: Healthcare internal AI assistant

A hospital IT team is building a Streamlit application that lets clinicians query patient records using natural language. The system uses RAG to retrieve from the EHR, connects to an MCP server for lab-result lookups, and is deployed on an internal server accessible to 500+ clinicians.

Step-by-step assessment:

  1. Blast Radius Calculator: Select PHI data, 101–1,000 users, action tool access, internal server deployment, MCP connected, RAG enabled. Result: Critical (score 31/44). The tool recommends mandatory adversarial testing and dual authorization.
  2. Agent Matrix: Toggle read on patient records (high), action on lab-result lookup (critical), and admin on user management (critical). The matrix flags 2 critical combinations — confirming that admin access should be removed from the agent scope entirely.
  3. Scenario Library: Review the indirect prompt injection via RAG document scenario (PI-02). The team realizes that a malicious document uploaded to the EHR knowledge base could instruct the model to call the lab-result tool and exfiltrate results. They add document provenance tracking and human approval for all action tools.
  4. Risk Register: Create entries for each identified risk with owners from IT, Security, and Compliance. Set the RAG poisoning risk to High likelihood given that clinicians can upload documents.
  5. Vendor Checklist: Evaluate the EHR vendor and MCP server provider against the 60-item checklist before signing the integration agreement.

Scenario: HR department deploying AI resume screening

A mid-size company (200 employees) in New York City and California wants to use an AI-powered ATS that ranks resumes and scores video interviews. The HR team uses the tools to assess risk and compliance obligations.

  1. Blast Radius Calculator: Load the HR/Hiring preset. Result: confidential data (PII), 50 users, admin tools, cloud deployment, RAG enabled, auto-approval. Score: Critical (score 29/44) — driven by admin access to candidate records and auto-approval without human review.
  2. Agent Matrix: Toggle admin on candidate records (critical) and read on job descriptions (low). The matrix immediately flags admin access as critical-risk — the tool should not have admin authority over candidate status without human approval.
  3. Risk Register: Create entries for algorithmic bias (R-16), missing bias audit (R-17), candidate notification failure (R-18), and unauthorized biometric analysis (R-19). Set all to High likelihood given multi-state operations.
  4. Vendor Checklist: Evaluate the ATS vendor against the full 60-item checklist. Require evidence of independent bias audit (NYC LL 144), compliance with Illinois AIVIA (video interview consent), California FEHA alignment, and EU AI Act Annex III high-risk classification documentation.
  5. Incident Evidence Checklist: Prepare the evidence preservation plan in advance — if a candidate files a discrimination claim, the company must preserve all screening decisions, model outputs, scoring criteria, and bias audit records for 4 years (California FEHA requirement).

FAQ

Are these tools free to use?

Yes. All three interactive tools are free and run entirely in your browser. No data is sent to a server. The downloadable checklists and templates are available through the lead magnet form.

Do these tools work for non-Streamlit AI applications?

Yes. While the tools were designed alongside the Streamlit architecture guide, the risk factors, agent capabilities, and attack scenarios apply to any internal AI application built with Python, React, or any other framework. The blast radius factors (data type, user scale, tool access, deployment model) are framework-agnostic.

How often should I re-run the blast radius calculation?

Re-run it whenever the application architecture changes: new data sources, new tool integrations, new MCP servers, expanded user populations, or deployment model changes. At minimum, review quarterly as part of your AI governance cycle.

Can I use the scenario library for security training?

Yes. The scenario library is designed for both planning and training. Each scenario includes a concrete attack example and defense strategies, making it suitable for tabletop exercises, developer training, and security awareness sessions.

What should I do if the blast radius calculator shows Critical?

Do not deploy without a completed security assessment. Follow the recommendations provided with the Critical result, and consider engaging a professional AI security assessment. The HAIEC AI Exposure Assessment provides deterministic analysis, adversarial testing, and evidence-grade compliance outputs.

AI Governance & Compliance Framework Guide

Get a structured framework for AI governance, risk management, and compliance — aligned with NIST AI RMF, EU AI Act, and TRAIGA. Includes templates for AI system records, disclosure reviews, and cure-response packages.

No spam. Unsubscribe anytime.

For a comprehensive guide on how NIST AI RMF, ISO/IEC 42001, SOC 2, and AI-specific security testing fit together, read How to Secure and Govern AI: NIST, ISO and SOC 2. For AI voice agent-specific security, failure modes, and deployment architecture, read Why AI Voice Agents Fail in Production.

Need an AI Security Assessment?

Get a comprehensive AI application security review — prompt injection, RAG poisoning, tool abuse, RLS, tenant isolation, and evidence-grade compliance outputs from Subodh KC, co-founder of HAIEC.

Let's Talk →