AI Risk Baseline Assessment
The new AI Risk Baseline Assessment enables organisations to measure their AI risk maturity against a NIST-aligned framework. Located within Risk Assessment, it provides a structured, scored view across the Govern, Map, Measure, and Manage domains — helping teams identify gaps, prioritise improvements, and track progress over time.
With guided assessments, flexible Essential or Comprehensive modes, and audit-ready snapshots, organisations can establish a clear baseline and demonstrate measurable advancement in AI governance maturity.
Evidence + Audit Packages Export
Generate audit-ready evidence packages directly from your compliance frameworks with a single click. This feature automatically compiles all supporting documentation, links, and system-generated artifacts into a structured, downloadable package.
Evidence is organised by framework domains and control requirements, ensuring clear traceability and easy navigation for auditors. By eliminating manual collection and standardising outputs, teams can streamline audit preparation, improve collaboration with auditors, and maintain a consistent, repeatable compliance process.
Third Party / Vendor Risk Assessment
The new Third Party / Vendor Risk Assessment feature enables organisations to assess AI systems provided or managed by external vendors alongside internal systems. Located within Risk Assessment and AI Inventory workflows, it introduces a structured, standardised process for running and sending assessments, replacing manual spreadsheets and email-based tracking.
Teams can send secure, no-login assessments to vendors, track completion status, and automatically generate risk scores — all while linking results directly to their AI inventory. This ensures full visibility across internal and third-party AI, supporting compliance requirements and strengthening end-to-end AI risk governance.
User Level Risk Overview
Introducing User Level Risk Overview — a new way to see AI risk exposure at the individual user level. This view highlights employees accessing unregistered or high-frequency AI services by correlating activity with your AI inventory, helping you detect shadow AI use and assess potential governance risks before they escalate. Available in Paid Plans with Microsoft Defender Shadow AI connector enabled.
Microsoft Defender Shadow AI Connector
Microsoft Defender is now supported as a Shadow AI connector. Monitor and detect AI-related activity across your environment to surface potential unregistered or unmanaged AI usage for governance review. Available in Paid Plans.
Incident Dashboard
We’ve introduced the new Incident Dashboard - a centralized, real-time view of your AI incident posture designed to improve visibility, accountability, and response performance. This dashboard brings together open incident status, severity breakdowns, SLA tracking (Time to Acknowledge, Contain, and Resolve), trend analytics, and workload distribution into a single, actionable view. Teams can quickly identify critical and high-severity unresolved incidents through the “What’s Urgent Now” queue, monitor response performance against defined targets, and detect recurring patterns using trend charts and severity × type heatmaps. With adjustable date filtering and consolidated reporting, the Incident Dashboard enables faster decision-making, stronger operational oversight, and continuous improvement in incident management.