Free Tools

Generative AI Risk Questionnaire

Evaluate the security, ethics, and compliance of third-party AI implementations.

Start questionnaire with the vendor profile, then move through each section at your own pace.

AI governance

The assessment covers how AI systems are built, trained, deployed, monitored, and explained, including accountability frameworks, bias testing, human review, ethical AI standards, and vendor ownership of model risk.

Security scope

Security teams can use the questions to document development environments, network segmentation, privileged access, incident response, penetration testing, restoration testing, third-party AI dependencies, monitoring responsibilities, and escalation paths for model-related incidents.

Privacy lifecycle

The privacy sections focus on retention, legal basis, data location, re-identification risk, DPIA or PIA evidence, privacy breach response, consent notices, high-risk processing, cross-border transfer concerns, accountability, documented ownership, and defensible review notes.

Currently at: AI Ethics: Data & Decisions

How was the data collected that was used to train the model? Is any one source of data over-represented?

Rationale

Understanding the data collection methodology is essential to assess the diversity and representativeness of the dataset.

Is there any bias arising from the data collection methodology used?

Rationale

Identifying potential biases from the outset helps mitigate risks related to model performance across different groups.

How do you determine if there is bias in the data?

Rationale

Evaluating personal data against immutable characteristics ensures identification and eradication of bias is formalized.

Is there any potential for automated decision making (ADM) as defined under GDPR that could impact a human?

Rationale

Identifies ADM systems that significantly affect individuals, requiring additional regulatory compliance.

Data remains local to your session.

AI review guidance

Use the questionnaire with a clear AI vendor risk decision.

The exported answers are most useful when they connect to an approval decision, evidence request, or remediation plan. Use the supporting GreenHat guides to decide which AI security gaps matter before an AI tool becomes part of a sensitive workflow.

AI security questionnaire guide

Review the AI vendor risk questions that should sit behind an approval, exception, or blocker.

Agentic AI security guidance

Map identity, delegated access, clone governance, and human approval boundaries before deployment.