RED: Elevated exposure
Engineering
Builder
James has the highest individual risk profile in the organisation. He is using three AI platforms, including an unmanaged consumer ChatGPT account, and has exposed customer-facing URLs in prototype previews. Four prototypes logged, two rated Red. Immediate intervention recommended.
AI connections
Vercel
managed
OpenAI API
managed
ChatGPT consumer
shadow
The shadow ChatGPT account is not visible to the organisation's identity provider. Prompt exports from this account cannot be audited.
Exposure summary
Prototypes
4
2 Red · 1 Amber · 1 Green
Customer URLs
3
exposed in previews
Prompt exports
28
unaudited shadow exports
Days active
64
in last 90 days
Prototypes
Key findings
Critical
Customer URLs exposed in prototype previews
3 production customer URLs included in shareable Vercel preview links. Accessible without authentication. GDPR Article 32 exposure.
Critical
Shadow AI account outside identity provider
Consumer ChatGPT account not registered with Entra ID. 28 prompt exports unauditable. Cannot be governed or monitored by the organisation.
High
Brand tokens not applied across 3 prototypes
Primary colour and font stack deviate from the approved baseline. Inconsistent external-facing experience across Acme's AI surfaces.
Recent activity
18 Mar 2026
Customer Onboarding AI re-scored after Vercel deploy, still RED. Critical finding unresolved.
12 Mar 2026
Customer Onboarding AI logged from Vercel deployment history. 2 critical findings flagged.
28 Feb 2026
Sales Forecasting Tool logged. Customer data in preview URL detected, rated RED.
14 Feb 2026
Internal FAQ Bot flagged via ChatGPT consumer activity. Shadow account identified for the first time.
03 Jan 2026
Slack Standup Summariser logged and rated GREEN. Compliant with brand and data baseline.