CYBERSECURITY AND DFIR

Cyber/AI Convergence Risk Mapper.

Additional page sections

Maps where an AI system changes cyber dependencies, identities, data flows and incident-response paths.

Version 1.2 Prototype Protected engine AI-cyber dependency map
PURPOSE

Decision supported.

Maps where an AI system changes cyber dependencies, identities, data flows and incident-response paths.

Intended user

research, assurance and technical review teams

Output status

Preliminary outputHuman review requiredNot certification
USE CASES

Where this instrument fits.

  • Review AI systems with cybersecurity teams
  • Find AI-created attack paths
  • Adjust incident response for AI-enabled workflows
  • Identify logging gaps for AI integrations
INPUTS

Required input fields.

  • AI use case (required)
  • Connected systems (required): No connected systems, Read-only integrations, Workflow updates, External action channels
  • Identity model (required): Scoped service identity, Shared or broad identity, User-delegated identity
  • Data sensitivity (required): Public, Internal, Sensitive, Regulated
  • Monitoring (required): Weak or unknown, Partial, Strong and evidenced
  • Incident response integration (required): Weak or unknown, Partial, Strong and evidenced

Data handling: this interface uses the L2ET protected same-origin instrument engine. Do not enter confidential, regulated, privileged, incident, medical or sensitive operational data.

METHOD

Permission Graph logic.

Maps system connections, identities, data flows and monitoring into AI-cyber dependency nodes and prioritizes control gaps.

Source families

secure architectureAI system securityincident response integration

Assumptions

  • The map depends on a complete description of integrations.
  • Threat paths are illustrative and defensive.
  • Identity enforcement must be validated separately.
INTERACTIVE INSTRUMENT

AI-cyber dependency map.

Use the controls below to generate a preliminary artifact. The output is intentionally bounded and requires human review.

OUTPUT ARTIFACT

AI-cyber dependency map.

The generated artifact includes findings, assumptions, limitations, recommended next actions and exportable structured output.

Export options

Copy outputMarkdownJSON
EXAMPLE

Example input and output.

Example input

Copilot with CRM read access using user-delegated identity and partial monitoring.

Example output

Outputs AI-cyber dependency map, logging gaps, identity concerns and response-process adjustments.

LIMITATIONS

What this tool does not do.

  • Does not enumerate live systems.
  • Does not perform attack simulation.
  • Does not generate exploit paths.

This instrument does not provide legal, medical, cryptographic, engineering, regulatory or compliance certification.

RELATED METHOD

Method and workflow links.

Read the family method note for assumptions, output artifacts, update policy and review boundaries.

Open methodology Open family

RELATED TOOLS

Suggested workflow sequence.

DFIR Evidence Map Builder

Builds an evidence source matrix and investigation sequence for a selected incident scenario.

open instrument →

KEV Exposure Triage Tool

Prioritizes review of a known-exploited vulnerability using user-entered exposure, asset criticality and compensating controls.

open instrument →

Cyber Resilience Control Mapper

Maps a disruption scenario to controls, telemetry, recovery evidence and test cadence.

open instrument →
CHANGELOG

Version history.

  • v1.2 - Research-grade instrument template, method notes, assumptions, limitations, example and export actions added.
  • Last updated: 2026-05-27.
  • Maturity state: Prototype.