FAIR risk methodology for AI governance.
KoraSafe™ adaptive risk scoring adapts the FAIR Institute Factor Analysis of Information Risk standard (v3.0, January 2025) for AI governance. Seven FAIR factors are estimated from AI fleet telemetry, control gaps, finding density, jurisdiction exposure, and sector baselines. Annualized loss exposure is computed via triangular distribution sampling.
How adaptive risk is scored today
Every registered AI system gets a daily score from 0 to 100. Open finding severity, control coverage, autonomy level, and enforcement signals combine into a single composite. It writes to risk_system_scores.score and powers the leaderboard at /risk. Customers see this score in every band view (low, medium, high, critical) and in board exports.
Every org sees the 0-100 band, regardless of feature flags. v1 is the canonical leaderboard score.
Quantified loss with FAIR Monte Carlo
v2 adds quantified annualized loss on top of the 0-100 band. Three stages produce the v2 number:
- Bayesian posteriors. Each finding and control event updates per-factor priors. Posteriors learn org-specific signals over time rather than relying on sector baselines alone.
- Factor decomposition. Signals split into seven FAIR factors: threat event frequency, vulnerability, loss event frequency, primary loss magnitude, secondary loss event frequency, secondary loss magnitude, and annualized loss exposure.
- Monte Carlo sampling. A 10,000-trial run samples the factor distributions and produces p5, p50, and p95 annualized loss percentiles plus a histogram of bucketed outcomes.
Results write to risk_fair_assessments with a model version tag, factor estimates, and simulation bins. They surface on /risk and the per-system detail page when present.
When you'll see v2 data
v1 stays visible everywhere. v2 surfaces inside the existing risk views when two conditions hold:
- Your org has the
adaptive_risk_v2feature flag enabled. - A normalized FAIR assessment exists for the system in the platform's audit-grade tables.
When both hold, the leaderboard adds a small v2 indicator on the row, the system detail page shows FAIR factor decomposition from the normalized record, and the Monte Carlo simulation viewer reads from normalized simulation bins. When either condition fails, the UI degrades to the v1 score plus the JSON snapshot that the daily scoring run already produces. No org loses v1 visibility, and no surface goes blank.
What annualized loss means
Annualized loss is the modeled financial exposure for one system over one year, expressed in US dollars. Integer cents are stored internally and display renders dollars, so rounding is deterministic.
Three percentile bands quantify the uncertainty rather than collapsing the model into a single point estimate:
- p5 marks a low-tail scenario where most controls hold and findings stay contained.
- p50 marks the median expected exposure for the next year.
- p95 marks a stress scenario where finding pressure rises and control gaps widen.
Each assessment carries a model version tag. Older snapshots stay interpretable when the model updates, and the version surfaces on every system detail page alongside the loss bands.
Annualized loss is a model estimate. It reflects the FAIR model applied to AI governance signals available in the platform and is not a legal, audit, or actuarial financial opinion.
Base methodology
The adaptive risk model is based on the FAIR Institute Factor Analysis of Information Risk Standard v3.0 (January 2025). FAIR provides a structured quantitative risk model with defined factor decomposition, probability estimation, and financial exposure quantification. KoraSafe™ extends FAIR with AI-specific inputs: regulatory exposure, autonomy level, shadow AI signal, finding pressure, and sector telemetry baselines.
Reference: FAIR Institute, Factor Analysis of Information Risk Standard v3.0, January 2025. Model version in use: adaptive risk scoring.
Factor decomposition
| Factor | Key | Unit | AI governance mapping |
|---|---|---|---|
| Threat event frequency (TEF) | threat_event_frequency |
events/year | Estimated from regulatory exposure count, sector threat model baseline, and open finding count. Confidence: medium if regulatory exposure or findings present, else low. |
| Vulnerability (V) | vulnerability |
probability 0–1 | Mapped from control gap ratio, finding density pressure, and risk class multiplier lift. Clamped to [0, 1]. |
| Loss event frequency (LEF) | loss_event_frequency |
events/year | Derived: TEF × vulnerability. |
| Primary loss magnitude (PLM) | primary_loss_magnitude |
USD (cents) | Direct response cost: sector baseline × criticality × control gap multiplier × finding pressure multiplier. |
| Secondary loss event frequency (SLEF) | secondary_loss_event_frequency |
probability 0–1 | Probability that primary loss triggers follow-on external loss (regulatory penalty, customer churn, reputational harm). Base 8% + jurisdiction lift + sensitive data lift + finding lift. |
| Secondary loss magnitude (SLM) | secondary_loss_magnitude |
USD (cents) | Regulatory, customer, and partner impact: sector baseline × criticality × jurisdiction multiplier × finding pressure multiplier. |
| Annualized loss exposure (ALE) | annualized_loss_exposure |
USD/year (cents) | Full expected annual financial exposure: LEF × (PLM + SLEF × SLM). Sampled via triangular distribution for uncertainty quantification. |
Estimation formulas for each factor
Threat event frequency (TEF)
Vulnerability (V)
Secondary loss event frequency (SLEF)
Annualized loss exposure (ALE)
Sector-specific threat and loss anchors
| Sector | TEF baseline | Threat multiplier | Primary loss baseline | Secondary loss baseline |
|---|---|---|---|---|
| Financial | 1.8 events/yr | 1.35× | $120k | $480k |
| Healthcare | 1.6 events/yr | 1.30× | $160k | $520k |
| Insurance | 1.4 events/yr | 1.20× | $110k | $360k |
| HR | 1.2 events/yr | 1.15× | $90k | $300k |
| Default (all others) | 1.0 events/yr | 1.00× | $80k | $240k |
Baselines are anchored to sector threat intelligence and regulatory enforcement history. They are reviewed when major regulatory changes occur or when KoraSafe™ fleet telemetry shows systematic sector-level shifts.
Control status and finding severity weights
Both vulnerability and loss magnitude calculations use weighted inputs based on control status and finding severity.
Control status weights (for gap calculation)
| Status | Weight |
|---|---|
| Failed | 1.00 |
| Open | 0.85 |
| Not started | 0.75 |
| In progress | 0.45 |
| Pending / Exception | 0.40–0.45 |
| Satisfied / Approved / Implemented | 0.08 |
| Not applicable | 0.00 |
Finding severity weights (for finding pressure)
| Severity | Weight |
|---|---|
| Critical | 1.00 |
| High | 0.75 |
| Medium | 0.35 |
| Low | 0.12 |
| Info | 0.04 |
Uncertainty quantification via triangular distribution
Each FAIR factor is sampled as a triangular distribution (low, mode, high) rather than a point estimate. This reflects uncertainty in the inputs while remaining computationally tractable. The spread is sector-specific (0.35–0.75 depending on factor type) and generates a distribution of ALE values rather than a single number.
The reported ALE is the mean of the sampled distribution. The platform also exposes the p10 and p90 values for planning and scenario analysis.
A full Monte Carlo simulation is available for systems above a risk threshold. It runs N iterations over the full factor tree and returns a distribution of annualized loss exposure values with percentile bands.
How risk class affects vulnerability and loss
| Risk class | Multiplier |
|---|---|
| Critical / Prohibited | 1.5× |
| High | 1.3× |
| Medium / Limited | 1.05× |
| Low / Minimal | 0.85× |
| Default | 1.0× |
Model boundaries
- ALE is a model estimate, not a legal or actuarial financial opinion. It reflects the structure of the FAIR model applied to AI governance signals available in the platform.
- Sector baselines are review-anchored to known enforcement data. Organizations in sectors not explicitly listed use the default baseline, which may understate or overstate exposure.
- Vulnerability estimation depends on the completeness of the control registry and finding pipeline. Systems with low ingestion coverage will have lower finding pressure inputs, which underestimates vulnerability.
- Secondary loss magnitude does not model reputational harm with precision. Jurisdiction count and sensitive data presence are proxies, not actuarial inputs.
Published by: KoraSafe™ Research
Base standard: FAIR Institute, Factor Analysis of Information Risk Standard v3.0, January 2025
Last reviewed: 2026 Q2
Applies to: KoraSafe™ platform adaptive risk scoring