App
Copilots and user-facing AI experiences — the support copilot here, the onboarding assistant there. Shipped by different teams, on different timelines, with different controls.
- Customer-facing copilots
- Internal assistants
- Embedded vendor models
Most enterprises cannot produce a straight answer to a simple question: what AI is running right now, and who owns it? The systems are already live — a support copilot here, a pricing model there, an agent quietly calling internal APIs. They were shipped by different teams, on different timelines, with different controls.
What’s hidden is rarely the flagship model everyone reviewed. It’s the second copilot a team stood up last quarter. The agent that was a prototype and never got decommissioned. The vendor model embedded three layers down in a workflow. Each one makes decisions. None of them is on anyone’s list.
A list of AI systems tells you they exist. It does not tell you whether you can stand behind them.
Two systems can sit on the same inventory line and carry completely different exposure. One validates its outputs, logs every decision, and has a human override. The other does none of that — same line, same label, entirely different risk. A spreadsheet flattens that difference. Sign-off depends on it.
Exposure lives in the questions an inventory never asks: Is the output checked before it reaches a customer? Is there a record of why the system did what it did? Can a person stop it? Has anyone tested how it fails?
AI exposure doesn’t live in one box. The Snapshot surfaces what’s running in all three places it acts — the app people touch, the agent that acts, and the data underneath both.
The AI Exposure Snapshot maps every AI system against the dimensions that determine whether it can be approved.
Systems, agents, workflows, data flows — and their owners.
Whether responses are checked before they act.
Whether decisions are recorded and explainable.
Whether a person can intervene on a critical action.
Whether behaviour is watched in production.
Whether failure modes have been probed.
The Snapshot is a diagnostic, not an endpoint. It tells you where you stand. The AI Sign-Off Program is how you close the gaps it finds — validation, controls, monitoring, evidence — until every system on the “cannot sign off” list moves to “approved.”
Exposure is the question. Sign-off is the answer.
Scoped to your environment. We price after we understand your exposure — not before.
Talk to Qapitol for a quote →