Sample · illustrative
A simplified, illustrative example for a fictional support automation. Your real map is specific to your system — this shows the shape of the deliverable.
One-page executive summary
“SupportCopilot” is an internal automation that drafts replies to customer tickets using an LLM over your help-center content. It touches customer data, your orders API, and Slack. The biggest risks are an over-broad API credential and unredacted PII reaching the model. None are blockers to launch, but two High items should be fixed first. Recommended next step: remediate the two High findings, then a focused re-check.
Users
Support team (12), 2 external contractors
Data
Customer tickets, order history, partial PII
Integrations
Zendesk, internal orders API, Slack
AI
LLM + RAG over a help-center index
Credentials
Shared API key, broad read scope
The automation uses one shared key with read access well beyond what the workflow needs. Scope it down and rotate.
Customer records flow into the prompt with no redaction. Add field-level filtering before retrieval.
The agent can post to Slack and update tickets without review. Add an approval step for state-changing actions.
Prompts and tool calls aren't logged, making incidents hard to reconstruct. Add structured logging.
Recommended next step: fix the two High findings (scope the credential, redact PII before retrieval), then a focused re-check. No full audit needed yet.
A $1,499 Mini AI Risk Map gives you this clarity for one real app, workflow, or automation.