Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
AI Manager
My AI Systems
AI System Details Ov...
AI System Details Overview

Introduction

The AI System Details page provides a comprehensive view of a single AI System within the Cranium platform. After selecting an AI System from My AI Systems, users are brought to this page to explore and manage the system's context, governance, artifacts, and risks.

The page is organized into five tabs - OverviewPublished AI CardsVulnerability Assessment, Governance, and Settings - each designed to surface a specific layer of information about the AI System. Together, these tabs help organizations track compliance, enrich documentation, and monitor security signals with precision. This article provides an overview of each tab and the type of information and actions available within them.

Tabs Overview

AI System Overview

The AI System Overview tab offers a quick summary of an AI System's type, description, and owner, aiding system management and collaboration. It displays core system details and provides artifact overview cards for all attached Bills of Materials, Compliance Frameworks, Vulnerability Reports, and Documents.

Published AI Cards

The Published AI Cards tab displays all AI Cards that have been published for this AI System, showing the AI Card name, AI System name, and publication date for each card. This tab also indicates when published AI Cards are out of sync with their source BOM and provides options to update individual cards or all out-of-sync cards in bulk.

Vulnerability Assessment

The Vulnerability Assessment tab provides a detailed overview of AI system vulnerabilities, similar to Bills of Materials. Users can scan, update, and download reports as PDFs for tracking and communication.

Governance Information

The AI System Governance tab allows you to manage governance and compliance for the AI system, consisting of four subsections: System Information, Values, Data, and Governance Contact. This tab centralizes critical governance data to provide a structured overview of compliance and oversight activities related to the AI system.

AI System Settings

In the AI System Settings tab, users can update essential details like the AI System Name, Description, and Owner. These fields ensure proper identification and attribution, streamlining management workflows and maintaining accuracy.

AI System Overview

The Overview tab is a vital introduction to the AI System's core components and context. It details the system's name, owner, and description, as well as the latest publication date and time.

This section provides key system details and displays summary cards for all artifacts attached to the AI System. Users can export system information or initiate new AI Card publications directly from this view. The artifact cards allow you to review, perform actions, or add new artifacts to enhance documentation and ensure compliance with evolving standards.

The Overview tab is crucial for understanding an AI System's state and context. It streamlines management, promotes collaboration, and provides compliance and security insights.


AI System Details

The AI System Overview provides a comprehensive look at the system's core details. AI Systems in the Cranium platform serve as containers for the artifacts that represent their functionality, compliance, and security. Key information includes the system's name, owner, description, and the date and time of its most recent publication.

  • Owner: The system owner ensures compliance with governance, security, and regulatory standards in Cranium, maintaining documentation, monitoring risks, and acting as the primary contact.
  • Description: A concise AI system description should include its purpose, functionality, scope, limitations, and intended audience to ensure clarity and alignment with stakeholder expectations.

Artifact Overview

The artifact overview features identical artifact summary cards to those in the My AI Systems List, including:

  • Bills of Materials: Shows the most recent scan status and BOM details
  • Compliance Frameworks: Displays compliance framework status and scores
  • Vulnerability Reports: Highlights identified security risks
  • Documents: Provides access to supporting documentation

Users can review, perform actions, or add new artifacts to enhance documentation and ensure compliance with evolving standards.

Key Actions & Functionality

Add Artifacts

The Add Artifacts button allows you to select Compliance Frameworks, Bills of Materials, and Documentation to attach to the AI System.

Remove Artifacts

The 3-dot menu for each artifact includes the option to remove the selected artifact from the AI System. For Bills of Materials and Documentation, the artifact is removed from the system but not permanently deleted. You can still find the removed BOM or document in the Bill of Materials List and Document Library, respectively. For Compliance Frameworks and Vulnerability Reports, the artifact is removed and permanently deleted in the platform.

View Artifacts

The 3-dot menus for Bills of Materials and Compliance Frameworks include the option to "View Details" for the selected artifact. For Bills of Materials, this option will display the BOM inventory page. For Compliance Frameworks, this option opens the framework editor, where you can review, edit, and score your responses.

Download Artifacts

The 3-dot menus for Vulnerability Reports and Documentation include the option to download the selected artifact from the AI System. Vulnerability Reports can be downloaded in PDF format. Compliance Framework PDF exports include an executive summary page showing section scores without detailed questions and answers. The summary appears first in the PDF, followed by the complete framework details.

Export to PDF

Download a PDF summary of the AI System details, governance information, and models.

Publish New AI Card

Initiate AI Card publication to share the system with external organization.

Published AI Cards

The Published AI Cards tab displays all AI Cards that have been published for this AI System. Each entry shows the AI Card name, the AI System name, and the date the card was published. This tab provides a complete history of transparency documentation shared externally for this system, along with controls to keep published AI Cards aligned with the current state of their source BOM.

Out of Sync Status

An AI Card becomes out of sync when its associated BOM has been edited or rescanned since the card was published. The card displays an Out of Sync status with an Update button. When all published AI Cards on this tab are in sync with their source BOMs, the status updates and review controls do not appear.

Update an Individual AI Card

Click the Update button on an out-of-sync AI Card to open the Update [Card Name] to Latest Version modal. The modal lists each Bill of Materials contained in the card, with separate Models and Technologies sections under each. Changes are color-coded according to the legend at the top of the modal:

  • Net New Item (blue) indicates a component added to the BOM since publication.
  • Item Removed (red) indicates a component removed from the BOM.
  • Attribute Changed (purple) indicates a component whose attributes have changed.

Review the changes and click Confirm Update to synchronize the AI Card with the current BOM, or click Cancel to close the modal without updating.

Update All Out of Sync Cards

When two or more AI Cards on the tab are out of sync, an Update all Out of Sync Cards button appears at the top of the tab with a count of out-of-sync cards in parentheses. Click the button to open a confirmation prompt and then click Confirm to update all out-of-sync cards at once. This bulk action skips the change review modal. To review changes before updating, use the Update button on individual cards instead.

Vulnerability Assessment

The Vulnerability Assessment tab provides detailed insight into the vulnerabilities associated with the AI system. This page mirrors the structure used for Bills of Materials, allowing users to view a comprehensive overview of discovered vulnerabilities across models, technologies, and other security findings. The vulnerability count displayed in the header reflects the total number of vulnerabilities across all categories combined.

Model vulnerabilities are displayed with Attack Success Rate calculations and severity bin classifications at the attack category level, providing quantitative risk metrics directly in the assessment. Technology vulnerabilities include detailed information in a comprehensive table format, displaying the source package, detection date, vulnerability description, CVSS score, severity classification, security identifier (such as CVE numbers), affected version, and available actions for each vulnerability. This detailed view helps you understand exactly which versions are exploitable and plan appropriate upgrades and remediation efforts.

Once vulnerabilities are addressed, you can rerun scans to generate updated vulnerability reports. The assessment allows you to generate, publish, or download these reports as PDF documents, making it easy to track progress and share findings with stakeholders. You can also manage the lifecycle of model vulnerabilities by closing or ignoring them with documented attestations that create an audit trail for compliance purposes.

Artifact Selector

Vulnerability Assessments are generated based on Bills of Materials created with CodeSensor. If the AI System has more than one BOM attached to it, then you will need to select the BOM from the Artifact Selector to view its Vulnerability Assessment. Otherwise, this page will automatically display the system's only Vulnerability Assessment.

Vulnerability Assessment Results

The Vulnerability Assessment results are structured like a Bill of Materials, categorizing vulnerabilities by models, datasets, infrastructure, technologies, and other vulnerabilities. Within the Models tab, you can expand individual models to view their attack categories as distinct vulnerabilities, each displaying its own Attack Success Rate and severity classification. Technology vulnerabilities display in a detailed table format showing the source package, detection date, description, CVSS score, severity classification, security identifier, affected version, and available actions. Other vulnerabilities display security findings detected through automated code analysis in a table format showing the source file, vulnerability type, file path, detected pattern, and severity level. This comprehensive information helps you understand exactly which versions are exploitable, assess risk levels, and plan appropriate upgrades and remediation strategies.

Managing Vulnerabilities

Security teams can close or ignore individual vulnerabilities based on remediation strategy. Closing a vulnerability indicates it has been remediated, while ignoring acknowledges the risk but documents a decision not to address it at this time. Both actions require a free-text justification explaining your remediation steps or risk acceptance rationale, and the platform tracks which user performed each action for audit purposes. Vulnerability likelihood scores automatically recalculate when vulnerabilities are closed or ignored. Note that close and ignore actions are not available for Other Vulnerabilities, which are informational findings only.

Please note that vulnerability status is not persistent across rescans. When a rescan detects changes, all manual close and ignore indicators reset to default status and must be reapplied. The Resolved Vulnerabilities view provides access to previously closed or ignored vulnerabilities for auditing and restoration if needed.

Key Actions & Functionality

Artifact Selector

The Artifact Selector enables the selection of Bills of Materials to display Vulnerability Assessments.

View in Arena

If a model has been tested in the AI Arena, then its penetration test results will also appear in the vulnerability assessment. You can use the View in Arena button in link column to view the threat details.

Close Vulnerability

Close a model vulnerability to indicate it has been remediated. This action requires a justification documenting your remediation steps and creates an auditable record with user attribution.

Ignore Vulnerability

Ignore a model vulnerability to acknowledge the risk while documenting a decision not to address it at this time. This action requires a justification explaining your risk acceptance rationale and creates an auditable record with user attribution.

View Resolved Vulnerabilities

Access the Resolved Vulnerabilities view to audit previously closed or ignored vulnerabilities and restore them to active status if circumstances change.

Generate Report

At the top right of this page is the Generate Report button; clicking this button will generate a PDF report of the selected vulnerability assessment and add it to the AI System as an artifact. The Vulnerability Report includes the models and technologies information from the vulnerability assessment with some extra information, like CVSS scores for technologies and a table breakdown of your models by type. Please not that Other Vulnerabilities are not included in the generated PDF report.

Governance Information

The AI System Governance tab facilitates the management of governance and compliance for AI systems. It comprises four subsections:

  • System Information
  • Values
  • Data
  • Governance Contact

This tab ensures the AI system's purpose and intended use are explicitly defined, aligning its functionality with organizational goals and regulatory standards.

System Information

In the System Information section, you can modify the AI System's purpose, initial deployment date, last update date, and next planned update.

  • Purpose: Defined objective or intended application of the AI System.
  • Date of Initial Deployment: The date the AI System was first operational.
  • Last Updated: The most recent modification date of the AI System.
  • Next Regular Update: Scheduled date for the upcoming update of the AI System.

Values

The Values section is where you can update the AI system's value statement and provide a link to the organization's overarching values. The value statement helps align the system's goals with organizational principles.

  • Value Statement: A declaration of the organization's guiding principles and core values related to the AI System.
  • Link to Organizational Values: A URL or reference linking to the publicly available organizational values that guide the AI System's development and operation.

Data

In the Data section, users can document the data-related details of the system, such as any protected variables, the source of data (e.g., proprietary or open-source), and the levels of protection applied to the data.

  • Description: An overview of the data used by the AI system, including any sensitive or protected variables (e.g., gender, age).
  • Data Provenance: The original sources of the data (e.g., proprietary data, internal data, private data, open-source data, public data).
  • Data Protection: The levels of data protection applied (e.g., PII, PNII, financial and credit information, intellectual property, sensitive personal information, nonpublic personal information, material nonpublic information, classified information).

Governance Contact

The contact details of the individual responsible for governance oversight can be edited in the Governance Contact section, including the name, email, and title of the governance contact.

  • Contact Name: The name of the governance contact for the AI System.
  • Contact Email: The email address of the governance contact.
  • Position: The role or title of the governance contact within the organization.

AI System Settings

The AI System Settings tab equips users to manage and update foundational AI System details effectively. In this tab, users can update key system details, including the AI system name, description, and owner. These fields ensure proper system identification and attribution to the correct team or individual. Be sure to click the Save Changes button to save and edits made to these fields. If you navigate to another tab without saving, you will lose your changes.

Did this answer your question?
Related Articles
Accessing a Vulnerability Assessment
Publishing an AI Card Without a Request
Managing Outgoing AI Card Requests
Compliance Scoring
Responding to an AI Card Request
AI Arena Overview
My AI Systems Overview
Supply Chain Overview
AgentSensor Overview
Bill of Materials Overview
Adding a New AI System
Compliance Agent [Beta]
Self-Attest to a Bill of Materials
Document Library Overview