Find out if your teamcatches the AI mistakes.
Six short drills on the everyday ways AI use goes wrong — pasting client data into a public tool, leaking a secret, shadow AI, a hallucinated fact, prompt injection, an over-scoped connector. Mark recognition and action, get a SAFE / RISKY / UNSAFE verdict per drill and a DRILLED / UNEVEN / RAW score for the team.
Most AI security training tells; it doesn't test.
One client list dropped into a public chatbot can be retained, trained on, or exposed — and the data was regulated.
Teams adopt unvetted tools faster than security can review them, feeding real data to tools with no DPA.
A team that scores 90% on AI safety is still breached through the one drill it failed. The weakest link is the score.
Mark two things per drill. The weakest drill sets the team verdict.
Mark each drill 0–5 · recognition then action
It scores the drills, not people. Recognition gates action — the weaker mark caps each drill, and the weakest drill sets the team band. An educational hygiene check; confirm your data-handling rules with your security or compliance owner. Not legal advice.
A team that looks fine on average is RAW because of one drill.
AI SECURITY & SAFE-USE DRILLS — TEAM RESULT
====================================================
S1 Pasting client PII into a public AI tool [REGULATED]
recognition 1/5 action 2/5 -> 20/100 UNSAFE
S2 Prompt-leaking a secret or credential
recognition 5/5 action 5/5 -> 100/100 SAFE
S3 Shadow AI — an unsanctioned tool on company data
recognition 4/5 action 4/5 -> 80/100 SAFE
S4 Publishing an unverified AI-generated fact
recognition 5/5 action 4/5 -> 80/100 SAFE
S5 Prompt injection from pasted/third-party content
recognition 4/5 action 5/5 -> 80/100 SAFE
S6 Over-permissioned AI connector / agent scope [REGULATED]
recognition 5/5 action 4/5 -> 80/100 SAFE
----------------------------------------------------
Weakest scenario (headline): 20/100 team mean 73/100 (context only)
GATE FIRED — regulated-exfil: S1 UNSAFE on regulated data
TEAM VERDICT: RAW
Re-run first: S1 Pasting client PII into a public AI tool (20/100)Five of six drills are SAFE and the team averages 73 — but one regulated drill was missed. The weakest-drill headline and the regulated-data gate both land on the same answer: RAW, re-run S1 first. The same numbers come out of the workbook and the demo.
Three operating principles the scoring enforces.
Recognition gates action
Each drill scores by the weaker of two marks — you can’t respond safely to a threat you never spotted. A strong action can’t rescue a missed recognition.
The weakest drill is the verdict
The team band is your single lowest drill, not the average. One UNSAFE drill means the team isn’t DRILLED — the mean is context only.
Regulated data is non-negotiable
Any regulated drill answered UNSAFE forces the team to RAW on its own. A wrong answer that would expose regulated data is disqualifying.
A drill scorecard, not a surveillance tool or a security audit.
- A repeatable drill you run with your team and mark by hand.
- An honest readiness signal: the weakest drill, with a hard regulated-data gate.
- A runnable scorer + workbook that agree, plus an answer-key playbook.
- A teaching tool — brief the team on the right answer and re-test.
- Not a score of individual people, and not for any employment decision.
- Not monitoring — it reads marks you enter, not real activity.
- Not a security audit of your systems, tools, or accounts.
- Not legal advice.
An educational drill, not an audit. It scores a team's recognition and response on sample drills you enter — it does not score, rank, or assess individual people, monitor activity, or audit your systems. Confirm your actual data-handling rules with your security or compliance owner. Not legal advice.
Anyone responsible for a team that now uses AI every day.
- — Founders and ops leads rolling AI out across a small team.
- — Security and IT owners who need a recurring, low-lift readiness check.
- — Agencies and firms handling client data on AI tools.
- — Team leads onboarding new hires to safe AI use.
- — Anyone who's seen a near-miss and wants it not to repeat.
- — Not a fit if you need an audited assessment of individuals or systems.
Run the drill, then close the gaps it surfaces.
Check a document for exposure before you share it — CLEAR / REDACT FIRST / DO NOT SHARE.
ViewRun 15 OWASP-mapped injection probes against your own LLM app and gate CI.
ViewSix editable policy templates for the moment an auditor or insurer asks.
ViewStraight answers before you buy.
Don't guess if your team is ready.
Drill it.
One purchase, lifetime access, 12 months of updates. $79, once.
An educational drill, not an audit. It scores a team's recognition and response on sample drills you enter — it does not score, rank, or assess individual people, monitor activity, or audit your systems. Confirm your actual data-handling rules with your security or compliance owner. Not legal advice.
Sold by RedHub AI LLC · Secured by Stripe · redhub.ai