{
  "domain": "demo.aisecurity.llc",
  "company_name": "Demo Corp",
  "slug": "demo-corp",
  "published_at": "2026-06-01",
  "headline": {
    "label": "credible",
    "total_score": 72,
    "summary": "Demo Corp has a credible public AI trust surface with solid legal documentation and a public security practices page, but lacks an explicit AI usage policy and customer data training policy."
  },
  "scores": {
    "public_surface": 78,
    "ai_language": 65,
    "legal_clarity": 82,
    "security_trust": 74,
    "consistency": 68,
    "remediation_opportunity": 71
  },
  "maturity": [
    { "dimension_key": "public_surface", "label": "credible", "public_description": "Trust center and core legal docs are present and accessible." },
    { "dimension_key": "ai_language", "label": "emerging", "public_description": "Some AI-specific language appears in the privacy policy but no dedicated AI governance hub." },
    { "dimension_key": "legal_clarity", "label": "strong", "public_description": "Privacy policy, ToS, DPA, and subprocessors list are all present and up to date." },
    { "dimension_key": "security_trust", "label": "credible", "public_description": "Security practices page and vulnerability disclosure program are present." },
    { "dimension_key": "consistency", "label": "emerging", "public_description": "Messaging across trust center and marketing pages is mostly consistent with minor gaps." },
    { "dimension_key": "remediation_opportunity", "label": "credible", "public_description": "Three medium-priority gaps can be addressed with policy additions rather than infrastructure changes." }
  ],
  "observed_artifacts": [
    { "type": "trust_center", "present": true, "url": "https://demo.aisecurity.llc/trust" },
    { "type": "legal_hub", "present": true, "url": "https://demo.aisecurity.llc/legal" },
    { "type": "privacy_policy", "present": true, "url": "https://demo.aisecurity.llc/legal/privacy" },
    { "type": "terms_of_service", "present": true, "url": "https://demo.aisecurity.llc/legal/terms" },
    { "type": "cookie_policy", "present": true, "url": "https://demo.aisecurity.llc/legal/cookies" },
    { "type": "data_processing_addendum", "present": true, "url": "https://demo.aisecurity.llc/legal/dpa" },
    { "type": "subprocessors_list", "present": true, "url": "https://demo.aisecurity.llc/legal/subprocessors" },
    { "type": "ai_governance_hub", "present": false },
    { "type": "ai_usage_policy", "present": false },
    { "type": "customer_data_training_policy", "present": false },
    { "type": "security_practices_page", "present": true, "url": "https://demo.aisecurity.llc/security" },
    { "type": "secure_sdlc_page", "present": false },
    { "type": "vulnerability_disclosure", "present": true, "url": "https://demo.aisecurity.llc/security/disclosure" },
    { "type": "security_contact", "present": true, "url": "https://demo.aisecurity.llc/security#contact" },
    { "type": "methodology", "present": false },
    { "type": "public_report", "present": false },
    { "type": "third_party_security_certification", "present": true }
  ],
  "public_findings": [
    {
      "title": "No AI usage policy found",
      "severity": "high",
      "category": "ai_governance",
      "summary": "The organization uses AI features in its product but has not published an explicit AI usage policy describing what data is used, how models are trained, and customer opt-out rights.",
      "public_tip": "Publish an AI usage policy that covers data use, model training, and user rights. Link it from your privacy policy and product settings."
    },
    {
      "title": "Customer data training policy absent",
      "severity": "medium",
      "category": "ai_governance",
      "summary": "No policy was found addressing whether customer data is used to train or fine-tune AI models.",
      "public_tip": "Add a clear statement — even if the answer is 'no' — in your DPA or a standalone policy page."
    },
    {
      "title": "No secure SDLC page",
      "severity": "low",
      "category": "security_trust",
      "summary": "A security practices page is present but does not describe the secure software development lifecycle, code review process, or AI-specific testing practices.",
      "public_tip": "Add a brief Secure SDLC section to your security page covering threat modeling, code review, and penetration testing cadence."
    }
  ],
  "improvement_guidance": [
    {
      "title": "Publish an AI governance hub",
      "public_tip": "A dedicated AI governance page signals that AI safety is treated as a first-class concern. Include your usage policy, training policy, and responsible AI principles.",
      "recommended_artifacts": ["ai_governance_hub", "ai_usage_policy", "customer_data_training_policy"],
      "best_practice_refs": [
        { "key": "NIST-AI-RMF-1.0", "label": "NIST AI RMF 1.0 — Govern function" },
        { "key": "ISO-42001", "label": "ISO/IEC 42001 — AI management system" }
      ]
    },
    {
      "title": "Document your Secure SDLC",
      "public_tip": "Enterprise buyers increasingly require evidence of a documented secure development lifecycle before approving AI-powered tools. A one-page summary covering threat modeling, review gates, and pentest cadence is sufficient.",
      "recommended_artifacts": ["secure_sdlc_page"],
      "best_practice_refs": [
        { "key": "OWASP-SAMM", "label": "OWASP SAMM — Software Assurance Maturity Model" }
      ]
    }
  ],
  "methodology": {
    "engine_version": "1.0.0",
    "rules_version": "2026.06",
    "crawl_snapshot_date": "2026-06-01",
    "page_count": 24,
    "disclaimer": "Scores are based on publicly observable website signals. They reflect public trust surface quality, not internal security posture. Results may not reflect recent updates."
  }
}