Scan Result

Overview

When GET /v1/scans/{id} returns "status": "completed", the response includes a result object. This is the stable, public representation of a completed risk scan. It contains three top-level blocks: enrichment, risk_assessment, and matched_incidents.

Full schema

{
  "id": "scn_01hx7m2d3e4f5g6h7j8k9l0mn",
  "status": "completed",
  "created_at": "2026-04-03T09:00:00Z",
  "completed_at": "2026-04-03T09:01:12Z",
  "company": {
    "name": "Acme AI Ltd",
    "website": "https://acme.ai"
  },
  "result": {
    "enrichment": {
      "industry_sector": "Technology",
      "revenue_band": "$10M–$50M",
      "revenue_model": "SaaS: annual subscription per insurer client",
      "business_operations": "Acme AI provides automated claims processing software for P&C insurers, using machine learning to assess claim validity and recommend payouts. The company operates entirely B2B, with 12 insurer clients as of 2025.",
      "product_category": "Insurance Technology (Insurtech)",
      "product_details": "Core product is a cloud-based claims management platform. Ingests photos, documents, and structured data. Outputs a claim decision (approve / deny / escalate) with a confidence score.",
      "ai_in_product": "A computer vision model assesses vehicle and property damage from photos. A large language model extracts structured facts from claim documents and medical reports. Both models operate autonomously on claims below £10,000.",
      "number_of_users": 40000
    },
    "risk_assessment": {
      "overall_risk_level": "High",
      "ai_intensity": {
        "score": 4,
        "label": "Autonomous Core",
        "rationale": "AI models make final claim decisions without human involvement for the majority of cases. The product cannot function without the AI component."
      },
      "autonomy": {
        "score": 3,
        "label": "Fully Autonomous",
        "rationale": "Claims under £10,000 are approved or denied automatically. No human is in the loop for ~85% of transactions."
      },
      "domain_risk": {
        "score": 3,
        "label": "High",
        "rationale": "Insurance claims decisions have direct financial and legal consequences for policyholders. Erroneous denials could constitute unfair treatment under Consumer Duty."
      },
      "blast_radius": {
        "score": 2,
        "label": "Medium",
        "rationale": "Approximately 40,000 claimants per month are affected by the system's decisions. Failures would propagate across all 12 insurer clients simultaneously."
      },
      "data_content_ip_risk": {
        "score": 2,
        "label": "Medium",
        "rationale": "Processes sensitive PII including medical records, photographic evidence, and financial transaction data. A breach or model inversion attack could expose this data."
      },
      "control_governance": {
        "score": 2,
        "label": "Partial Controls",
        "rationale": "Human review applies only to claims above £10,000 (~15% of volume). No published model card or bias audit was identified."
      },
      "regulatory_exposure": "Subject to the EU AI Act (Annex III, high-risk: AI in insurance). UK FCA Consumer Duty applies to automated decision-making affecting consumers. Potential GDPR implications for automated profiling."
    },
    "matched_incidents": [
      {
        "description": "An automated claims denial system was found to have systematically denied legitimate claims from certain demographic groups due to biased training data. The insurer faced regulatory action and class-action litigation.",
        "year": 2023,
        "risk_domain": "Algorithmic Bias",
        "similarity_score": 0.91,
        "reference_urls": [
          "https://example.com/incident-report/ai-claims-bias-2023"
        ]
      },
      {
        "description": "A machine learning model used for fraud detection produced unexplainably high false-positive rates, causing legitimate claims to be flagged and delayed.",
        "year": 2022,
        "risk_domain": "Model Reliability",
        "similarity_score": 0.78,
        "reference_urls": [
          "https://example.com/incident-report/fraud-detection-fp-2022"
        ]
      }
    ],
    "data_freshness": {
      "sources_last_checked": "2026-04-03T09:01:00Z"
    }
  }
}

Field reference

`enrichment`

Field	Type	Description
`industry_sector`	string	Broad industry classification. See sectors.
`revenue_band`	string	Estimated annual revenue range. See revenue bands.
`revenue_model`	string	How the company generates revenue (e.g. SaaS, usage-based, marketplace).
`business_operations`	string	2–4 sentence summary of what the company does, who it serves, and how it operates.
`product_category`	string	Specific product type within the sector.
`product_details`	string	2–3 sentence description of the core product's mechanics and functionality.
`ai_in_product`	string	Description of how AI is integrated into the product: what models are used, what decisions they make, and at what level of autonomy.
`number_of_users`	integer	Estimated number of end users or customers interacting with the product.

`risk_assessment`

Field	Type	Description
`overall_risk_level`	string	Composite rating: `"Low"` / `"Medium"` / `"High"` / `"Very High"`.
`ai_intensity`	RiskDimension	Depth of AI integration. Score 0–4.
`autonomy`	RiskDimension	Degree of autonomous AI action. Score 0–3.
`domain_risk`	RiskDimension	Inherent risk of the operational domain. Score 0–3.
`blast_radius`	RiskDimension	Scale of potential harm if the AI fails. Score 0–3.
`data_content_ip_risk`	RiskDimension	Sensitivity of data processed. Score 0–3.
`control_governance`	RiskDimension	Strength of oversight and governance. Score 0–3.
`regulatory_exposure`	string	Free-text summary of applicable regulatory frameworks.

Each RiskDimension object has:

score (integer): numeric score within the dimension's range
label (string): human-readable label for the score
rationale (string): evidence-backed explanation for the score

See the Risk Score Glossary for detailed scoring rubrics.

`matched_incidents`

Array of historical AI incidents relevant to this company's profile. Each item has:

Field	Type	Description
`description`	string	Summary of the incident.
`year`	integer	Year the incident occurred.
`risk_domain`	string	Category of risk (e.g. "Algorithmic Bias", "Model Reliability").
`similarity_score`	float	Relevance score from 0 to 1. Higher means more similar to this company's profile.
`reference_urls`	string[]	Links to source reports or coverage.

See Matched Incidents for more detail.

`data_freshness`

Field	Type	Description
`sources_last_checked`	string	ISO 8601 timestamp of when the web research was conducted. Use this to determine how current the enrichment data is.

Industry sectors

Technology · Financial Services · Healthcare · Retail & E-commerce · Manufacturing · Legal & Professional Services · Media & Entertainment · Education · Real Estate · Transportation & Logistics · Energy & Utilities · Government & Public Sector

Revenue bands

< $1M · $1M–$10M · $10M–$50M · $50M–$200M · $200M–$1B · > $1B

Optional field: `field_citations`

If the scan was created with "include_field_citations": true, the enrichment block includes a field_citations object mapping each enrichment field to its source URLs:

"field_citations": {
  "business_operations": [
    "https://acme.ai/about",
    "https://techcrunch.com/2025/01/01/acme-ai-raises-series-b"
  ],
  "ai_in_product": [
    "https://acme.ai/technology",
    "https://acme.ai/blog/how-we-use-ai"
  ]
}

This field is omitted by default to keep responses concise. Enable it when you need a full audit trail of the sources used.

Scan Result

On this page