AIVSS-SSVC Calculator

Computes the numeric risk score and selects Defer, Scheduled, Out-of-Cycle, or Immediate from the SSVC decision matrix using threat level, agent level, and systemic impact.

Inputs

Outcome is matrix-based

Set exploitation state, vulnerability posture, and systemic impact, then score the ten capability factors. The page computes category averages, classifies the agent level, calculates the numeric score, and maps the qualitative triple to the SSVC outcome.

P(Threat) — exploitation state

None: no evidence and no public PoC. Public PoC: known method exists. Active: reliable in-the-wild exploitation.

P(Vulnerability) — exploit success probability

Maps your control posture across the ten agent weakness categories to a probability for exploit success.

Impact — systemic consequence

Contained: limited blast radius. Significant: major business function disruption. Critical: existential or safety-critical.

Exposure: 10 Capability Factors (1–5)

Category A averages factors 1–4, Category B averages factors 5–7, and Category C averages factors 8–10. Mixed-score rules classify Copilot (2×), Specialist (4×), or Prime Mover (8×).

Live update
Factor Category Score

The JSON includes inputs and computed values for integration into internal tooling without changing decision semantics.

Results

Likelihood × Exposure × Impact

Likelihood

P(Threat) × P(Vulnerability)

Risk Score

Likelihood × Exposure × Impact

Agent Level

Exposure multiplier

Category A / B / C Averages

Execution / Environment / Predictability

Remediation Outcome

The score supports prioritization and tracking. The outcome is selected by the decision matrix using threat level, agent level, and systemic impact.