AIRiskDB API Documentation
Asset Endpoints
Retrieve asset records, findings, AI-BOMs, and matched threats using the AIRiskDB asset endpoints.
Get the Asset
Retrieve the full asset record by fingerprint.
curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327" \
-H "Authorization: Bearer $RISKDB_API_KEY"Response:
{
"id": "aset_ed96896b57724069849e",
"object": "asset",
"created": 1775634081,
"updated": 1775634081,
"livemode": false,
"metadata": {
"benchmark_match_strategy": "exact",
"benchmark_matched": "true",
"benchmark_sources": "leaderboard.json,leaderboard_detail.json,message.txt",
"context_length": "131072",
"input_modalities": "text,image",
"max_completion_tokens": "8192",
"modality": "text+image->text",
"model_id": "google/gemma-3-4b-it",
"model_slug": "google/gemma-3-4b-it",
"output_modalities": "text",
"registry": "openrouter",
"tokenizer": "Gemini"
},
"fingerprint": "sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327",
"asset_type": "api_endpoint",
"name": "Google: Gemma 3 4B",
"source_url": "https://openrouter.ai/google/gemma-3-4b-it",
"enrichment_status": "enriched",
"enriched_at": 1775634081,
"enrichment_ttl": 1775720481,
"intrinsic_risk_score": 48,
"intrinsic_risk_severity": "medium",
"publisher_trust": "unknown_with_source",
"first_seen": 1775634073,
"last_seen": 1775634073,
"observation_count": 2,
"benchmark_summary": {
"matched": true,
"match_strategy": "exact",
"matched_key": "gemma-3-4b-it",
"sources": [
"leaderboard.json",
"leaderboard_detail.json",
"message.txt"
],
"leaderboard_rank": 176,
"leaderboard_risk_score": 39.109,
"leaderboard_safety_score": 25.5309,
"enkrypt_rating": 1.9,
"validation_score": 40.9770687936,
"multi_turn_resistance": 6.9620253165,
"combined_score": 23.969547055
},
"findings": "find_6015e4fc064d42a1b6a9",
"aibom": "abom_88ffe0eacd304dc88483"
}Get the Findings
Retrieve findings for an enriched asset. Findings include capabilities, score breakdowns, benchmark details, matched threats, MITRE ATLAS techniques, and CVE IDs.
curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/findings" \
-H "Authorization: Bearer $RISKDB_API_KEY"Response:
{
"id": "find_6015e4fc064d42a1b6a9",
"object": "finding",
"created": 1775634081,
"updated": 1775634081,
"livemode": false,
"metadata": {
"benchmark_match_strategy": "exact",
"benchmark_matched": "true",
"benchmark_sources": "leaderboard.json,leaderboard_detail.json,message.txt",
"context_length": "32768",
"input_modalities": "text,image",
"max_completion_tokens": "8192",
"modality": "text+image->text",
"model_id": "google/gemma-3-4b-it:free",
"model_slug": "google/gemma-3-4b-it",
"output_modalities": "text",
"registry": "openrouter",
"tokenizer": "Gemini"
},
"asset_id": "aset_ed96896b57724069849e",
"capabilities": [
{
"name": "input_image",
"declared": true,
"risk_contribution": 8
},
{
"name": "input_text",
"declared": true,
"risk_contribution": 8
},
{
"name": "modality_text_image_to_text",
"declared": true,
"risk_contribution": 8
},
{
"name": "output_text",
"declared": true,
"risk_contribution": 8
},
{
"name": "reasoning",
"declared": false,
"risk_contribution": 8
},
{
"name": "structured_outputs",
"declared": true,
"risk_contribution": 8
}
],
"threats": [],
"atlas_techniques": [],
"cve_ids": [],
"score_breakdown": {
"base_capability_score": 48,
"publisher_trust_multiplier": 1,
"threat_penalty": 0,
"final_score": 48
},
"benchmark_details": {
"matched": true,
"match_strategy": "exact",
"matched_key": "gemma-3-4b-it",
"candidate_keys": [
"google/gemma-3-4b-it:free",
"google/gemma-3-4b-it",
"google: gemma 3 4b (free)",
"gemma-3-4b-it",
"gemma-3-4b-it:free",
"googlegemma34bitfree",
"googlegemma34bit",
"googlegemma34bfree"
],
"sources": [
"leaderboard.json",
"leaderboard_detail.json",
"message.txt"
],
"leaderboard": {
"model_name": "gemma-3-4b-it",
"provider": "openai_compatible",
"rank": 176,
"risk_score": 39.109,
"bias_score": 83.98,
"cbrn_score": 11.5,
"harmful_score": 51.11,
"insecure_code_score": 44,
"toxicity_score": 4.95,
"jailbreak_score": 10.8553,
"safety_score": 25.5309,
"nist_score": 39,
"owasp_score": 45,
"star_score": 1.88,
"performance_risk_ratio": "NA"
},
"detail": {
"model": "gemma-3-4b-it",
"provider": "openai_compatible",
"rank": 176,
"total_models": 247,
"enkrypt_rating": 1.9,
"nist_score": 39,
"owasp_score": 45,
"bias_rating": 2.6,
"harmful_rating": 1.4,
"toxicity_rating": 1.8,
"cbrn_rating": 2.4,
"insecure_code_rating": 1.8,
"bias_pct": 21,
"harmful_pct": 21,
"toxicity_pct": 21,
"cbrn_pct": 21,
"insecure_code_pct": 21,
"robustness_score": 2.6,
"url": "https://leaderboard.enkryptai.com/gemma-3-4b-it"
},
"validation": {
"model": "Google Gemma 3 4b It",
"pass": 0.4097706879,
"validation_score": 40.9770687936,
"multi_turn_resistance": 6.9620253165,
"multi_turn_success": 93.0379746835,
"multi_turn_attacks": 474,
"multi_turn_conversations": 100,
"has_validation_data": true,
"has_multi_turn_data": true,
"combined_score": 23.969547055,
"source_type": "open_source"
}
}
}Get the AI-BOM
Retrieve the AI Bill of Materials for an enriched asset. The format parameter controls the output shape.
| Value | Output |
|---|---|
json | Default. Returns the full AI-BOM resource. |
spdx_json | Returns only the raw SPDX JSON document. |
spdx_tv | Returns SPDX tag-value text. |
curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/aibom?format=json" \
-H "Authorization: Bearer $RISKDB_API_KEY"Response:
{
"id": "abom_88ffe0eacd304dc88483",
"object": "aibom",
"created": 1775634081,
"updated": 1775634081,
"livemode": false,
"metadata": {
"benchmark_match_strategy": "exact",
"benchmark_matched": "true",
"benchmark_sources": "leaderboard.json,leaderboard_detail.json,message.txt",
"context_length": "32768",
"input_modalities": "text,image",
"max_completion_tokens": "8192",
"modality": "text+image->text",
"model_id": "google/gemma-3-4b-it:free",
"model_slug": "google/gemma-3-4b-it",
"output_modalities": "text",
"registry": "openrouter",
"tokenizer": "Gemini"
},
"asset_id": "aset_ed96896b57724069849e",
"spdx_version": "SPDX-3.0.1",
"spdx_document": {
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2026-04-08T07:41:21Z",
"creators": [
"Tool: SuperAlign Risk Intelligence"
]
},
"name": "superalign-ai-bom",
"packages": [
{
"name": "Google: Gemma 3 4B (free)",
"type": "model",
"version": "google/gemma-3-4b-it"
},
{
"name": "Gemini",
"type": "runtime",
"version": "unknown"
}
],
"spdxVersion": "SPDX-3.0.1"
},
"components": [
{
"name": "Google: Gemma 3 4B (free)",
"version": "google/gemma-3-4b-it",
"type": "model"
},
{
"name": "Gemini",
"version": "unknown",
"type": "runtime"
}
],
"generated_at": 1775634081,
"bom_version": 1
}Get Matched Threats
List threats matched to an asset. Returns a paginated list.
curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/threats?limit=10" \
-H "Authorization: Bearer $RISKDB_API_KEY"Response:
{
"object": "list",
"data": [],
"has_more": false,
"url": "/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/threats"
}Recommended Usage Patterns
| Scenario | Approach |
|---|---|
| You already have a canonical identifier | Use exact fingerprints via fingerprints |
| Your integration stores a stable model or package label | Use exact lookup_name |
| Building a search box or human review flow | Use fuzzy lookup_name with include_candidates=true |
| You have a name-based request shape but a stronger fallback | Use lookup_fingerprint |
| Resolving many assets in one pass | Use batched mixed lookup (Method 9) |