# Asset Endpoints ## Get the Asset Retrieve the full asset record by fingerprint. ```bash curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327" \ -H "Authorization: Bearer $RISKDB_API_KEY" ``` Response: ```json { "id": "aset_ed96896b57724069849e", "object": "asset", "created": 1775634081, "updated": 1775634081, "livemode": false, "metadata": { "benchmark_match_strategy": "exact", "benchmark_matched": "true", "benchmark_sources": "leaderboard.json,leaderboard_detail.json,message.txt", "context_length": "131072", "input_modalities": "text,image", "max_completion_tokens": "8192", "modality": "text+image->text", "model_id": "google/gemma-3-4b-it", "model_slug": "google/gemma-3-4b-it", "output_modalities": "text", "registry": "openrouter", "tokenizer": "Gemini" }, "fingerprint": "sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327", "asset_type": "api_endpoint", "name": "Google: Gemma 3 4B", "source_url": "https://openrouter.ai/google/gemma-3-4b-it", "enrichment_status": "enriched", "enriched_at": 1775634081, "enrichment_ttl": 1775720481, "intrinsic_risk_score": 48, "intrinsic_risk_severity": "medium", "publisher_trust": "unknown_with_source", "first_seen": 1775634073, "last_seen": 1775634073, "observation_count": 2, "benchmark_summary": { "matched": true, "match_strategy": "exact", "matched_key": "gemma-3-4b-it", "sources": [ "leaderboard.json", "leaderboard_detail.json", "message.txt" ], "leaderboard_rank": 176, "leaderboard_risk_score": 39.109, "leaderboard_safety_score": 25.5309, "enkrypt_rating": 1.9, "validation_score": 40.9770687936, "multi_turn_resistance": 6.9620253165, "combined_score": 23.969547055 }, "findings": "find_6015e4fc064d42a1b6a9", "aibom": "abom_88ffe0eacd304dc88483" } ``` *** ## Get the Findings Retrieve findings for an enriched asset. Findings include capabilities, score breakdowns, benchmark details, matched threats, MITRE ATLAS techniques, and CVE IDs. ```bash curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/findings" \ -H "Authorization: Bearer $RISKDB_API_KEY" ``` Response: ```json { "id": "find_6015e4fc064d42a1b6a9", "object": "finding", "created": 1775634081, "updated": 1775634081, "livemode": false, "metadata": { "benchmark_match_strategy": "exact", "benchmark_matched": "true", "benchmark_sources": "leaderboard.json,leaderboard_detail.json,message.txt", "context_length": "32768", "input_modalities": "text,image", "max_completion_tokens": "8192", "modality": "text+image->text", "model_id": "google/gemma-3-4b-it:free", "model_slug": "google/gemma-3-4b-it", "output_modalities": "text", "registry": "openrouter", "tokenizer": "Gemini" }, "asset_id": "aset_ed96896b57724069849e", "capabilities": [ { "name": "input_image", "declared": true, "risk_contribution": 8 }, { "name": "input_text", "declared": true, "risk_contribution": 8 }, { "name": "modality_text_image_to_text", "declared": true, "risk_contribution": 8 }, { "name": "output_text", "declared": true, "risk_contribution": 8 }, { "name": "reasoning", "declared": false, "risk_contribution": 8 }, { "name": "structured_outputs", "declared": true, "risk_contribution": 8 } ], "threats": [], "atlas_techniques": [], "cve_ids": [], "score_breakdown": { "base_capability_score": 48, "publisher_trust_multiplier": 1, "threat_penalty": 0, "final_score": 48 }, "benchmark_details": { "matched": true, "match_strategy": "exact", "matched_key": "gemma-3-4b-it", "candidate_keys": [ "google/gemma-3-4b-it:free", "google/gemma-3-4b-it", "google: gemma 3 4b (free)", "gemma-3-4b-it", "gemma-3-4b-it:free", "googlegemma34bitfree", "googlegemma34bit", "googlegemma34bfree" ], "sources": [ "leaderboard.json", "leaderboard_detail.json", "message.txt" ], "leaderboard": { "model_name": "gemma-3-4b-it", "provider": "openai_compatible", "rank": 176, "risk_score": 39.109, "bias_score": 83.98, "cbrn_score": 11.5, "harmful_score": 51.11, "insecure_code_score": 44, "toxicity_score": 4.95, "jailbreak_score": 10.8553, "safety_score": 25.5309, "nist_score": 39, "owasp_score": 45, "star_score": 1.88, "performance_risk_ratio": "NA" }, "detail": { "model": "gemma-3-4b-it", "provider": "openai_compatible", "rank": 176, "total_models": 247, "enkrypt_rating": 1.9, "nist_score": 39, "owasp_score": 45, "bias_rating": 2.6, "harmful_rating": 1.4, "toxicity_rating": 1.8, "cbrn_rating": 2.4, "insecure_code_rating": 1.8, "bias_pct": 21, "harmful_pct": 21, "toxicity_pct": 21, "cbrn_pct": 21, "insecure_code_pct": 21, "robustness_score": 2.6, "url": "https://leaderboard.enkryptai.com/gemma-3-4b-it" }, "validation": { "model": "Google Gemma 3 4b It", "pass": 0.4097706879, "validation_score": 40.9770687936, "multi_turn_resistance": 6.9620253165, "multi_turn_success": 93.0379746835, "multi_turn_attacks": 474, "multi_turn_conversations": 100, "has_validation_data": true, "has_multi_turn_data": true, "combined_score": 23.969547055, "source_type": "open_source" } } } ``` *** ## Get the AI-BOM Retrieve the AI Bill of Materials for an enriched asset. The `format` parameter controls the output shape. | Value | Output | | ----------- | ------------------------------------------ | | `json` | Default. Returns the full AI-BOM resource. | | `spdx_json` | Returns only the raw SPDX JSON document. | | `spdx_tv` | Returns SPDX tag-value text. | ```bash curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/aibom?format=json" \ -H "Authorization: Bearer $RISKDB_API_KEY" ``` Response: ```json { "id": "abom_88ffe0eacd304dc88483", "object": "aibom", "created": 1775634081, "updated": 1775634081, "livemode": false, "metadata": { "benchmark_match_strategy": "exact", "benchmark_matched": "true", "benchmark_sources": "leaderboard.json,leaderboard_detail.json,message.txt", "context_length": "32768", "input_modalities": "text,image", "max_completion_tokens": "8192", "modality": "text+image->text", "model_id": "google/gemma-3-4b-it:free", "model_slug": "google/gemma-3-4b-it", "output_modalities": "text", "registry": "openrouter", "tokenizer": "Gemini" }, "asset_id": "aset_ed96896b57724069849e", "spdx_version": "SPDX-3.0.1", "spdx_document": { "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2026-04-08T07:41:21Z", "creators": [ "Tool: SuperAlign Risk Intelligence" ] }, "name": "superalign-ai-bom", "packages": [ { "name": "Google: Gemma 3 4B (free)", "type": "model", "version": "google/gemma-3-4b-it" }, { "name": "Gemini", "type": "runtime", "version": "unknown" } ], "spdxVersion": "SPDX-3.0.1" }, "components": [ { "name": "Google: Gemma 3 4B (free)", "version": "google/gemma-3-4b-it", "type": "model" }, { "name": "Gemini", "version": "unknown", "type": "runtime" } ], "generated_at": 1775634081, "bom_version": 1 } ``` *** ## Get Matched Threats List threats matched to an asset. Returns a paginated list. ```bash curl -sS "https://api.airiskdb.com/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/threats?limit=10" \ -H "Authorization: Bearer $RISKDB_API_KEY" ``` Response: ```json { "object": "list", "data": [], "has_more": false, "url": "/v1/assets/sha256:2aaf7a38fa0eac2236cd4c4fe85ed537779fa8a3875b1f548901612c0b1b3327/threats" } ``` *** ## Recommended Usage Patterns | Scenario | Approach | | ----------------------------------------------------------- | ------------------------------------------------------ | | You already have a canonical identifier | Use exact fingerprints via `fingerprints` | | Your integration stores a stable model or package label | Use exact `lookup_name` | | Building a search box or human review flow | Use fuzzy `lookup_name` with `include_candidates=true` | | You have a name-based request shape but a stronger fallback | Use `lookup_fingerprint` | | Resolving many assets in one pass | Use batched mixed lookup (Method 9) |