Ask a regulated firm to list the AI it runs and you get the three or four official projects. The real estate is far larger — and most of it is invisible to the org chart: copilots switched on inside SaaS, models embedded in vendor features, and shadow AI living in browser tabs and Excel.
No single source sees the whole estate. We triangulate the deep human layer with what your tools already know and what your code reveals — every row tagged with where it came from.
The same adaptive agent behind the use-case map asks people what AI they actually reach for — the public chatbot in the browser, the copilot, the spreadsheet trick. This surfaces the shadow AI no scan can see.
→ interviewRead-only pulls from the admin surfaces you control — SaaS licence and copilot usage, identity/SSO app lists, model-gateway logs — to enumerate the AI features quietly switched on across the estate.
→ ingest · endpointA scan of code and config for model SDKs, API keys to AI providers, prompt strings and agent definitions — catching the home-built bots and scripts that never appear in any licence or org chart.
→ repo-scanEight rows from a synthetic DACH-insurer estate — agents, copilots, embedded SaaS features and shadow scripts, each with its discovery provenance and a confidence read.
| System | Kind | Function | Data / PII | Provenance | Confidence |
|---|---|---|---|---|---|
| Claims FNOL triage agent Routes first-notice-of-loss, drafts acknowledgement |
agent | Claims | PII · health | interviewendpoint | high |
| Broker-submission intake bot Extracts risk fields from broker emails → UW workbench |
agent | Underwriting | PII | repo-scaninterview | medium |
| M365 Copilot · Underwriting Drafting & summarisation inside Office |
copilot | Underwriting | PII | ingest | medium |
| Salesforce Einstein lead scoring Vendor model embedded in CRM |
saas-feature | Customer Service | PII | ingestendpoint | high |
| Policy-wording Q&A assistant Internal RAG over wordings & guidelines |
agent | Customer Service | no PII | repo-scaningestendpoint | high |
| Fraud-flag classifier Built with Ansatz advisory · pilot |
model | Claims | PII | manualinterview | medium |
| Reserving "GPT macro" (Excel) Shadow AI — actuary pastes into a public chatbot |
script | Actuarial | PII | interview | low |
| Browser-based contract summariser Shadow AI — public tool, never reviewed |
script | Broker Operations | PII | interview | low |
AISystem schema.Each row forks by what it is. As-is systems feed an Ansatz roadmap. Live, non-conflicted agents can cross a one-way handoff to independent verification — Ansatz never inventories the agents it's paid to verify.
Every system in the estate — its business purpose, owner, data classes and value hypothesis — becomes a row in the as-is map that feeds the Ansatz use-case roadmap: what to consolidate, what to retire, where the next AI opportunity actually is.
Advisory & discovery is Ansatz's lane. The full register — PII flags, advisory context and all — stays here.
A live, non-conflicted agent with a callable endpoint is eligible for a sanitised, one-way handoff to a separate assurance venture's behaviour-anchored agent register — for verification, on its own terms.
An AI inventory is increasingly buyer-pulled and standards-shaped. Here's the honest case, separated into what already applies and what the market is asking for.
Your ROPA already has to list processing activities and the personal data behind them. An AI estate register that flags PII per system makes the AI slice of that record far easier to keep honest and current.
Providers and deployers must ensure staff have a sufficient level of AI literacy. Knowing which AI systems your people actually use is the natural starting point for a credible, role-aware literacy baseline.
An AI management system expects you to maintain an inventory of AI systems in scope. Buyers and certifiers increasingly ask for it — the register is the artifact that answers the question.
The framework calls for an inventory of AI systems, maintained and resourced by risk. A living, provenance-tagged register is exactly that inventory — voluntary, but increasingly expected in diligence.
An on-ramp by design: self-serve discovery is free, the full register is a fixed, fast engagement, and it pulls naturally into Ansatz's roadmap or independent verification. Figures are planning estimates, not quotes.
AISystem schema. Delivered in a week.Start with the free self-serve discovery, or have us deliver the full company-wide AI Register in a week — provenance-tagged, confidence-scored, and ready to fork into a roadmap or independent verification.