Emerging Risk Lab Methodology

v1.0 · April 2026

Per-insured exposure scoring across the four 2025-2026 frontier risks: AI/GenAI, quantum HNDL, deepfake fraud, and critical infrastructure dependency.

1. Executive Summary

The four risks that traditional cyber wordings handle the worst — and that an underwriter needs to price separately or carve out: AI / GenAI risk, Quantum HNDL, Deepfake / synthetic identity, and Critical infrastructure dependency.

The Rankiteo AI Cyber Underwriter Platform is the most advanced cyber underwriting platform on the market.

2. AI-BOM (AI Bill of Materials)

Scores per-insured exposure to AI/GenAI risks: model failures, prompt injection, training data poisoning, agentic AI misbehavior, hallucination liability, and silent-AI exposure in existing wordings.

ai_score = 30 # base ai_score += 35 if industry in [tech, software, saas, ai, data, media] ai_score += 20 if industry in [health, bank, financial, legal] ai_score += seed × 25 # noise from insured fingerprint ai_tier = "High" if ai_score > 70 else "Medium" if > 40 else "Low"

Approximately 40% of AI losses fall outside traditional cyber wordings. High-tier insureds need either explicit AI riders or AI exclusion endorsements.

3. Quantum HNDL (Harvest Now Decrypt Later)

Harvest-Now-Decrypt-Later attacks exfiltrate today's encrypted data with the assumption that quantum computers will decrypt it within 5-15 years. Critical for sectors with long-life sensitive data.

quantum_score = 20 quantum_score += 50 if industry in [bank, financial, insur, health, govern, defense, pharma, biotech, legal] quantum_tier = "Critical" if > 70 else "Material" if > 40 else "Low"

NSA's post-quantum migration deadline is 2035, but the harvest is happening now. Long-tail data breach reserving needs to factor in the future decryption.

4. Deepfake / Synthetic Identity Fraud

Voice-clone CEO fraud, deepfake KYC bypass, synthetic-identity ATO. Reference: $25M Arup Hong Kong deepfake (Feb 2024).

deepfake_score = 25 deepfake_score += 40 if industry in [bank, financial, insur, legal, consult, executive] deepfake_tier = "High" if > 65 else "Medium" if > 35 else "Low"

Drives crime/cyber convergence pricing. High-tier insureds need callback warranties on funds-transfer fraud sublimits.

5. Critical Infrastructure Dependency

Single points of failure in cloud, DNS, Tier-1 transit, BGP, GPS, power grid. The CrowdStrike, Fastly, AWS us-east-1, MOVEit, Change Healthcare pattern of silent accumulation.

infra_score = 30 infra_score += 45 if industry in [energy, utilit, power, telecom, transport, water, health, govern] infra_tier = "Critical" if > 70 else "Material" if > 40 else "Low"

6. Emerging Risk Index (ERI)

The aggregate ERI is the simple average of the four dimension scores:

ERI = (ai_score + quantum_score + deepfake_score + infra_score) / 4

Color-coded: ≥70 red, ≥50 amber, <50 green.

7. Data Sources

Currently industry-keyword-based with deterministic noise per insured. Production version will use real AI-BOM questionnaires (NIST AI RMF), Censys/Shodan TLS scans for crypto inventory, and incident feeds for deepfake events.

8. Glossary

Term	Definition
AI-BOM	AI Bill of Materials — inventory of foundation models, agents, and data flows in use
HNDL	Harvest Now, Decrypt Later — adversary stockpiles encrypted data for post-quantum decryption
Deepfake	AI-generated synthetic audio/video used to impersonate a real person
ERI	Emerging Risk Index — composite 0-100 score across the four dimensions

Proprietary to Rankiteo. Contact [email protected].