Cisco measures infrastructure readiness. Nobody measures whether people can see the threat. Introducing the Trickster Readiness Index.
Cisco's 2025 Cybersecurity Readiness Index surfaced a pattern that's easy to miss if you only look at the numbers:
- 86% of organizations experienced at least one AI-related security incident in the past year
- Only 49% believe employees understand AI-related threats
- 60% don't know what employees are asking GenAI tools to do
These aren't infrastructure failures.
They're human-layer failures—the kind that no amount of identity, cloud, or device hardening can fully solve.
Cisco's CRI is excellent at measuring technical readiness.
What it doesn't measure is the pattern-level behavior that causes Shadow AI to appear in the first place.
That's the missing pillar.
And that's where the Trickster Readiness Index (TRI) comes in.
Shadow AI as a Pattern, Not a Tool
Shadow AI isn't "rogue software."
It's a behavioral archetype:
- It enters through convenience
- It expands through ambiguity
- It hides in blended roles
- It thrives where lineage is broken
- It grows when no one is watching
Cisco measures the symptoms.
The Trickster pattern explains the cause.
To make this legible to practitioners, I built a three-layer benchmarking model that sits directly on top of Cisco's CRI pillars.
1. The Three-Layer Benchmarking Diagram
Cisco Gap → Trickster Pattern → Steward Response
┌──────────────────────────────┬──────────────────────────────┬──────────────────────────────┐
│ CISCO-IDENTIFIED GAP │ TRICKSTER PATTERN │ STEWARD RESPONSE │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Unapproved AI Usage │ Undeclared Trickster Tool │ Naming Ritual + Tool Ledger │
│ (AI Fortification) │ Appears in ambiguity │ Declare → Register → Review │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Unknown Data Lineage │ Lineage-Break Pattern │ Provenance Check + Logging │
│ (Identity + Cloud) │ "Where did this come from?" │ Trace → Document → Contain │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Role Drift / Overreach │ Trickster Scope Expansion │ Boundary Frames + Role Gates │
│ (Machine Trustworthiness) │ Blended roles, no limits │ Define → Limit → Monitor │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Unverified Outputs │ Shadow Reasoning │ Helper–Shadow Test │
│ (AI Fortification) │ Fast but murky │ Explain → Validate → Approve │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Lack of Monitoring │ Trickster Drift │ Steward Review Cadence │
│ (All Pillars) │ Expands in silence │ Schedule → Audit → Correct │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
This is the "human pillar" Cisco doesn't measure.
The parenthetical labels in Column 1 map each gap to the specific Cisco CRI pillar it falls under. The verb triads in Column 3—Declare → Register → Review, Trace → Document → Contain—are designed to be memorable without technical context. These are operational rituals, not policy language.
2. Cross-Vertical Comparison Matrix
Shadow AI expresses differently depending on the regulatory substrate.
The Trickster pattern is universal—but its manifestation is sector-specific.
| Sector | Shadow AI Expression | Regulatory Exposure | Cisco Data Anchor | CRI Pillar Mapping |
|---|---|---|---|---|
| Healthcare | Undeclared clinical tools, PHI drift | HIPAA, CMS, COPPA, Joint Commission | 39% AI threat awareness—lowest of any sector (CRI 2025) | AI Fortification + Identity Intelligence |
| Legal | Undeclared drafting tools, hallucinated citations | ABA Model Rules, privilege breach | Only 42% of European respondents believe employees understand AI threats (CRI 2025) | AI Fortification + Cloud Reinforcement |
| Finance | Off-book models, unverifiable forecasts | SOX, SEC, FINRA | 55% awareness yet 57% of large firms still reported cyberattacks (CRI 2025) | Identity Intelligence + Cloud Reinforcement |
| Education | AI doing the learning, unvetted tutoring tools | FERPA, COPPA, academic integrity | 65% of small orgs lack any visibility into employee AI use (CRI 2025) | AI Fortification + Machine Trustworthiness |
This is the difference between "interesting idea" and "data-backed methodology."
Same archetype. Different masks. Different regulatory consequences. Consistent mapping to Cisco's pillars.
3. The Trickster Readiness Score (TRS)
To make the model operational, I built a sector-weighted maturity score.
Core Dimensions
Each dimension maps to a Trickster behavior and a Steward ritual:
- Lineage Integrity—Can you trace every AI output to a declared source?
- Boundary Control—Are tools operating within their declared scope?
- Confidentiality / Privilege—Is sensitive data protected from undeclared AI processing?
- Auditability / Explainability—Can a human explain how an AI-assisted output was produced?
- Drift Monitoring—Is there an ongoing cadence that detects silent tool expansion?
Sector Weighting Table
This is the part practitioners look for—the operational spine.
| Dimension | Healthcare | Legal | Finance | Education | Weight Rationale |
|---|---|---|---|---|---|
| Lineage Integrity | 30% | 25% | 35% | 20% | Highest where data provenance is regulated |
| Boundary Control | 20% | 15% | 20% | 25% | Highest where scope-creep threatens core mission |
| Confidentiality / Privilege | 15% | 30% | 20% | 15% | Highest where privilege is legally protected |
| Auditability / Explainability | 20% | 20% | 30% | 20% | Highest where outputs face external audit |
| Drift Monitoring | 15% | 10% | 15% | 20% | Highest where silent expansion threatens integrity |
This is what makes TRI a scoring model, not a metaphor.
Formula
TRS = Σ (Dimension Score × Sector Weight)
Each dimension is scored 0–100. The sector weights produce a composite score that maps to four maturity tiers — designed to parallel Cisco's own Beginner → Formative → Progressive → Mature scale:
| TRI Tier | Score | Cisco Equivalent | What It Means |
|---|---|---|---|
| Trickster-Dominant | 0–39 | Beginner | Shadow AI is driving the system. No lineage, no boundaries, no monitoring. |
| Mixed Mode | 40–69 | Formative | Steward rituals exist but are inconsistent or incomplete. |
| Steward-Dominant | 70–89 | Progressive | Lineage, boundaries, and monitoring are active and effective. |
| Sovereign | 90–100 | Mature | AI governance is proactive, ritualized, and resilient. |
4. The Helper–Shadow Test
If you only adopt one thing from this article, make it this.
Ask of any AI output:
"Did this make the work clearer or just faster?"
- ↳ Clearer → Helper
- ↳ Faster but murkier → Shadow
- ↳ No lineage → The Trickster is already in the room
In healthcare: Does this clarify clinical reasoning, or just speed up documentation?
In finance: Does this increase auditability, or increase speed but hide risk?
In legal: Does this strengthen privilege, or produce fast drafts with hidden risk?
In education: Does this support learning, or replace it?
This test requires zero technical literacy.
It works across every sector.
And it's the fastest way to detect Shadow AI before it becomes a breach.
What's Coming Next
Next week I'm publishing the healthcare-specific module, including:
- The full governance checklist (PHI-tuned, zero jargon)
- Clinical Trickster profiles and scenarios
- The sector-weighted scoring walkthrough with a worked example
- A sample audit template
If you're working in healthcare IT, compliance, or clinical operations—you'll want to see this one.
This article is part of an ongoing series on human-layer cybersecurity governance from Soft Armor Labs.
For the non-technical version of this conversation, I'm posting companion pieces on LinkedIn: linkedin.com/in/narnaiezzsshaa
Data sources: Cisco 2025 Cybersecurity Readiness Index—double-blind survey of 8,000 security leaders across 30 global markets.
© 2026 Soft Armor Labs. This work is licensed under CC BY-NC-SA 4.0. You may share and adapt this material with attribution for non-commercial purposes. Commercial use, including integration into paid consulting deliverables, requires written permission from the author.
Top comments (0)