BlindSpot

BlindSpot was inspired by a simple problem: small and medium-sized businesses are adopting AI faster than they can govern it.

Many companies already use chatbots, AI assistants, voice agents, recommendation tools, generative content, and third-party AI vendors, but they often do not know where AI is active, which regulations apply, what risks exist, or what proof they need to show customers, partners, insurers, and regulators.

BlindSpot helps businesses answer one core question:

Are we ready to use AI responsibly, securely, and compliantly?

Our project turns scattered AI use into a clear readiness map through three pillars:

SCAN, to discover AI surfaces, compliance gaps, security exposure, and missing evidence. GUIDE, to assess responsible AI governance, ethics, fairness, transparency, accountability, privacy, and human oversight. LEARN, to create company-specific AI risk education, including realistic misuse scenarios, staff training, customer trust guidance, and executive voice briefings.

The final output is the BlindSpot AI Readiness Badge, a shareable proof-of-progress signal that shows a business is actively managing AI risk.

What inspired us

We were inspired by the gap between AI adoption and AI governance.

Large enterprises may have legal teams, compliance officers, security teams, and AI governance programs. SMEs usually do not. Yet they face many of the same risks: privacy issues, missing AI disclosure, unsafe prompting, vendor risk, social engineering, AI impersonation, and uncertainty around regulations such as the EU AI Act, GDPR, ePrivacy, NIS2, and DORA.

We wanted to build a tool that gives every business a practical first step.

Instead of starting with a long legal questionnaire or an expensive consulting project, BlindSpot starts with what a business already has: its public domain, AI tools, customer journey, and visible digital footprint.

What we built

BlindSpot is an AI readiness platform that scans a company’s public AI exposure, maps relevant obligations, assesses governance maturity, and generates education based on the company’s actual risks.

The platform produces:

An AI Surface Inventory A Compliance Obligation Map Security and exposure findings Ethics and governance scores Evidence gap classification Staff micro-training modules Customer trust guidance Executive voice briefing AI Readiness Badge

We designed the readiness score as a simple weighted model:

[ AI\ Readiness = w_1(SCAN) + w_2(GUIDE) + w_3(LEARN) ]

Where:

[ w_1 + w_2 + w_3 = 1 ]

This allows the badge to show progress across security, compliance, governance, and education, instead of acting as a simple pass or fail certificate.

How we built it

We built BlindSpot around three connected workflows.

SCAN

The SCAN workflow identifies public AI surfaces such as chat widgets, voice agents, recommendation tools, AI-generated content features, API documentation, third-party AI vendors, and visible privacy or consent signals.

It then maps these findings against relevant obligations, including:

EU AI Act transparency requirements GDPR vendor and data protection obligations ePrivacy consent and voice interaction requirements NIS2 ICT risk management expectations DORA requirements for financial entities

The goal is to separate what can be externally verified from what requires internal evidence.

GUIDE

The GUIDE workflow turns responsible AI principles into practical actions.

It assesses each AI use case across five dimensions:

Fairness Transparency Accountability Safety Privacy

Instead of giving generic ethics advice, BlindSpot links the guidance to the company’s sector, AI use case, decision impact, and governance gaps.

LEARN

The LEARN workflow creates risk education based on the company’s own AI environment.

It can generate realistic examples of unsafe prompting, data misuse, AI impersonation, voice phishing, customer fraud, and social engineering. It also creates role-specific training and a customer-facing trust sheet that explains how users should safely interact with the company’s AI systems.

We also used voice AI to make the final report more accessible for executives who may not read a long compliance document.

What we learned

We learned that AI trust is not only a technical problem.

It is a combination of security, compliance, ethics, communication, education, and evidence. A company may have a secure AI tool but poor transparency. Another may have good policies but no staff awareness. Another may use an AI vendor without understanding the privacy or documentation requirements.

We also learned that SMEs need clear prioritization. They do not need a 100-page report as a first step. They need to know:

What AI is being used What obligations are triggered What risks are visible What evidence is missing What actions matter first How to prove progress

That is why the AI Readiness Badge became central to the project. It gives businesses a visible, understandable, and shareable way to show improvement over time.

Challenges we faced

One major challenge was turning complex regulation into simple product logic.

AI governance involves many overlapping frameworks and requirements. We had to design a system that could explain obligations clearly without pretending to replace legal advice.

Another challenge was evidence classification. Some findings can be detected externally, such as whether a website shows an AI disclosure notice or whether a widget loads before consent. Other findings require internal documents, contracts, DPIAs, policies, or vendor agreements. BlindSpot had to make that distinction clear.

We also had to balance depth with usability. The product needed to be useful for compliance teams, security teams, product leaders, and founders, while still being simple enough for SMEs with limited resources.

Finally, we had to connect different technologies into one coherent experience: AI scanning, compliance mapping, ethics assessment, risk education, voice simulation, and badge generation.

Why it matters

BlindSpot matters because AI trust should not only be available to large enterprises.

Every business using AI needs a way to scan its exposure, understand its responsibilities, educate its team, and prove that it is moving in the right direction.

BlindSpot gives companies that first step.

Scan your AI. Govern it. Prove it.