Exposure Intelligence Lab · Working model v0.1

The AI Exposure Index

A practical framework for estimating how easy it may be to impersonate, exploit, or misrepresent a person or organization using publicly available information, media, relationships, and trust signals.

The thesis

The more raw material you publish, and the more people act on your word without checking, the cheaper you are to fake and the more damage a convincing fake can do. Exposure is not the same as risk. But it sets the ceiling on it. The Index is a way to think about that ceiling before someone else does.

The working model

Score each factor from 0 (none) to 3 (high), then add them up. There are thirteen factors across three groups, so scores run from 0 to 39. The number is not the point. The exercise is: it forces you to look at your exposure the way someone trying to exploit it would.

Synthesis surface

How much raw material already exists to fabricate you.

Public photos

Clear images of your face, from many angles, in good light.

0–3

Public video

Footage of you moving and speaking on camera.

0–3

Public audio

Recordings of your voice, especially long and clean ones.

0–3

Speaking appearances

Talks, panels, and presentations captured and posted.

0–3

Podcast appearances

Long-form audio of you in natural, unscripted conversation.

0–3

Reach and authority

How far a convincing fake can travel and how much authority it borrows.

Executive visibility

A title and profile that make your instructions carry weight.

0–3

Brand recognition

A name or company people recognise and trust on sight.

0–3

Search footprint

A large, easily harvested trail of public information about you.

0–3

Domain authority

Owned channels strong enough that mimicking them is worthwhile.

0–3

Public contact information

Direct lines that let an impersonation reach the right people.

0–3

Trust dependency

How much damage a convincing fake could actually do.

Social graph visibility

A public map of who you know and who would act on your word.

0–3

Trust dependency

How readily others move money or make decisions on your say-so.

0–3

Verification weakness

The absence of agreed rituals to confirm a request is really from you.

0–3

Reading the score

The bands below are deliberate approximations, not validated thresholds. They are there to turn a number into a conversation.

Low Exposure 0 to 9

Little public media, limited reach, and few people who would act on your word without checking. A convincing fake is harder to build and easier to catch.

Moderate Exposure 10 to 19

A real but contained public footprint. Worth adopting a basic set of verification habits before you need them.

Elevated Exposure 20 to 28

Substantial public media and reach, and people who act on your communications. Impersonation is plausible and consequential. Verification rituals start to matter a lot.

Critical Exposure 29 to 39

Abundant public voice, video, and likeness, high recognition, and high trust dependency. A convincing fake is cheap to build and expensive to absorb. Treat verification as core infrastructure.

Read this first

This is a practical heuristic for thinking about exposure. It is not a security audit, a scientific instrument, or a validated risk score. It is a working model, version 0.1, and it will change. Use it to start a conversation about exposure, not to conclude one. If you have a real, active threat, talk to a security professional, not a framework on a website.

Practical implications

A high score is not a reason to disappear. For most people with elevated exposure, visibility is the job. The move is to make yourself hard to exploit even while you are easy to imitate:

Verification that does not rely on appearance. Agreed callback procedures for anything involving money, credentials, or access. "It looked and sounded like them" should never be sufficient on its own.
A canonical channel. One known, hard-to-spoof place that sensitive requests are supposed to come through, so anything outside it is suspect by default.
A culture where verifying is competence. If asking a senior person to confirm a request is treated as insubordination, you have built the exact gap an impersonation needs.
Less unnecessary raw material. Not silence, just intent. Notice the difference between media that does a job and media that only adds to the synthesis surface.

Current questions

The parts I have not resolved, and would value being argued with on:

How should the factors be weighted? Trust dependency probably matters more than raw photo count, but by how much?
Does organizational exposure compound individual exposure, or partly offset it through more mature verification?
Which verification rituals actually hold up under pressure, and which only feel safe?
Is there a cleaner way to express the output than a single number?

Related field notes

How Easy Is It To Impersonate A CEO Today?

A working note on why senior executives are now among the cheapest people to convincingly fake, and what actually reduces the risk.

Read the note

Why AI Makes Trust More Valuable, Not Less

A working note on why cheap synthesis raises, rather than lowers, the value of trust that is expensive to fake.

Read the note

The Trust Deficit Economy

An economy in which the supply of cheap, fakeable signals outruns our ability to verify them, making genuine, verifiable trust the scarce and valuable resource.

Read the note

Have a sharper version of this model? I am refining it in the open. Tell me what I am missing.

Back to the Lab →