Inclus Academy recap: Introducing the Inclus AI assistant and a new way to manage risk
Earlier this month, our co-founders Mikaeli Langinvainio and Juha Törmänen hosted an Inclus Academy webinar to introduce the newly released Inclus AI assistant and share our vision for where AI-powered risk management is heading.
The session covered a live demonstration of five practical AI use cases, a look at our product roadmap, and a lively Q&A with attendees from across the globe. Whether you missed the live session or want a structured recap, here are the key takeaways, what our AI assistant can do today, how security is built into its foundations, and what's coming next.
Why risk management is the perfect AI use case
We believe risk management is one of the best possible applications for AI, and here's why. The data is inherently structured (risks, scores, assessments, tasks), yet the process is deeply human, requiring broad organizational involvement. It also has to stay relevant over time, making it a living challenge that benefits enormously from intelligent support.
As Juha put it during the webinar:
"Doing a one-off risk analysis is quite easy these days. But that's altogether different from doing a true participatory, living risk management process — something that stays beneficial to you all the time in the future."
That's exactly what Inclus is built to be: not a one-time snapshot, but a permanent, evolving system for managing risk.
Introducing the Inclus AI assistant
Released just last month, the Inclus AI assistant integrates directly into the platform via a chat interface available in any process view. It's conversational, context-aware, and deeply connected to your live risk register.
During the webinar, Juha walked through five key use cases. Here's what we showed:
1. Instant risk overview & gap analysis
Ask "What are our top five risks right now?" and within moments, get a ranked list with scores. Follow up naturally: "Do we have sufficient tasks for each of these?" The AI then assesses your mitigation coverage, flags gaps, and proposes new tasks with step-by-step action plans and suggested budgets.
2. External report analysis
Upload a lengthy external report and ask the AI to compare it to your current risk register. In just over a minute, it identifies existing risks that need sharpening, flags entirely new risks worth adding, and suggests next steps.
3. Risk register cleanup & maintenance
Over time, risk registers balloon. Our AI can review the entire register and propose what to merge, archive, or revise, spotting overlaps across areas like cybersecurity, GDPR, and talent risks. All changes require your approval before anything is actioned. We've used this ourselves, and brought our own register down from over 80 risks to 30.
4. Real-time external event analysis
When something significant happens, for example the Strait of Hormuz closes to shipping, just ask the AI in two sentences what it means for your organization. Because it knows your full risk register and company context, it delivers an immediate situational analysis that would otherwise take hours.
5. AI-assisted task & KRI creation
Type two words into a new task, click "AI fill," and get a complete task name, description, and action plan, all tailored to your context. The same applies to Key Risk Indicators: the AI proposes relevant indicators for any risk, such as employee turnover rate or engagement scores for a "loss of key personnel" risk.
Security is not an afterthought
We work with sensitive risk data every day, and we take that responsibility seriously. Here's how security is built into our AI from the ground up:
Data stays in the EU, with no risk of sensitive information ending up on foreign servers
EU AI Act compliance
Human-in-the-loop approval — our AI proposes; you decide
No autonomous action: the assistant only responds to your requests, never initiates
We're also pleased to share that we recently completed our first AI security penetration test and received full marks.
What's coming next?
Around end of June, we'll be rolling out RAG (Retrieval Augmented Generation), which will enable semantic search across risks and tasks and allow the AI to read your strategic documents and factor them into its suggestions. Come autumn, the focus shifts to assessment and scoring support, meaning the AI will actively help you maintain and update your risk scores, not just read them.
Later this year and into early next year, we'll be introducing semantic data analysis and clustering, developed together with Aalto University. And further down the road, we're working on AI dashboard support, cross-process aggregation, and integrations with other AI systems, including the possibility of linking the Inclus AI assistant directly with tools like Microsoft Copilot.
The bottom line
Our AI assistant isn't about replacing human judgment in risk management. It's about making the whole process smarter, faster, and more impactful. As Mikaeli summarized, the three core benefits are:
Intelligence: better, evidence-based risk information embedded directly into your register
Automated workflows: less manual work, higher quality descriptions, easier process management
Impactfulness: stronger mitigation actions, linked to your strategy and objectives
In a world of accelerating complexity, we think every organization deserves a risk management process that keeps up. That's what we're building.
Want to see the Inclus AI assistant in action for your organization? Get in touch with us for a personalized demo.
And if you missed the webinar, check out the recording here.
Questions & Answers from the webinar
(Note that the answers follow the webinar transcript, hence the conversational style.)
Q: When analyzing the external report against your risks, how well does AI understand your company’s strategy / operations / capabilities, or is it only reviewing the report against the risk registry?
A: That's a very good question. At the moment, you can include sort of your own company context to the system. In this example, it's a sort of a one-paragraph text describing the company and how it works. But this is also something that will be coming in the Q2 update for Inclus. You can already, if you allow the access to the internet, also provide your website to the AI, or you can give your annual report to it and then see what risks it would be first looking for you based on that. And then it takes also in consideration what you have in your risk registry based on what you just inputted with your annual report, for example.
Q: Can the AI assist risk aggregation of single risks to a higher organisational level?
A: Yeah, that's also a good question. The current first version of the assistant is focused on one Inclus process at a time. So basically, of course, if you have a process where there are multiple levels, you can collect them together and analyze them together and it can sort of compile the stuff there. And the part where you can actually draw in different processes in Inclus and build a dashboard and have the AI analyze that part is something that we are actively developing now.
Already currently we can do that if you have multiple parallel risk processes, for example, different factories or business units are doing their own risk assessments and you want to aggregate or consolidate similar risks for the group level that you have, for example, different kind of cyber risk in the corporation here and there, we can create tags, for example, that would then you can ask the AI to automatically describe those into new tags or taxonomies, let's say.
Q: Besides the demonstrated tasks (e.g. clean-up), can you use the AI in a more ”generic LLM-way” for refining your thinking and prompting through a dialogue? And does it have a memory - e.g. the external report… can it e.g. use it when considering if something could be cleaned or modified?
A: Yeah, maybe if I answer from my part, we've tested the AI agent really to have a discussion in a more generic way. You can, you can have any kind of discussion with the AI agent pretty much. Of course, it's tool to support to your risk register. But yeah, we have been using it, for example, to refine what would be interesting questions for us, what kind of data sources we should be looking for in the internet if we want to find proper information about the risks and so on.
It doesn't have memory, so to say, that it would remember between chats currently. That's something we are considering right now. But we believe that the RAG system as we are building it will sort of create a more permanent organizational memory for you to use. So you can have the sort of core information available for your process and they are then always available and you can update them as needed. So that will be helping a lot on that side.
Q: Can the AI assist search the web and new constantly, 24/7, for potential and real risks concerning the corporation?
A: Currently, the assistant is, for information security purposes, not able to initiate anything, so it will only respond to your requests. Because one of the big security Confidential – Inclus Internal vectors here is that if the AI would be doing its own thing, it could, for example, eventually start sending out search queries that actually contain your private information. And we certainly do not want that. But this is a very good question in the sense that we could, of course, have this kind of an AI agent running behind that collects the information for you and gives you a new input. So it actually could not even accidentally leak your information outside, but it could bring new stuff in. So I feel like we got a good new, good feature idea out of this immediately.
Q: Hello, is it possible to interconnect this tool with Business Process Mapping applications to analyze the process steps mapped there to suggest risks, controls and remediation actions?
A: I think this relates to the integration box at the bottom here. So then those applications will enable their own interfaces for AI agents to converse with, and once we enable ours, I think it should be easily possible then to allow these connections and to be able to get the data to one direction or both directions.
Q: How do you use AI for identifacion and follow up of KRI?
A: I was thinking if I'm fast enough, I can show you quickly one example out of it. But the short answer is yes, you can. Yeah, so, so if I share one. One minute, just a quick, quick illustration about that. So here you can create sort of custom data fields of which one can be key risk indicators and one can be the available information of those on those key risk indicators. And it has been burdensome for people to first of all even think about the risk indicators because it's analytically challenging. what is indicating the change on disruptive innovation or whatever. So the AI can easily create you the key risk indicators. For example, loss of key personal, it's not here yet, so we can ask the AI what the key risk indicators would be.
Q: Could you share the prompts used during this demo?
A: Of course, here they are:
Demo 1: Risk overview
What are our top 5 risks based on the risk score?
Do we already have sufficient tasks for them? If not, please suggest more.
Demo 2: Document analysis
[Attaching a 70-page report: Critical raw materials for the energy transition] Read this report and see if our risk register should be adjusted based on its findings.
Can we add those specific new risks you identified?
Demo 3: Risk register maintenance
I'd like to do a maintenance passthrough on this risk register. Are there risks that should be reworked or removed?
Demo 4: External event
Following recent developments in US-Iran aggression in the Persian Gulf, the Strait of Hormuz will be closed for shipping for yet another month. How should we account for it?
Demo 5: Assisted task generation
AI autofill example: open risk called “Raw Material Availability”, write “Alternative channels” as the name. Have AI autofill the name, the description, and the data fields to complete the task.
Q: Can you use the AI to analyse your assessment results (including participant's comments) and propose topics for further discussion on senior management level?
A: That's on active development right now, so not in production, but I know that our AI engineer is right now working on this part. So it will be coming soon and will be available certainly during this summer or early autumn by the latest.
Q: Reports created, is it possible to align the design in compliance with the corporate marketing profile?
A: They can be customized. And if you would need a certain visual language as well, that can be customized partly. And if you want to get a sort of customized Inclus server, you can even do the complete UI makeover to make it look exactly like your own company.