How It Works · Ontologic™ · Proof of Engine

From threat actor to dollar figure.

Every risk platform claims to quantify exposure. Most produce a score. Ontologic™ produces a probability — mathematically derived, node by node, from the actual attack chain. Here is the math.

The chain in one sentence:
A threat actor uses a vulnerability to exploit a defensive control,
exposing the asset it was protecting — and Ontologic™ puts a dollar on it.

Ontologic™ · Bayesian Belief Network · Live Example

The engine doesn't guess. It calculates.

A Bayesian Belief Network propagates conditional probabilities forward through a causal chain. Each node updates based on its parent. The result at the asset node is not an estimate — it is the mathematically derived posterior probability of compromise, given everything the system knows. That posterior, multiplied by asset value, is your Annualized Loss Expectancy.

Ontologic™ Bayesian Belief Network diagram showing Cyber Threat XYB → CVE-3425 → MFA → Customer Database with conditional probability tables and ALE = $425,000

Ontologic™ BBN · Insider Threat Scenario · ALE = $425,000 on a $2.5M Asset

Step by step

The math, explained.

01
Threat Node
Cyber Threat XYB is active.

We start with a prior belief of 41% that Cyber Threat XYB is present in the environment. This is populated from threat intelligence feeds, sector peer data, and EPSS exploit prediction scores — not a guess.

Prior: P(Threat XYB) = 0.41
02
Vulnerability Node
CVE-3425 has a 74% chance of being exploited if the threat is present.

The Conditional Probability Table for CVE-3425 is sourced from CVSS vectors and EPSS data. Given the threat is present, there is a 74% chance it can exploit this vulnerability. Given it is absent, only 8%. Ontologic™ marginalizes across both states.

P(CVE | Threat=1) = 0.74 · P(CVE | Threat=0) = 0.08
Posterior P(CVE) = 0.74×0.41 + 0.08×0.59 = 0.350
03
Control Node
MFA is the control. The CVE has a 55% chance of bypassing it.

When the CVE is present, the probability that MFA is compromised rises to 55%. When the CVE is absent, baseline exposure from other attack paths is 10%. Ontologic™ propagates both possibilities forward. Note: this is an insider threat scenario — the System Admin has privileged access to MFA, which is why bypass probability is elevated.

P(MFA+ | CVE=1) = 0.55 · P(MFA+ | CVE=0) = 0.10
Posterior P(MFA compromised) = 0.55×0.35 + 0.10×0.65 = 0.258
04
Asset Node
The Customer Database faces a 17% posterior probability of compromise.

The final node marginalizes across all four combinations of MFA state and Threat state. This is the full Bayesian update — not just the worst case. The result is the true posterior probability that the asset is compromised given everything the model knows.

0.85 × 0.258 × 0.41 = 0.0899
0.30 × 0.258 × 0.59 = 0.0457
0.10 × 0.742 × 0.41 = 0.0304
0.01 × 0.742 × 0.59 = 0.0044
Posterior P(DB compromised) = 0.170
05
Financial Translation
A 17% probability on a $2.5M asset produces a $425,000 ALE.

Annualized Loss Expectancy is the expected annual financial exposure attributable to this specific threat chain. It is directly comparable to insurance premiums, capital reserves, and remediation ROI. It is the number a CFO can budget against — and an insurer can underwrite.

ALE = Asset Value × Posterior Probability
ALE = $2,500,000 × 0.17 = $425,000

Final Output · Ontologic™

Asset Value × Posterior Probability
$2,500,000 × 0.17
$425,000
Annualized Loss Expectancy

This is not a risk score. It is not red/yellow/green. It is the mathematically derived expected annual financial exposure from this specific threat chain — traceable back to every CPT value, every threat intelligence source, every control effectiveness measurement.

Cyber Threat XYB 0.41
CVE-3425 0.35
MFA Compromised 0.26
Customer DB 0.17
Asset Value $2.5M
Request a Briefing

CPT Calibration · Where the numbers come from

Every probability has a source.

The question every sophisticated buyer asks: how do you arrive at the CPT values? The answer is the same one actuaries have used for decades — and the same one that makes Ontologic™ more defensible than any questionnaire-based model.

01 · Threat Intelligence

CVE severity scores, CVSS vectors, and EPSS exploit prediction probabilities provide empirically grounded starting points for threat-to-vulnerability probabilities. When Ontologic™ says P(CVE-3425 | Threat present) = 0.74, that number has a traceable lineage to real exploit data.

02 · Control Effectiveness

NIST, CIS Controls, and insurance actuarial studies publish empirical data on how much specific controls reduce breach probability. MFA bypass rates, firewall efficacy, and patch velocity all have documented effectiveness distributions across attack types.

03 · Loss Databases

Verizon DBIR, IBM Cost of a Data Breach, and cyber insurance claims data populate asset-side CPT values and validate ALE outputs against real-world loss distributions. When Ontologic™ outputs $425K on a $2.5M database, that figure is sanity-checked against industry loss data.

04 · Expert Elicitation + Learning

For novel threat chains, structured expert elicitation — the same methodology used by actuaries and intelligence analysts — provides calibrated estimates with documented audit trails. Over time, observed outcomes across clients refine CPT values, building a proprietary data asset that compounds in accuracy with every engagement.

Why not FAIR? · Methodology comparison

Ontologic™ BBN vs. FAIR methodology.

FAIR is the incumbent standard. It is rigorous and well-documented. But it is a Monte Carlo simulation run on static expert estimates. Ontologic™ is a live inference engine that updates in real time from continuous evidence. The difference matters when the threat landscape changes overnight.

Dimension FAIR Ontologic™ BBN
Model type Monte Carlo simulation Bayesian Belief Network
Risk propagation Linear, manual chains Non-linear, conditional
Input source Expert interviews Live scanner + threat intel
Update frequency Quarterly / annual Real-time inference
Output Loss range estimate ALE, VaR & Premium Valuation
Audit trail Spreadsheet-based CPT-traceable per node
Audience outputs Single quantified view CISO, CFO, Board, Insurer — simultaneous

Questions & answers

What every sophisticated buyer asks.

What is a Bayesian Belief Network?

A BBN is a probabilistic graphical model that encodes the conditional relationships between nodes — threat actor, vulnerability, control, and asset. Each node carries a probability that updates based on the state of its parent nodes, propagating belief from threat all the way to financial impact with mathematical rigor. The result is a posterior probability, not a score.

How are the CPT values determined?

Conditional Probability Tables are populated from four traceable sources: public threat intel (CVE severity, CVSS, EPSS); control effectiveness research from NIST and CIS Controls; loss databases including Verizon DBIR and IBM Cost of a Data Breach; and structured expert elicitation for novel threat chains. Over time, observed client outcomes calibrate values further — building a proprietary data asset that compounds in accuracy.

Why is this better than a risk matrix?

Risk matrices assign color-coded severity buckets based on subjective likelihood and impact ratings. They do not propagate conditional dependencies — a change in one node does not automatically update downstream nodes. Ontologic™ models risk as non-linear and interconnected, as it actually behaves. The output is a posterior probability and a dollar figure, not a red/yellow/green cell that a board can ignore.

What is the ALE and why does it matter?

ALE = Asset Value × Posterior Probability of Compromise. This produces the expected annual financial exposure attributable to a specific threat chain — directly comparable to insurance premiums and capital reserve requirements. It is the number a CFO can budget against, a board can hold management accountable for, and an insurer can underwrite against, in a way that CVSS scores and heat maps never could.

Does this expose your IP?

No. What you see here is methodology — Bayesian Belief Networks, conditional probability tables, and ALE calculations are well-established public techniques. What is proprietary is the ontology Ontologic™ has built inside those techniques: how threats, vulnerabilities, controls, and assets are classified, related, and weighted at scale; the calibration methodology; and the CPT libraries accumulated across industries and asset classes.

Who are the four audiences?

CISOs receive technical risk chain detail and control effectiveness scores. CFOs receive ALE figures tied to business assets and revenue impact. Boards receive portfolio-level exposure summaries in plain language. Insurers receive structured risk data that maps directly to underwriting criteria and coverage gap analysis. One Ontologic™ engine. Four translations. Automatically, in real time.

AiOnTiqRisk · Powered by Ontologic™

Ready to put a number on your exposure?

Request a risk intelligence briefing and see how Ontologic™ applies this methodology to your organization's actual threat landscape, control posture, and asset values.

Request a Briefing Explore the engine →

Get in Touch

See the math applied to your organization.

Whether you're a CISO, CFO, board member, or insurer — let's walk through how Ontologic™ maps your specific threat environment to a financial exposure your stakeholders can act on.

Contact: info@aiontiqrisk.com

Responses within one business day.