Mindgard

Designing the interface between AI vulnerability data and the humans who have to act on it.

problem

Security teams adopting AI face a new class of vulnerabilities that don't map onto existing tooling or mental models. Findings from an assessment typically land as a flat list of technical results with no clear hierarchy and no obvious next step. For teams without deep AI security expertise triage stalls, remediation gets delayed, and risk compounds. The design challenge wasn't to simplify the data. It was to build a structure around it that let users arrive at a verdict confidently, regardless of their experience level.

solution

I redesigned the Findings experience at Mindgard to turn a flat list of vulnerability results into a navigable, decision-ready workflow. The work centred on three things: an object-oriented information architecture that reflected the relationships between Findings, Runs, and Probes; a consistent severity and status language that held meaning across every screen; and a layered progressive disclosure system that let users move from high-level triage down to raw probe data — without ever leaving the screen or losing their context.

Designing around objects, not screens

Before touching layout, I mapped the underlying data model. A Finding isn't just a result. It's a relationship between a Target, a Run, a set of Probes, and a severity judgement. Getting the IA right meant understanding those relationships first and designing the UI to reflect them rather than flatten them.

The approach was OOUX — designing objects rather than screens. Whether you arrive at a probe detail panel from Findings or from Runs, you see the same panel, the same structure, the same information. The system is coherent because the objects are coherent.

The list: making severity scannable

The Findings list is where triage happens. It has to communicate severity at a glance, before the user opens anything.

The severity language — diamond for High, triangle for Medium, circle for Low — is icon-first rather than colour-first. Shape carries the meaning independently, which holds up in dense lists and works without colour for accessibility. Users build the mental model once and it holds across every screen.

The detail: progressive disclosure across four layers

A security researcher needs raw probe requests and model responses. A CISO needs headline severity and affected target. A developer needs framework mappings and remediation guidance. Different users, different needs, same finding.

The solution was a layered panel system — four levels of depth in a single view, left list always visible, context always preserved. The alternative was a new page at each level, which would have been simpler to build. But Findings is comparative work. Breaking spatial context at every drill-down works directly against that.

The system: consistency across surfaces

The same probe detail panel appears whether you drill in from Findings or Runs. The severity system was a design primitive that propagated across every surface communicating risk. Users never have to relearn what a severity indicator means when they move between screens.

Zooming out: the execution timeline

Individual findings answer what happened. The execution timeline answers how is our AI system behaving over time.

It plots each run as a column of probe results — bar charts showing outcome distribution, findings on a timeline below. Across multiple runs, patterns emerge: which assessment types surface the most risk, where it's clustering, how the picture shifts. The macro view that makes the micro work in Findings interpretable.