ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review

aisecurity.llc

Responsible AI Principles

How we govern AI in our own operations · aisecurity.llc

As an AI security engineering firm, we help clients build and operate AI systems responsibly. These principles govern how we use AI in our own services, research, and delivery engagements. They are not aspirational statements — they are the standards we apply daily and against which we hold ourselves accountable. They do not constitute a certification claim.

01

Security first

AI systems we build, recommend, or operate must meet the security standards we apply to any software system. This means access controls, logging, prompt injection mitigations, adversarial input handling, and threat modeling for AI-specific attack surfaces.

02

Human accountability

Every consequential AI output has a human accountable for it. We do not deploy AI in fully autonomous decision-making loops for high-stakes determinations. Security findings, certifications, advisory conclusions, and published research require human review and sign-off.

03

Transparency about AI use

We disclose where AI has materially contributed to our research, analysis, or deliverables. We do not misrepresent AI-generated content as purely human-authored. We inform clients when AI assistance is used in their engagements.

04

Privacy by design

We apply data minimization before sending information to AI providers. We pseudonymize or generalize confidential or personal data where possible. We do not store sensitive data in AI prompts or use AI systems with inadequate data protection.

05

Abuse prevention

We do not use AI to generate attack tooling, malware, or offensive capabilities intended for unauthorized use. We maintain and enforce an AI acceptable use policy within our organization. We evaluate the abuse potential of AI features before deployment.

06

Accuracy and limitation acknowledgment

AI outputs — including from our own platform features — are subject to hallucination, factual errors, and outdated information. We are transparent about these limitations and do not overclaim AI capability in our research or advisory work.

07

Provider accountability

We evaluate AI model providers before adoption against security practices, data handling commitments, responsible AI policies, and track record. Our current primary provider is Anthropic; our agreements include appropriate data processing protections.

08

Risk assessment for AI features

Before deploying AI-assisted features in our Platform or client environments, we conduct a risk assessment covering: data exposure, output reliability, misuse potential, access control adequacy, and incident response readiness.

09

Continuous monitoring

We monitor AI-assisted systems for unexpected behavior, output drift, and security events. We maintain the ability to disable or roll back AI features quickly if issues arise.

How These Principles Apply

These principles apply across our operations:

  • Research and publications: AI is used to assist with literature review, synthesis, and drafting. Human analysts validate all findings and conclusions before publication.
  • Platform features: AI-assisted search, summarization, and lab scenario generation are built with access controls, logging, and the ability to audit AI decision paths.
  • Advisory and consulting: AI assists with analysis and documentation. Client-facing recommendations are reviewed by qualified security practitioners.
  • AIPSA assessments: Evidence review may be AI-assisted but assessment determinations require human judgment and sign-off.

AI Provider Evaluation

We evaluate AI model providers against the following criteria before adoption:

  • Published responsible AI policies and practices
  • Data processing commitments (no training on API inputs)
  • Security posture and certifications (SOC 2, etc.)
  • Abuse prevention and content safety mechanisms
  • Transparency about model capabilities and limitations
  • Response to security researchers and vulnerability disclosures

Our current primary provider, Anthropic, publishes its Responsible Development Policy and Usage Policy.

Known Limitations We Acknowledge

We do not claim our AI use is perfect. We acknowledge the following limitations:

  • LLM outputs can hallucinate — all security claims require human verification
  • AI models have training data cutoffs that may not reflect current threat intelligence
  • AI-assisted analysis may reflect biases present in training data
  • Prompt injection and jailbreak risks exist in AI-assisted features and are actively mitigated but not eliminated
  • AI governance frameworks and best practices are rapidly evolving — our practices will need to evolve with them

Related policies

AI Usage PolicyCustomer Data & Model TrainingSubprocessorsSecurity PracticesAI Governance Hub

Responsible AI Principles · aisecurity.llc · Effective May 19, 2026

← Back to AI Governance