NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Log inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
David Wolf

Senior Product Security Engineer — AI/ML Security

Secure AI-enabled products before buyers, attackers, or auditors find the gaps.

Secure AI-enabled products before buyers, attackers, or auditors find the gaps. I turn adversarial findings into controls, retests, and evidence buyers can trust — across RAG/agent abuse testing, evidence engineering, and enterprise product-security programs.

AI Security Workbench BuilderRAG/Agent Abuse TestingEvidence EngineeringEnterprise Product-Security Programs
Scope a MissionDavid's ProjectsRésuméLinkedIn
Independent consultant · W2 · 1099 · C2C options · qualified-opportunity checklist

Enterprise experience across

SplunkForescoutDevoCornerstoneUnumDisney

...and other enterprise and AI-native companies.

15+
Years
In AI, product security, AppSec & Enterprise
2 weeks
Typical time
From scoping to first deliverables
60+
Projects
Public-safe projects and portfolio work

Enterprise Experience

Product security, SIEM, AppSec, detection engineering, and AI-native systems.

What I Deliver

What you walk away with

AI Risk Findings

Documented model, agent, RAG, data-flow, and product-security risks.

Threat & Trust Map

Trust boundaries, abuse paths, AI components, data flows, and exposed surfaces.

Architecture Proof

Diagrams and notes your engineering, security, and buyer-review teams can use.

Control Recommendations

Prioritized controls mapped to findings, feasibility, ownership, and impact.

Buyer-Ready Proof

Security posture artifacts for enterprise review, RFPs, questionnaires, and trust discussions.

Remediation Backlog

Engineering-ready work items with severity, owner, acceptance criteria, and retest notes.

Find the correct qualifier for an intro call →

How I Help

What I can scope for your team

AI Product Security Assessment

2-4 WEEKS

Review AI features, RAG, agents, data flows, logging, tenancy, and customer-facing product surfaces.

Learn more →

AI Red Team & Adversarial Testing

3-6 WEEKS

Test prompt injection, RAG abuse, agent/tool misuse, jailbreaks, and unsafe workflow paths.

Learn more →

Agentic Workflow Security & Hardening

3-6 WEEKS

Lock down tool permissions, approval gates, human review, audit logs, and delegated actions.

Learn more →

Secure SDLC Sprint

3-6 WEEKS

Review SaaS architecture, APIs, authz, tenancy, admin surfaces, integrations, logging, and abuse paths.

Learn more →

AI Security Sales Enablement

2-4 WEEKS

Turn findings, controls, and proof into buyer-facing collateral for enterprise security review.

Learn more →

AI Security Maturity Benchmark

4-8 WEEKS

Build repeatable intake, triage, remediation tracking, governance proof, and executive reporting.

Learn more →

Selected proof

Selected projects from David Wolf's work

View all projects →
Agentic Browser Security Assessment

Confidential AI Automation Platform

Agentic Browser Security Assessment

A product-security assessment of browser trust boundaries, privileged pages, native bridges, script-injection persistence, credential surfaces, and native command dispatch.

Splunk Product Security Program Buildout

Splunk

Splunk Product Security Program Buildout

Building a scalable, evidence-driven product security function for a global enterprise software platform.

Cornerstone FedRAMP Moderate ATO Security Controls

Cornerstone OnDemand

Cornerstone FedRAMP Moderate ATO Security Controls

A control-architecture and evidence-readiness effort translating FedRAMP Moderate requirements into policy, standards, technical controls, operational procedures, and audit-ready proof.

Research & publications

Publications by David Wolf

All publications →

Mythos Report

AI Product Security in the Age of Mythos

17 Chapters

AI Security Engineering Handbook

AI Security Engineering Handbook

12 Chapters

AI Security Engineering Field Guide

AI Security Engineering Field Guide

14 Domains

Recent field notes

Recent AI security analysis by David Wolf

Public-safe editorial writing, technical analysis, and market-intelligence coverage.

All articles
The Future of AI Security Engineering: From AppSec to AgentSec to Autonomous SOCs
Map
David WolfMay 3, 2026

Secure Architecture & Design

The Future of AI Security Engineering: From AppSec to AgentSec to Autonomous SOCs

AI agent security

The AI Security Buyer’s Guide: How to Evaluate Vendors for LLM Firewalls, Guardrails, Evals, and Monitoring
Map
David WolfMay 1, 2026

Vendor Risk & Procurement

The AI Security Buyer’s Guide: How to Evaluate Vendors for LLM Firewalls, Guardrails, Evals, and Monitoring

AI security monitoring

Secrets Management for AI Apps: API Keys, Model Providers, Tool Credentials, and Delegated Access
Defend
David WolfApr 25, 2026

AI SDLC & Product Security

Secrets Management for AI Apps: API Keys, Model Providers, Tool Credentials, and Delegated Access

model supply chain

Notebook Security for ML and AI Teams: Jupyter, Colab, Databricks, and Hidden Execution Risk
Defend
David WolfApr 23, 2026

MLOps & Platform Security

Notebook Security for ML and AI Teams: Jupyter, Colab, Databricks, and Hidden Execution Risk

AI security engineering

Cloud Security for AI Workloads: GPUs, Secrets, Buckets, Model Endpoints, and Notebook Risk
Defend
David WolfApr 21, 2026

MLOps & Platform Security

Cloud Security for AI Workloads: GPUs, Secrets, Buckets, Model Endpoints, and Notebook Risk

model supply chain

AI Logging and Telemetry: What to Capture Without Creating a Privacy Disaster
Defend
David WolfApr 17, 2026

Incident Response & Observability

AI Logging and Telemetry: What to Capture Without Creating a Privacy Disaster

AI security monitoring

Drag or use arrows