# AI Security Discovery / Intake Pack
Executive Summary
This intake pack turns the first AI security conversation into a real scoping exercise. It identifies the system, the buyer trigger, the risky features, the stakeholders, the evidence already available, the evidence still missing, and the engagement path that actually fits.
The point is not to ask a long questionnaire. The point is to avoid selling vague AI security advice when the buyer needs a concrete output: a scorecard, a map, an inventory, a test plan, an evidence pack, or a remediation roadmap.
Discovery decision
Use discovery to select the right first artifact. If the buyer cannot name the AI system, data classes, owner, model provider, retrieval sources, or tool access, start with inventory and maturity before red-team work.
Discovery Snapshot
Discovery should expose the shape of the work
Intake structure
AI Security Discovery Intake Pack
The intake pack organizes business trigger, system scope, architecture signals, evidence state, stakeholders, and risk hypotheses into a reusable discovery model.
Discovery sections
Discovery sections
| Section | Purpose | What it reveals |
|---|---|---|
| Business driver | Understand why the buyer is asking now | decision urgency and commercial trigger |
| System scope | Identify AI-enabled systems and features | product surface and deployment state |
| Architecture signals | Identify providers, RAG, tools, approvals, and traces | likely risk boundaries |
| Evidence state | Determine what proof exists | buyer readiness and assessment depth |
| Stakeholders | Identify accountable owners | execution feasibility |
| Risk hypotheses | Frame likely assessment focus | first artifact selection |
Qualification paths
Engagement fit paths
| Path | Fit signal | Likely first outputs |
|---|---|---|
| Fast assessment | buyer needs maturity snapshot | scorecard, discovery pack, remediation roadmap |
| Product security deep dive | AI product has RAG, model routing, tools, or customer outputs | trust boundary map, architecture review, risk register |
| Agentic hardening | AI can use tools or trigger workflow actions | tool inventory, permission matrix, release gate |
| Enterprise review pack | buyer faces procurement or questionnaire pressure | evidence pack, answer bank, provider statement |
High-signal discovery questions
Questions that matter early
Early risk signals
Early Risk Signals
Enterprise review changes the work
If procurement or customer security review is active, the deliverable cannot be just a technical assessment. The buyer needs an evidence pack and controlled answers.
RAG changes the data access problem
If retrieval over customer or sensitive data is in scope, discovery should quickly identify source authorization, indexing rules, chunk metadata, reranking, and prompt assembly controls.
Tools change the authority problem
If the AI system can draft, queue, approve, execute, or trigger workflow actions, the first question is not “is the chatbot safe?” It is “what authority does the agent have?”
Unowned AI features create governance debt
If multiple AI features exist without clear owners, risk tiering, evidence, or release gates, the engagement should start with inventory and operating model, not just testing.
Minimum evidence request
Minimum evidence to request before assessment
Proposal decision
If the buyer can provide system, owner, architecture, and evidence context, propose a focused assessment. If not, propose discovery plus inventory first.
Recommended next artifacts
Related artifact: AI Security Maturity Scorecard
Use the scorecard when the buyer needs a fast posture snapshot and prioritization.
Related artifact: AI System Inventory
Use the inventory when the buyer cannot clearly name the AI systems, owners, data classes, model providers, retrieval sources, or tools.
Related artifact: AI Trust Boundary Map
Use the trust boundary map when architecture, RAG, model provider, or tool boundaries drive risk.