Site Map

AI Security Engineering for adversarial terrain.

aisecurity.llc

Workbench

1 page

SecEng instruments and delivery tools

Tool-backed delivery system for AI security assessments, adversarial testing, hardening, and evidence packaging.

SecEng Workbench

/instruments

Services

102 pages

Map, Attack, Defend, and Evidence

Test realistic AI abuse paths across prompts, retrieval, tools, agents, tenants, and model behavior.

Attack

/attack

Defend

Turn AI security findings into controls, guardrails, evals, approval gates, telemetry, and release criteria.

/defend

Evidence

Package AI security work into buyer-ready evidence, governance artifacts, claim-readiness labels, and control mappings.

/evidence

Map

Identify AI systems, trust boundaries, workflows, vendors, data flows, agents, tools, and launch risks.

/map

Services

Expert-led AI security services organized around Map, Attack, Defend, and Evidence.

/services

Agentic Workflow Abuse Review

An adversarial review of AI agents, tools, automations, permissions, approvals, workflows, rollback paths, and action boundaries. It tests the action layer: what the AI can do, who approved it, what it can touch, and how badly it can fail.

ai securityserviceagentic-workflow-abuse-review

/services/agentic-workflow-abuse-review

Agentic Workflow Security & Hardening

A hardening engagement for AI agents and workflows: permission design, tool policies, approval gates, scoped credentials, logging, rollback, exception handling, and production guardrails.

ai securityserviceagentic-workflow-security-hardening

/services/agentic-workflow-security-hardening

AI Governance & Security Program Build

A program-building engagement that turns AI security from scattered policy into operating model, ownership, controls, evidence, workflows, and governance cadence.

ai securityserviceai-governance-security-program-build

/services/ai-governance-security-program-build

AI Guardrails & Evals Review

A review and improvement plan for guardrails, evals, refusal behavior, fallbacks, test coverage, monitoring, regression cases, and release criteria.

ai securityserviceai-guardrails-evals-review

/services/ai-guardrails-evals-review

AI Product Security Assessment

A 2-4 week assessment of an AI-enabled product, including architecture, data flows, trust boundaries, model and provider dependencies, RAG surfaces, tenant isolation, authorization paths, data exposure, and product-security gaps.

ai securityserviceai-product-security-assessment

/services/ai-product-security-assessment

AI Red Team & Adversarial Testing

A focused adversarial engagement testing prompt injection, indirect instruction attacks, RAG exposure, tool abuse, tenant leakage, policy bypasses, unsafe autonomy, and model misuse paths.

ai securityserviceai-red-team-adversarial-testing

/services/ai-red-team-adversarial-testing

AI Security Maturity Benchmark

A fast diagnostic of product, engineering, governance, evidence, and AI-security maturity. It gives leaders a lower-friction first artifact and a prioritized path into deeper assessment, red-team, hardening, sales enablement, or operating-model work.

ai securityserviceai-security-maturity-benchmark

/services/ai-security-maturity-benchmark

AI Security Sales Enablement

A workshop-first evidence sprint for AI-enabled products, designed to help sales, SE, product, legal, and security teams answer enterprise AI-security questions without improvisation.

ai securityserviceai-security-sales-enablement

/services/ai-security-sales-enablement

Agentic Workflow Abuse Review — Discovery

Consulting discovery and intake for agentic workflow abuse review.

consultingdiscoveryagentic-workflow-abuse-reviewai security

/consulting/discovery/agentic-workflow-abuse-review

Agentic Workflow Security Hardening — Discovery

Consulting discovery and intake for agentic workflow security hardening.

consultingdiscoveryagentic-workflow-security-hardeningai security

/consulting/discovery/agentic-workflow-security-hardening

Ai Governance Security Program Build — Discovery

Consulting discovery and intake for ai governance security program build.

consultingdiscoveryai-governance-security-program-buildai security

/consulting/discovery/ai-governance-security-program-build

Ai Guardrails Evals Review — Discovery

Consulting discovery and intake for ai guardrails evals review.

consultingdiscoveryai-guardrails-evals-reviewai security

/consulting/discovery/ai-guardrails-evals-review

Ai Product Security Assessment — Discovery

Consulting discovery and intake for ai product security assessment.

consultingdiscoveryai-product-security-assessmentai security

/consulting/discovery/ai-product-security-assessment

+ 84 more in this section — all indexed in /sitemap.xml

Solutions

10 pages

End-to-end AI security program briefs

Pain-led routes for AI code risk, shadow AI, SDLC gaps, deal blockers, agent blast radius, RAG leakage, and governance buildouts.

Solutions

/solutions

Agent Blast Radius Is Unknown

Agents can read, write, browse, call tools, trigger workflows, and move data.

Agentic Workflow Security & HardeningCTOCISO

/solutions/agent-blast-radius-is-unknown

AI Bugs Hide in New Paths

Traditional scanners miss prompt injection, unsafe output handling, retrieval abuse, model misuse, and agent tool paths.

AI Red Team & Adversarial TestingProduct SecurityRed Team

/solutions/ai-bugs-hide-in-new-paths

AI Code Risk Is Spreading

Developers are generating code faster than security can review it.

AI Product Security AssessmentCISOProduct Security

/solutions/ai-code-risk-is-spreading

AI Sales Needs Proof

Sales engineers need sharper AI security language, evidence, and objection handling.

AI Security Sales EnablementSales EngineeringCustomer Success

/solutions/ai-sales-needs-proof

AI SDLC Is Missing

Normal AppSec does not cover prompts, RAG, agents, evals, model behavior, or AI release gates.

AI Governance & Security Program BuildCISOCTO

/solutions/ai-sdlc-is-missing

AI Security Roles Are Undefined

Teams know they need AI security, but they cannot define the work, roles, skills, or hiring profile.

AI Governance & Security Program BuildCISOCTO

/solutions/ai-security-roles-are-undefined

Enterprise Deal Is Blocked

A buyer, procurement team, or security reviewer is asking AI security questions the team cannot answer cleanly.

AI Security Sales EnablementSales EngineeringCustomer Trust

/solutions/enterprise-deal-is-blocked

RAG Access Can Leak

Retrieval can expose the wrong chunks, wrong tenants, poisoned context, stale sources, or sensitive data.

AI Product Security AssessmentProduct SecurityAppSec

/solutions/rag-access-can-leak

Shadow AI Has No Owner

AI tools, extensions, copilots, CLIs, and workflows are spreading without visibility.

AI Security Maturity BenchmarkCISOSecurity Program Lead

/solutions/shadow-ai-has-no-owner

Academy

286 pages

Courses, labs, journal, certification

AI Product Management for Secure AI Features

A role-based enterprise course for product managers, PMO leaders, technical program managers, founders, and AI product leads who need to turn AI risk into requirements, acceptance criteria, release gates, and buyer-ready evidence.

/academy/courses/ai-product-management-for-secure-ai-features

AI Red Teaming for Product Teams

A defensive enterprise course for QA, DevOps, SecOps, product security, and AI platform teams that need repeatable AI abuse-case testing, evidence capture, severity scoring, and remediation workflows.

/academy/courses/ai-red-teaming-for-product-teams

AI Security for Sales Engineers

A role-based enterprise course for sales engineers, solutions consultants, account executives, founders, customer success teams, and product marketers who need to answer AI security questions safely, clearly, and credibly.

/academy/courses/ai-security-for-sales-engineers

Hiring AI-Savvy Talent Without Unicorn Hunting

A practical course for recruiters, hiring managers, and talent leaders who need to define AI-era roles, separate real must-haves from team capability gaps, build sharper scorecards, and hire against evidence instead of Frankenstein reqs.

/academy/courses/hiring-ai-savvy-talent-without-unicorn-hunting

Model Gateways and Secure AI Platform Engineering

A technical enterprise course for platform, DevOps, SRE, cloud security, AI infrastructure, and security architecture teams building model gateways, provider routing, policy enforcement, telemetry, RAG boundaries, and agent execution controls.

/academy/courses/model-gateways-and-secure-ai-platform-engineering

Secure Coding with GenAI

A hands-on enterprise course for developers, AppSec teams, and platform engineers learning how to use AI coding tools safely through secure prompts, shared components, model gateways, review rubrics, tests, CI/CD gates, and governance-ready evidence.

/academy/courses/secure-coding-with-genai

AI Security Engineer — Career Dossier

Secures AI-enabled applications, RAG systems, agents, model supply chains, eval pipelines, and governance evidence loops.

AI Securitycross cuttingai securitycareer

/academy/reference/career-explorer/roles/ai-security-engineer

'Unleashing Potential and Passion: The Impact of Aligned Work Interests'

Ever wondered why some people seem effortlessly drawn towards their work, invigorated by their day-to-day tasks, while others struggle to...

/academy/journal/unleashing-potential-and-passion-the-impact-of-aligned-work-interests

'Unleashing Sales Potential: Tailored Workshops for Sales Teams'

By incorporating scientific research and advanced technologies, tailored workshops represent the future of sales team development.

/academy/journal/unleashing-sales-potential-tailored-workshops-for-sales-teams

'Values-Driven Culture: The Interplay of Personal and Enterprise Values'

In an ever-evolving world, an organization's ability to scale and adapt hinges on the alignment of personal values within its teams....

/academy/journal/values-driven-culture-the-interplay-of-personal-and-enterprise-values

'Worker Engagement: The 8.8 Trillion-Dollar Problem'

The High Cost of Low Engagement Welcome to our exploration of one of the most pressing issues in the contemporary workspace: worker...

/academy/journal/worker-engagement-the-88-trillion-dollar-problem

10 Benefits of Engaging in Meaningful Work

Meaningful work is a critical driver of professional longevity and psychological well-being. This article outlines the systemic benefits of aligning professional labor with core purpose and AI-security-driven values.

/academy/journal/10-benefits-of-having-meaningful-work

10 Reasons Cybersecurity Recruiting Is Challenging

Cybersecurity recruiting is complex due to misaligned role definitions and evolving skill requirements. This article analyzes common recruitment hurdles through an AI Security Engineering lens.

/academy/journal/10-reasons-cyber-security-recruiting-is-so-hard

AI Application Security Review Checklist: 100 Questions Before Production Launch

AI security reviews should use a structured checklist covering governance, data, prompts, RAG, tools, agents, providers, evals, telemetry, and claims before launch.

/academy/journal/ai-application-security-review-checklist-100-questions

AI Audit Evidence: What Logs, Tests, Policies, and Approvals You Need to Prove Governance Works

AI governance requires evidence artifacts across inventory, risk, data, providers, prompts, evals, red-teaming, approvals, and logs. Evidence should be built into AI workflows, not assembled after a crisis.

/academy/journal/ai-audit-evidence-logs-tests-policies-approvals-governance-works

AI Data Governance for Security Engineers: Classifying Prompts, Outputs, Embeddings, and Training Data

AI data governance must classify prompts, outputs, embeddings, and training data. Security engineers need rules for provider use, retention, access, and deletion.

/academy/journal/ai-data-governance-prompts-outputs-embeddings-training-data

AI Evals as Security Tests: Building Regression Suites for Prompt Injection, Leakage, and Unsafe Actions

Security evals should test prompt injection, indirect injection, data leakage, RAG access, unsafe output, excessive agency, over-reliance, and cost abuse. These should be repeatable regression suites in CI/CD and governance evidence.

/academy/journal/ai-evals-as-security-tests-regression-suites

AI Incident Response: Playbooks for Prompt Injection, Model Abuse, Data Leakage, and Rogue Agents

Most incident teams already know how to isolate systems and preserve logs. AI changes the shape of the evidence. The response process must include prompts, retrieval context, tool actions, and model versions.

/academy/journal/ai-incident-response-playbooks

+ 268 more in this section — all indexed in /sitemap.xml

Labs

12 pages

Hands-on adversarial tools and demos

Hands-on AI security labs, attack ranges, demos, tools, and exercises.

Labs

/labs

Agent Analyzer

/labs/agent-analyzerapp/(public)/labs/agent-analyzer/page.tsx

Ai Control Crosswalk

/labs/ai-control-crosswalkapp/(public)/labs/ai-control-crosswalk/page.tsx

Atlassian Threat Canvas

/labs/atlassian-threat-canvasapp/(public)/labs/atlassian-threat-canvas/page.tsx

Injection Harness

/labs/injection-harnessapp/(public)/labs/injection-harness/page.tsx

Job Navigator

/labs/job-navigatorapp/(public)/labs/job-navigator/page.tsx

Llm Attack Range

/labs/llm-attack-rangeapp/(public)/labs/llm-attack-range/page.tsx

Nist Nice

/labs/nist-niceapp/(public)/labs/nist-nice/page.tsx

Output Safety

/labs/output-safetyapp/(public)/labs/output-safety/page.tsx

Prompt Reviewer

/labs/prompt-reviewerapp/(public)/labs/prompt-reviewer/page.tsx

Rag Analyzer

/labs/rag-analyzerapp/(public)/labs/rag-analyzer/page.tsx

Trust Scanner

/labs/trust-scannerapp/(public)/labs/trust-scanner/page.tsx

Research

247 pages

Briefs, tools, pains, failure modes, personas

AI security engineering research, reports, benchmarks, and field intelligence.

Research

/academy/research

The State of AI Security Engineering 2026

Research report, field guide, and practitioner handbook for 2026.

ai securityreport2026engineering

/report/2026

Vendor Benchmarks

Planned benchmark routes for secure code generation, prompt injection, RAG leakage, agent abuse, guardrails, code review, artifact triage, and model gateway policy.

/research/benchmarks

Agent Tool Abuse Benchmark | AI Security LLC

Planned benchmark for agent tool misuse, excessive agency, approval bypass, unsafe chaining, and tool policy enforcement.

/research/benchmarks/agent-tool-abuse

AI Artifact & Binary Triage Benchmark | AI Security LLC

Active benchmark for AI-assisted triage of binaries, browser extensions, CLI tools, configs, manifests, and packaged agents.

/research/benchmarks/artifact-binary-triage

AI Code Review Quality Benchmark | AI Security LLC

Active benchmark for evaluating LLM vulnerability detection, severity accuracy, exploit reasoning, and secure fix quality.

/research/benchmarks/ai-code-review-quality

Guardrail Robustness Benchmark | AI Security LLC

Planned benchmark for guardrail bypass, false refusals, overblocking, policy consistency, latency, and cost impact.

/research/benchmarks/guardrail-robustness

Model Gateway Policy Enforcement Benchmark | AI Security LLC

Planned benchmark for model gateway routing, redaction, logging, policy enforcement, approval flows, tenant boundaries, and audit completeness.

/research/benchmarks/model-gateway-policy

Prompt Injection Resistance Benchmark | AI Security LLC

Planned benchmark for direct and indirect prompt injection resistance across models, agents, RAG systems, guardrails, and gateways.

/research/benchmarks/prompt-injection-resistance

RAG Leakage & Retrieval Boundary Benchmark | AI Security LLC

Planned benchmark for RAG leakage, tenant isolation, poisoned context, sensitive document exposure, and citation integrity.

/research/benchmarks/rag-leakage-boundary

Secure Code Generation Benchmark | AI Security LLC

Active benchmark for comparing how safely LLMs generate code under realistic developer prompts.

/research/benchmarks/secure-code-generation

Agentic Anarchy

Agent security is delegated action security; chatbot framing is insufficient.

Delegated action riskAI security engineersProduct security leadersCISOs

/findings/agentic-anarchy

Boardroom-to-Backlog Gap

Executive AI risk narratives often fail to translate into named controls, owners, and evidence artifacts.

Execution translation failureCISOsSecurity engineering leadersBoards

/findings/boardroom-to-backlog-gap

Entry-Level Extinction

AI Security Engineering is being invented at the top of the org chart. The market is hiring senior-only into an unproven discipline, with almost no junior pathways.

Talent supply crisisCISOsHiring managersTalent leaders

/findings/entry-level-extinction

Model Supply Chain Blind Spot

Model artifacts, provenance, and deployment gates remain under-specified in many role definitions.

Lifecycle control deficitML securityPlatform leadersCISOs

/findings/model-supply-chain-blind-spot

Skill Washing

AI-labeled security titles often outpace AI-specific control, testing, and evidence language.

Title/substance mismatchRecruitersHiring managersCISOs

/findings/skill-washing

Skills Validation Gap

The market asks for AI security engineering skills before it has standardized practical evaluation pathways.

Assessment maturity lagHiring managersRecruitersTraining leaders

/findings/skills-validation-gap

The Adjacent Reservoir

Adjacent engineers — platform, DevOps, ML engineers without security background — represent the most realistic near-term supply of AI security talent. But hiring filters are calibrated to 'security professionals who've added AI,' not 'AI professionals who've added security.' Survey data shows adjacent engineers have moderate confidence in AI security but face specific, navigable barriers: vocabulary gaps and credential expectations rather than capability gaps. The market is filtering out its most viable near-term talent supply.

Untapped talent supplyHiring managersCISOsTraining leaders

/findings/adjacent-reservoir

+ 229 more in this section — all indexed in /sitemap.xml

People

181 pages

Consultants, portfolio, and profiles

Agentic Browser Security Assessment

Conducted a deep product-security assessment of browser trust boundaries across native and agentic browser surfaces, including a privacy-focused Windows desktop browser built on WebView2 and .NET. The work covered privileged internal page handling, native bridge exposure, host-object registration, origin gating, script-injection persistence, credential-surface protection, and native command dispatch — and translated those findings into a reusable defensive framework for AI-enabled automation products.

assessment

/portfolio/agentic-browser-security-assessment

AI Governance Controls with Garak, NeMo Guardrails, Presidio & Promptfoo

Designed a practical AI governance control layer using Garak, NeMo Guardrails, Microsoft Presidio, Promptfoo, agentic identities, permission scoping, evaluation gates, and evidence-generation workflows to support ISO 42001, NIST AI RMF, and AIMS-style control objectives for agentic AI systems.

product

/portfolio/ai-governance-controls-garak-nemo-presidio-promptfoo

AI Product Security Control Plane

Framed AI product security as a product-control problem and translated AI risk categories into evidence, backlog, and governance language that product and engineering teams can actually use.

/portfolio/ai-product-security-control-plane

Alex Karoulias

Alex is a CS student at Athens Technical University, Class of 2027. He is deeply focused on the intersection of backend scalability and adversarial security. Hi

/consultants/alex-karoulias

Alon Braun

Alon Braun is the strategy and operating-model counterpart behind the project. His background combines MAMRAM and IDF technical training, a foundation in softwa

/consultants/alon-braun

Caya Forex PCI DSS Level 3 Compliance

Delivered a PCI DSS Level 3 compliance engagement for Caya, a forex trading and payment processing platform. Work covered scoping, cardholder data environment (CDE) analysis, gap assessment against the PCI DSS 1.x/2.0 requirements, remediation planning, and compliance program buildout to prepare the platform for formal Level 3 validation.

/portfolio/caya-forex-pci-dss-level-3-compliance

Cendant / Orbitz Affiliate Growth, ML Itinerary Generation & GDS Cleanup

Supported affiliate-program growth and technical marketing by developing ML-style methods for generating high-value niche multileg flight itineraries, and contributed to geographic waypoint, destination inventory, and GDS cleanup work to improve the structure and accuracy of location-linked travel inventory used across search, routing, affiliate, and booking workflows.

fte

/portfolio/cendant-orbitz-affiliate-ml-multileg-itinerary-growth

Cogstate Cognitive Measurement Delivery for the Australian Defence Force

Contributed to technology delivery in a Cogstate engagement on behalf of the Australian Defence Force, where cognitive-assessment and regulated health-data workflows required careful attention to privacy, data integrity, operational reliability, customer trust, workflow evidence, and controlled execution.

/portfolio/cogstate-regulated-health-data-product-delivery

Cornerstone FedRAMP Moderate ATO Security Controls

Supported Cornerstone's FedRAMP Moderate authorization effort by helping turn formal control requirements into security policies, standards, guidelines, technical-control architecture, ownership models, procedures, and evidence that could support assessment, authorization, customer trust, and continuous security operations.

fte

/portfolio/cornerstone-fedramp-moderate-ato-security-controls

Devo Security Research & Conference Program

Developed and contributed to Devo security research that converted customer deployment analysis, SIEM maturity patterns, detection taxonomy work, cloud-native security findings, and architecture innovation into conference-grade research accepted at major industry venues including RSA, Infosecurity Europe, and CloudNativeSecurityCon.

/portfolio/devo-security-research-conference-program

Devo SIEM Reference Architecture, Taxonomy & Detection Validation

Led and contributed to Devo architecture innovation work focused on SIEM reference architectures, detection taxonomy, Exchange-content validation, enterprise and MSSP deployment analysis, cloud-native detection strategy, migration guidance, and SOC maturity research. The work connected real-world customer deployments to reusable architecture patterns, detection-engineering guidance, and public research accepted at major security conferences.

/portfolio/devo-siem-reference-architecture-taxonomy-validation

Disney IAM SIEM Alert Debugging & Executive Dashboard

Delivered Splunk-focused IAM and SIEM work for Disney, debugging identity and access-control alerts, building a custom Splunk app, and creating executive dashboards across access-control and identity solutions spanning Disney campuses and offices.

/portfolio/disney-iam-siem-alert-debugging-splunk-dashboard

Dorina Miroyannis

Experienced maritime lawyer and business leader with over a decade of expertise in claims management, maritime law, insurance, and shipping operations. Dorina i

/consultants/dorina-miroyannis

Filippos Kritsalis

Filippos is a mathematically trained software engineer (University of Nottingham) and current backend engineer at Wikifarmer. As the Engineering Intern Lead, he

/consultants/filippos-kritsalis

Forescout Banking on Security Financial Services Research

Contributed to Forescout's Banking on Security financial-services research, using Device Cloud analytics and Elastic/Kibana-style workflows to help examine financial-services networks, device visibility, POS adjacency, IoT and OT exposure, flat network risk, Windows lifecycle risk, and segmentation maturity.

/portfolio/forescout-banking-on-security-financial-services-research

Forescout Connected Medical Device Security Report

Contributed to Forescout connected medical-device research using Device Cloud analytics to examine segmentation failures, insecure protocols, default credentials, unsupported Windows exposure, and TCP/IP vulnerability impact across healthcare delivery environments. Contributed to Forescout's Healthcare Under the Microscope research, using Forescout Device Cloud analytics to help examine healthcare deployments, connected-device diversity, legacy operating-system exposure, segmentation concerns, and the operational reality of securing medical and non-medical devices across clinical networks.

/portfolio/forescout-connected-medical-device-security-report

Forescout Device Cloud Elastic/Kibana Analytics Platform

Built and executed Elastic/Kibana-style analytics workflows over Forescout Device Cloud data to support security research, sector-specific report findings, connected-device risk analysis, rapid response investigations, and public market education across healthcare, connected medical devices, financial services, OT, IoT, and the Enterprise of Things. Contributed to a Forescout Device Cloud research program spanning healthcare, connected medical devices, financial services, operational technology, and the Enterprise of Things, using large-scale connected-device telemetry and Elastic/Kibana-style analysis to support public research reports, market education, customer conversations, and executive security narratives.

/portfolio/forescout-device-cloud-elastic-kibana-analytics-platform

Forescout DTEN / WIRED-Featured Offensive Security Research

Contributed to offensive security research involving DTEN and connected-device risk, helping expose how enterprise collaboration and IoT-style devices can create security exposure when device behavior, network placement, management surfaces, and product assumptions are not evaluated like real attack surfaces.

/portfolio/forescout-dten-wired-offensive-security-research

+ 163 more in this section — all indexed in /sitemap.xml

Marketplace

46 pages

Pricing, packages, and commercial catalog

AWS-compatible packaging schemas and future AWS Marketplace roadmap. Current buying path is direct SOW scoping.

AWS-Compatible Roadmap

/marketplace/aws

Marketplace

The commercial catalog for AI security: assessments, SecEng products, packaged solutions, Academy training, integrations, and enterprise private offers.

/marketplace

Vendor Benchmarking

Private benchmark scoping for vendors, products, and model families.

/marketplace/vendor-benchmarking

Request a Private Offer

Request an enterprise private offer that bundles AI security products, services, training, and evidence work into one scoped engagement.

/marketplace/private-offers

AIPSA Academy Access — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for AIPSA Academy Access.

/marketplace/aws/academy-access

AIPSA Certification Voucher — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for AIPSA Certification Voucher.

/marketplace/aws/aipsa-certification-voucher

AIPSA Credential Renewal — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for AIPSA Credential Renewal.

/marketplace/aws/aipsa-credential-renewal

AIPSA SCORM Training Package — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for AIPSA SCORM Training Package.

/marketplace/aws/aipsa-scorm-training

Attack Domain Bundle — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for Attack Domain Bundle.

/marketplace/aws/academy-bundle-attack

Complete Academy Bundle — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for Complete Academy Bundle.

/marketplace/aws/academy-bundle-complete

Defend Domain Bundle — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for Defend Domain Bundle.

/marketplace/aws/academy-bundle-defend

Evidence Domain Bundle — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for Evidence Domain Bundle.

/marketplace/aws/academy-bundle-evidence

Individual Lab Access — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for Individual Lab Access.

/marketplace/aws/academy-lab-access

Map Domain Bundle — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for Map Domain Bundle.

/marketplace/aws/academy-bundle-map

SecEng Adversarial Range — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for SecEng Adversarial Range.

awsmarketplaceattack_range

/marketplace/aws/seceng-ai-attack-range

SecEng AI Security Program Jumpstart — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for SecEng AI Security Program Jumpstart.

awsmarketplaceprofessional_services

/marketplace/aws/seceng-program-jumpstart

SecEng Enterprise AI Security Buildout — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for SecEng Enterprise AI Security Buildout.

awsmarketplaceenterprise_buildout

/marketplace/aws/seceng-enterprise-buildout

SecEng Evidence Analytics — AWS-Compatible Roadmap

AWS-compatible marketplace packaging route for SecEng Evidence Analytics.

/marketplace/aws/seceng-analytics-pack

+ 28 more in this section — all indexed in /sitemap.xml

Integrations

1 page

Platform and toolchain integrations

Burp Suite, OWASP ZAP, Metasploit, Slack, Teams, Salesforce, Zendesk, ServiceNow, and 33 more platforms.

Integrations

/defend/integrations

Products

16 pages

SecEng platform products

AI security program, trust evidence, and remediation workbench

SecEng Workbench

/products/seceng-workbench

SecEng Trust Scanner

AI and security claim scanner for customer-facing trust language

/products/seceng-trust-scanner

SecEng Adversarial Range

Deployable AI security lab for RAG, agents, telemetry, and evidence validation

/products/seceng-ai-attack-range

SecEng AI Security Program Jumpstart

Expert-led AI security program launch via direct SOW

/products/seceng-program-jumpstart

AIPSA Academy Access

Unlimited access to all 14 AIPSA Academy labs, reference desk, study cards, and exam prep materials

/products/academy-access

AIPSA Certification Voucher

Single-use proctored exam voucher for AIPSA Associate, Practitioner, Advanced, or Distinguished

/products/aipsa-certification-voucher

AIPSA Credential Renewal

Renew an expiring or expired AIPSA credential at any level for another 2 years

/products/aipsa-credential-renewal

AIPSA SCORM Training Package

LMS-compatible AI product security training — 16 hands-on labs, SCORM 2004, xAPI, and LTI 1.3

/products/aipsa-scorm-training

Attack Domain Bundle

All 5 Attack domain labs — Supply Chain, Memory Poisoning, Multimodal Injection, plus scanner labs

/products/academy-bundle-attack

Complete Academy Bundle

All 14 AIPSA Academy labs across Map, Attack, Defend, and Evidence

/products/academy-bundle-complete

Defend Domain Bundle

All 3 Defend domain labs — Output Safety, Agent Permissions, RAG Security

/products/academy-bundle-defend

Evidence Domain Bundle

All 4 Evidence domain runner labs — Governance, Logging & Forensics, Incident Response, RAG Data Leakage

/products/academy-bundle-evidence

Individual Lab Access

Single AIPSA Academy runner lab — scored completion, evidence export, and certificate

/products/academy-lab-access

Map Domain Bundle

All 2 Map domain runner labs — AI Inventory and AI Threat Modeling

/products/academy-bundle-map

SecEng Enterprise AI Security Buildout

Full-scope enterprise AI security program design, implementation, and enablement

/products/seceng-enterprise-buildout

SecEng Evidence Analytics

Evidence debt, high-risk claim, and AI security analytics for SIEM and BI platforms

/products/seceng-analytics-pack

Legal & Trust

38 pages

Terms, privacy, contracts, and compliance

/legal/acceptable-useapp/(public)/legal/acceptable-use/page.tsx

Acceptable Use

AI Red Team Rules of Engagement

Rules of engagement for authorized AI red-team validation, including targets, test windows, allowed techniques, prohibited actions, safety controls, evidence handling, escalation paths, and stop conditions.

contractlegalai

/trust-center/contracts/ai-red-team-rules-of-engagement

Ai Usage Policy

/legal/ai-usage-policyapp/(public)/legal/ai-usage-policy/page.tsx

Assessment Terms Addendum

Scope, authorization, evidence use, testing boundaries, safe harbor, retesting, reporting limitations, and reliance limits for AI product security assessments.

contractlegalassessment

/trust-center/contracts/assessment-terms-addendum

Attestations

/trust-center/attestationsapp/(public)/trust-center/attestations/page.tsx

Commercial Services Addendum

Converts the services framework into scoped paid work with rate card, invoicing, and activation terms.

contractlegalretainer

/trust-center/contracts/retainer-billing-addendum

Consultant Mission Brief

Defines specialist role, client relationship model, confidentiality, deliverables, and independence boundary for consultant-led missions.

contractlegalconsultant

/trust-center/contracts/consultant-mission-brief

Contracts

/trust-center/contractsapp/(public)/trust-center/contracts/page.tsx

Cookie Policy

/legal/cookie-policyapp/(public)/legal/cookie-policy/page.tsx

Data Processing Addendum

/legal/data-processing-addendumapp/(public)/legal/data-processing-addendum/page.tsx

Data Processing Addendum

Controller/processor allocation, data protection obligations, subprocessing, security measures, AI provider boundaries, and customer-data handling for scoped services.

contractlegaldpa

/trust-center/contracts/dpa-lite-addendum

Data Retention & Redaction Policy

Retention, redaction, deletion, and post-engagement handling for client materials, research artifacts, assessment evidence, exports, and public-safe publication files.

contractlegaldata

/trust-center/contracts/data-retention-redaction-policy

Evidence Handling Policy

Evidence collection, classification, storage, redaction, retention, deletion, and publication boundaries for AI security assessments, red-team work, governance evidence, and public-safe deliverables.

contractlegalevidence

/trust-center/contracts/evidence-handling-policy

Governance

/trust-center/attestations/governanceapp/(public)/trust-center/attestations/governance/page.tsx

Legal

/legalapp/(public)/legal/page.tsx

Mutual NDA

Mutual confidentiality protections for pre-sales, delivery, and research collaboration contexts.

contractlegalmutual

/trust-center/contracts/mutual-nda

Privacy

/legal/privacyapp/(public)/legal/privacy/page.tsx

Publication & Claim-Readiness Policy

Claim-readiness criteria for public research, trust pages, scorecards, attestations, sponsor materials, security review outputs, and buyer-facing evidence.

contractlegalpublication

/trust-center/contracts/publication-claim-readiness-policy

+ 20 more in this section — all indexed in /sitemap.xml

Documentation

20 pages

Guides and reference material

Acquisition Scorecardauth-only

Conversation-ready acquisition posture with evidence-backed check status.

/portal/acquisition

Asset Mapauth-only

Inventory of the GTM/acquisition asset tree and portal-ready routes.

/portal/assets

Data Roomauth-only

Diligence room index and request list.

/portal/data-room

Diligence Roomauth-only

Current repo-grounded diligence snapshot for buyer and investor review.

/portal/diligence

Investor Disclosureauth-only

Public, gated, caveated, and internal disclosure boundary.

/portal/disclosure

Investor Portalauth-only

Authenticated diligence portal with live corpus metrics, proof dashboards, acquisition scorecards, and asset inventory.

/portal

IP Protectionsauth-only

Ownership, source, license, and confidentiality boundaries.

/portal/ip

Deltaauth-only

Refresh summary and content changes since the last portal sync.

/portal/delta

FAQauth-only

Quick answers for buyers, investors, and internal reviewers using the portal.

/portal/faq

Methodologyauth-only

How the investor portal is sourced, refreshed, labeled, and validated.

/portal/methodology

Policyauth-only

Access, sharing, and claim-posture policy for the portal.

/portal/policy

Proof Dashboardauth-only

Live proof metrics and current validation gaps.

/portal/proof

Rules of Engagementauth-only

Access, sharing, forwarding, and claim-use rules for the portal.

/portal/rules-of-engagement

Valuationauth-only

Transparent valuation framework with TBD financial inputs.

/portal/valuation

AI Product Management for Secure AI Features Printauth-only

Print-oriented manuscript for the AI Product Management for Secure AI Features course.

/academy/courses/ai-product-management-for-secure-ai-features/print

AI Red Teaming for Product Teams Printauth-only

Print-oriented manuscript for the AI Red Teaming for Product Teams course.

/academy/courses/ai-red-teaming-for-product-teams/print

AI Security for Sales Engineers Printauth-only

Print-oriented manuscript for the AI Security for Sales Engineers course.

/academy/courses/ai-security-for-sales-engineers/print

Hiring AI-Savvy Talent Without Unicorn Hunting Printauth-only

Print-oriented manuscript for the Hiring AI-Savvy Talent Without Unicorn Hunting course.

/academy/courses/hiring-ai-savvy-talent-without-unicorn-hunting/print

+ 2 more in this section — all indexed in /sitemap.xml

Auth

5 pages

Sign-in, workspace, and account access

/authapp/(auth)/auth/page.tsx

Authauth-only

Loginauth-only

/auth/loginapp/(auth)/auth/login/page.tsx

Reset Passwordauth-only

/auth/reset-passwordapp/(auth)/auth/reset-password/page.tsx

Workspace Createauth-only

/workspace-createapp/(auth)/workspace-create/page.tsx

Workspace Signinauth-only

/workspace-signinapp/(auth)/workspace-signin/page.tsx

76 pages

Additional pages and resources

AI Product Security Assessment route.

AIPSA

/aipsa

About aisecurity.llc

aisecurity.llc provides AI security engineering for teams shipping LLM apps, RAG systems, agents, copilots, and AI workflows.

/aboutapp/(public)/about/page.tsx

Ai Governance

/ai-governanceapp/(public)/ai-governance/page.tsx

AI Product Security in the Age of Mythos | aisecurity.llc

17-chapter executive and practitioner guide to AI product security in the era of AI-assisted attack. Covers weaponization acceleration, agent authority, prompt injection, RAG authorization, supply chain, and governance.

/mythos/2026app/(public)/mythos/2026/page.tsx

AI Security Engineering Field Guide 2026 — Practitioner Playbooks | aisecurity.llc

Applied practitioner playbooks for securing LLM applications, RAG systems, agents, AI workflows, model supply chains, MLOps platforms, and governance evidence.

/field-guide/2026app/(public)/field-guide/2026/page.tsx

AI Security Engineering Field Guide 2026 — Practitioner Playbooks | aisecurity.llc

Applied practitioner playbooks for securing LLM applications, RAG systems, agents, AI workflows, model supply chains, MLOps platforms, and governance evidence.

/field-guideapp/(public)/field-guide/page.tsx

AI Security Engineering Handbook 2026 — Study Companion

A structured study companion for AI security engineering practitioners, candidates, and teams covering foundations, roles, controls, evidence, assessment, and operating-model design.

/handbookapp/(public)/handbook/page.tsx

AI Security Engineering Handbook 2026 — Study Companion | aisecurity.llc

A structured study companion for AI security engineering practitioners, candidates, and teams covering foundations, roles, controls, evidence, assessment, and operating-model design.

/handbook/2026app/(public)/handbook/2026/page.tsx

AI Security Products | SecEng Workbench Instruments | aisecurity.llc

SecEng Workbench instruments used behind AI product security assessments, attack-path SAST, adversarial testing, hardening, buyer evidence, marketplace readiness, and governance program work.

/productsapp/(public)/products/page.tsx

AIPSA Flash Cards — Study Now | aisecurity.llc

150+ practitioner-level cards across all four M.A.D.E. pillars. Study free in-browser or buy the physical deck.

/study-cards/previewapp/(public)/study-cards/preview/page.tsx

Api

/apiapp/(public)/api/page.tsx

Books

Long-form research from The State of AI Security Engineering Report project.

/booksapp/(public)/books/page.tsx

Buy a Time Bank — ${siteConfig.name}

Pre-purchase expert security hours with no expiry. Use them for any service — red team, detection, governance, or advisory.

/engage/bookapp/(public)/engage/book/page.tsx

Charts

/chartsapp/(public)/charts/page.tsx

Citationsauth-only

/citationsapp/citations/page.tsx

Contracts

/contractsapp/(public)/contracts/page.tsx

Customer Data And Model Training

/ai-governance/customer-data-and-model-trainingapp/(public)/ai-governance/customer-data-and-model-training/page.tsx

Data

/dataapp/(public)/data/page.tsx

+ 58 more in this section — all indexed in /sitemap.xml

Pricing

1 page

Direct consulting pricing bands for AI security assessments, adversarial testing, hardening, and evidence buildouts.

Pricing

/pricing

Labs

1 page

SecEng Adversarial Range — Lab

Hands-on lab route for SecEng Adversarial Range.

/labs/seceng-ai-attack-range

Services

2 pages