Start here
Start with the AI security problem you actually have.
Whether you are launching an AI feature, preparing for enterprise review, hardening an agent, building governance evidence, or cleaning up trust claims, start with a scoped engagement that produces usable artifacts.
We keep the first step simple: identify the problem, choose the right motion, define the evidence needed, and turn it into a practical SOW.
Note: Public pages and scorecards can guide scope, but private systems, controls, and operational claims require private evidence review.
Engagement picker
Choose the problem you need to solve.
Recommended offer
I'm launching an AI product or feature
AI Product Security Assessment
Best for
- RAG systems, copilots, agents
- AI workflow automation
- Model and API integrations
- AI-enabled SaaS features
What you get
- Architecture and data-flow review
- Threat model
- AI-specific risk register
- Prioritized remediation backlog
- Executive readout
Recommended offer
I need to test an AI system against abuse
AI Red Team / LLM Attack Range Sprint
Best for
- Prompt injection and jailbreaks
- Tool misuse and RAG abuse
- Agentic workflow exploitation
- Policy bypass and unsafe actions
What you get
- Attack scenarios
- Controlled test plan
- Findings with evidence
- Severity and exploitability notes
- Mitigation guidance
Recommended offer
I need governance evidence for buyers or leadership
AI Governance Evidence Sprint
Best for
- Enterprise sales pressure
- Procurement review readiness
- Trust center improvements
- Security questionnaire preparation
What you get
- Public/private artifact checklist
- AI governance evidence map
- Policy and control gap notes
- Buyer-facing caveat language
- Remediation plan
Recommended offer
I need detection, logging, or AI telemetry
AI Detection Engineering Sprint
Best for
- AI abuse monitoring
- Prompt and tool event telemetry
- SIEM content and playbooks
- Governance evidence logs
What you get
- Event taxonomy
- Logging requirements
- Detection logic
- Playbook notes
- Evidence capture model
Recommended offer
I need ongoing AI security leadership
Fractional AI Security / vCISO Retainer
Best for
- Startups and SaaS teams
- Advisory board or investor needs
- Security teams needing senior guidance
- Ongoing governance and roadmap support
What you get
- Recurring advisory
- Roadmap ownership
- Architecture and security review
- Governance evidence support
- Executive-ready summaries
Recommended offer
I'm not sure what I need
$0 Scoping Call / Intake
Best for
- Early questions or unclear risk
- Buyer or investor pressure
- Board anxiety or vendor trust triage
- Multi-team program scoping
What you get
- Problem framing
- Recommended engagement type
- Input checklist
- Next-step proposal or SOW outline
Service packages
What a scoped engagement looks like.
Each package below describes a typical sprint or advisory cycle. Final scope, timeline, and fees depend on the engagement and are defined in a SOW.
AI Product Security Assessment
2–4 weeksTypical inputs
Deliverables
- Threat model
- AI risk register
- Architecture notes
- Remediation backlog
- Executive summary
Scoped after discovery. Fixed-fee or bounded sprint available.
AI Red Team Sprint
1–3 weeksTypical inputs
Deliverables
- Attack plan
- Scenario results
- Evidence-backed findings
- Mitigation backlog
- Retest recommendations
Scoped by environment, risk, and testing access.
Governance Evidence Sprint
1–2 weeksTypical inputs
Deliverables
- Public/private evidence checklist
- Trust center gap map
- AI policy language notes
- Buyer-review guidance
- Evidence backlog
Good first engagement for enterprise-readiness pressure.
Detection Engineering Sprint
2–4 weeksTypical inputs
Deliverables
- AI event taxonomy
- Logging requirements
- Detection logic
- Playbook notes
- Evidence model
Can follow red-team or product assessment work.
Fractional AI Security / vCISO Retainer
MonthlyTypical inputs
Deliverables
- Recurring advisory
- Decision memos
- Control roadmap
- Governance evidence support
- Executive-ready summaries
Best after an initial sprint or assessment.
Engagement documents
From scope to signed SOW.
Every engagement starts with a scoping call and ends with a signed SOW. Review the templates we use for assessments, red-team sprints, governance evidence, and advisory retainers — including the NDA, MSA, and rules of engagement outlines.
Proof previews
The artifact sample subsystem will live separately. These links point to the future proof locations so buyers can see where deliverable examples will appear.
Saved scope drafts and uploaded evidence can be managed from the client portal after sign-in.
Intake
What to bring to a scoping call.
Share enough context to route the request. You do not need everything on this list — bring what you have and we will identify the gaps together.
Name and company
Who is asking and on whose behalf.
Role
CISO, CTO, product security lead, founder, etc.
Website or product URL
Public surface if applicable.
Problem type
AI product security, red team, governance, detection, trust center, vCISO, or not sure.
AI system type
RAG, copilot, agent, ML API, AI feature, etc.
Stage
Pre-launch, in production, post-incident, enterprise-ready pressure.
Urgency
Timeline, buyer deadline, or procurement date if applicable.
Desired engagement
Assessment, sprint, retainer, or scoping call.
Budget band
Exploratory, under $10K, $10K–$25K, $25K–$75K, $75K+, or not sure.
Sensitive environment
Does the work involve regulated data, critical infrastructure, or high-stakes AI?
Links or docs available
Architecture diagrams, trust center, existing policies, or reports.