ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review
NEW

Program Blueprint Kit

The AI Security Program Your Team Will Run.

Most teams shipping AI have no formal security program — just accumulating exposure and audit risk. The Blueprint Kit delivers seven expert-designed programs covering agent authority, RAG boundaries, red teaming, governance evidence, and incident response — as an executable backlog in Jira, Linear, Notion, or GitHub, with every task pre-mapped to ISO 42001, NIST AI RMF, OWASP LLM, and SOC 2 controls.

Start with a $0 Scoping ReviewExplore the Blueprint Families
Agents · RAG · Red Team · Governance · IR
294 framework-mapped controls
113 evidence requirements
10 delivery platforms
AI Security ProgramSprint 3
14 / 42 tasks6 frameworks

Blueprints

7

20 workstreams

Evidence

113

requirements

Controls

294

mappings

Active Backlog

AIS-42Map AI data flows & agent surfacesDone
AIS-43Define model access control policyIn Progress
AIS-44RAG boundary & leakage test suiteIn Progress
AIS-45Generate stakeholder evidence packTo Do
AIS-46Conduct red-team prompt injection sprintTo Do

Framework Coverage

NIST AI RMF68%
ISO 4200144%
OWASP LLM55%

Outputs land in the platforms your teams already use

JiraJiraConfluenceConfluenceGitHubGitHubGitLabGitLabSlackSlackMicrosoft 365Microsoft 365Google WorkspaceGoogle WorkspaceNotionNotionAsanaAsanaLinearLinearJiraJiraConfluenceConfluenceGitHubGitHubGitLabGitLabSlackSlackMicrosoft 365Microsoft 365Google WorkspaceGoogle WorkspaceNotionNotionAsanaAsanaLinearLinear
FigmaFigmaSalesforceSalesforceIntercomIntercomn8nn8nLLangflowFFlowiseSSim StudioRaycastRaycastOutlookOutlookGmailGmailFigmaFigmaSalesforceSalesforceIntercomIntercomn8nn8nLLangflowFFlowiseSSim StudioRaycastRaycastOutlookOutlookGmailGmail+ more

New integrations added regularly.

Who It's For

Built for the Teams Actually Responsible for AI Security

Security Engineers

Agents and RAG in prod with no coverage?

Get a structured program for agent authority, RAG boundaries, and prompt injection — mapped to the controls your org already uses.

CISOs & Security Leaders

Board wants AI governance evidence?

The Governance Evidence blueprint generates ISO 42001, NIST AI RMF, and SOC 2 artifacts in weeks — not quarters.

Product Security Teams

Shipping AI features that haven't been assessed?

The Product Security Assessment blueprint covers architecture review, threat modeling, RAG security, agent authority, and release gating.

Red Teams

Need AI-specific attack coverage?

The Red Team Engagement blueprint covers prompt injection, RAG abuse, agent misuse, policy bypass, and unsafe behavior — with remediation sign-off built in.

Delivered in Your Tools

See What It Looks Like in Your Stack

Every blueprint ships as a structured backlog, evidence tracker, and control map — formatted for the project management tool your team already runs. No migration, no retraining.

Jira
ProjectsBoardsBacklogSprints
AI-Security / AIS / Epics / AIS-E03
E

Agent Workflow Authority Review Program

Map what your agents can do and reduce unsafe authority across tool calls, MCP connections, and workflow actions.

In ProgressCritical4 weeks

Child Issues · 6

IssueSummaryTypeStatusPriority
AIS-43Map agent tool registry & action scopeIn ProgressCritical
AIS-44Document approval gate requirementsIn ProgressCritical
AIS-45Run privilege escalation test suiteTo DoHigh
AIS-46Review MCP server permission boundariesTo DoCritical
AIS-47Generate authority audit evidence packTo DoHigh
AIS-48Deploy workflow monitoring hooksTo DoHigh
SE-AI-AGT-001OWASP LLM07OWASP LLM09ISO 42001:A.8.2

Also available for Asana, GitLab, Plane, and raw JSON / Markdown.

What Makes It Different

Not a Checklist. Not a PDF. A Running Program.

Security teams fail at AI security because they get frameworks, not programs. The Blueprint Kit gives you something you can actually execute — with the coverage to back it up.

Agent & Workflow Visibility

Enumerate exactly what each agent can read, write, and execute. Map the blast radius of every tool call, scope every MCP connection, and document unsafe authority before it becomes an incident.

RAG Boundary Testing

Run structured tests across tenant boundaries, source provenance, context integrity, and leakage events. Every test case maps to OWASP LLM06, LLM08, and ISO 42001 controls.

Framework Coverage Built In

Every task ships pre-mapped to ISO 42001, NIST AI RMF, OWASP LLM Top 10, MITRE, and SOC 2. Your backlog is your evidence trail — no reconciliation needed.

Audit-Ready Evidence Packs

113 structured evidence requirements generate the exact artifacts your auditor, customer, or certification body needs. Configured per platform — Confluence page, Notion doc, GitHub wiki.

Tool-Native Delivery

Drop into Jira, Linear, Notion, GitHub, Asana, GitLab, or Confluence. Every blueprint is formatted for the tool — not pasted from a PDF. Estimated at 3–6 weeks per program.

How It Works

From Zero to AI Security Program in Weeks, Not Months.

Step 1

Discover & Assess

We assess your AI systems, workflows, tools, and risks.

Step 2

Build Your Program

We configure your program templates, backlog, and controls in your tools.

Step 3

Deliver & Enable

We deliver your evidence pack, dashboards, and team enablement.

Step 4

Run & Improve

You execute, measure, and continuously improve with confidence.

Blueprint Families

Explore the Corpus Families Behind the Product

6 week build

AI Security Readiness Program

AI Security Program

defined

A practical operating blueprint for teams building, buying, or deploying AI-enabled systems.

Workstreams

2

Tasks

4

Evidence

8

Docs

5

Components

AI InventoryThreat ModelingRAG Security

Controls + Artifacts

seceng:SE-AI-INV-001nist_ai_rmf:MAP 1.1inventorydiagram

Labels: ai-security · program-blueprint · readiness · 49.0 KB JSON / 15.9 KB markdown

Map this blueprint into your program
4 week build

RAG Boundary Testing Program

AI Security Program

managed

A program blueprint for validating retrieval authorization, source provenance, context integrity, and leakage boundaries.

Workstreams

3

Tasks

7

Evidence

12

Docs

7

Components

RAG SecurityRetrieval TestingPolicy Gates

Controls + Artifacts

seceng:SE-AI-RAG-001owasp_llm_top_10:LLM06inventorytest report

Labels: ai-security · rag · retrieval · 76.2 KB JSON / 21.6 KB markdown

Map this blueprint into your program
4 week build

Agent Workflow Authority Review Program

AI Security Program

managed

A program blueprint for mapping what AI agents can actually do and reducing unsafe authority.

Workstreams

3

Tasks

6

Evidence

13

Docs

7

Components

Agent AuthorityWorkflow GraphsApproval Gates

Controls + Artifacts

seceng:SE-AI-AGT-001owasp_llm_top_10:LLM07inventorydiagram

Labels: ai-security · agents · tools · 70.1 KB JSON / 19.8 KB markdown

Map this blueprint into your program
3 week build

AI Product Security Assessment Program

AI Product Security

managed

A product security assessment blueprint for AI-enabled SaaS features, RAG products, agents, and AI workflows.

Workstreams

3

Tasks

7

Evidence

15

Docs

7

Components

AI Product SecurityArchitecture ReviewThreat Modeling

Controls + Artifacts

seceng:SE-AI-INV-001nist_ai_rmf:MAP 1.1inventorydiagram

Labels: ai-security · product-security · assessment · 89.6 KB JSON / 28.1 KB markdown

Map this blueprint into your program
3 week build

AI Red Team Engagement Program

AI Red Team

managed

A red-team engagement blueprint for prompt injection, RAG abuse, agent misuse, policy bypass, and unsafe AI behavior.

Workstreams

3

Tasks

7

Evidence

12

Docs

7

Components

Red Team PlanningAttack ScenariosEvidence Capture

Controls + Artifacts

seceng:SE-AI-TM-001owasp_llm_top_10:LLM01threat modeltest report

Labels: ai-security · red-team · prompt-injection · 82.5 KB JSON / 24.8 KB markdown

Map this blueprint into your program
6 week build

AI Governance Evidence Program

AI Governance

managed

A governance evidence blueprint for ISO 42001, NIST AI RMF, SOC 2 support, and AI risk oversight.

Workstreams

3

Tasks

6

Evidence

11

Docs

7

Components

Governance EvidenceAI InventoryRisk Register

Controls + Artifacts

seceng:SE-AI-INV-001nist_ai_rmf:MAP 1.1inventorythreat model

Labels: ai-governance · evidence · iso-42001 · 70.1 KB JSON / 22.1 KB markdown

Map this blueprint into your program
4 week build

AI Incident Response Program

AI Incident Response

defined

An incident response blueprint for AI security events, prompt injection, data leakage, unsafe actions, and model/provider incidents.

Workstreams

3

Tasks

5

Evidence

8

Docs

7

Components

Incident TaxonomyRunbooksDetection

Controls + Artifacts

seceng:SE-AI-LOG-001soc2:CC7.2logging speceval report

Labels: ai-security · incident-response · runbooks · 57.7 KB JSON / 16.2 KB markdown

Map this blueprint into your program

Trusted by Security-Minded Teams Building AI

“We had agents in production for six months with no formal security program. The Blueprint Kit gave us a real Jira backlog, framework-mapped controls, and an evidence pack we could show our enterprise customers — in under two weeks.”

Head of Product Security, AI SaaS Company

Built from real product security, AppSec, AI governance, and security engineering practice across AI-native companies.

Ready to Ship

Ready to Launch Your AI Security Program?

Book a free scoping call. We'll map your AI surfaces, pick the right blueprint family, and show what your first program backlog should look like.

Book My Free Scoping CallSee the Blueprint Families
No commitment
Expert-led
Start in days