The Framework

The framework behind the work

Every Altaniche engagement runs on one backbone: the Altaniche AI Security Framework (AASF). Not a checklist bolted onto generic security, purpose-built for how AI and agentic systems actually fail.

0
controls
0
domains
0
diagrams

Why it exists

Purpose-built for AI

Existing security frameworks assume a system does what its code says. AI systems don't: they act on language, from sources you don't control, with access to data and tools. We built the framework to close that gap — a structured way to reason about, assess, and secure AI across its whole surface.

Coverage

The 12 domains

GOV
Governance
DAT
Data
MOD
Model
INF
Infrastructure
AGT
Agent
TOL
Tooling
IAM
Identity & Access
IAS
Inference & API Security
VND
Vendor & Supply Chain
MON
Monitoring
PRI
Privacy
AWR
Awareness

Alignment

Built on the standards you answer to

AASF doesn't replace the frameworks you're measured against, it operationalises them. Every domain maps to:

 ISO 42001 NIST AI RMF OWASP LLM Top 10 OWASP Agentic Top 10 MITRE ATLAS EU AI Act Australian Voluntary AI Safety Standard 

First principles

The ideas underneath

Five principles shape every control.

Provenance tagging
Know what's trusted and what isn't, and never lose track.
Model between zones
The model sits between trust zones, not inside one.
Authority in code
What an AI is allowed to do lives in code, not in the prompt.
Separation of duties
Split sensitive work across calls so no single one holds all the power.
Containment
Design for the worst-case action, not the expected one.

Application

A note on how we use it

The framework is the engine behind our engagements. The public model — its domains, structure, and standards alignment — is open. The detailed controls, assessment procedures, and implementation guidance are applied through our work with clients.

The framework is the engine.

The engagements are how you get its value.

See the services Book a scoping call

Palette

Navy Brass