AI security, scoped to where you actually are
Every engagement starts the same way: we profile the target — what the AI system is, what data it touches, what authority its outputs carry, what trust boundaries it crosses. That intake decides which of the framework's twelve domains apply, so the work is scoped to your context, not a generic checklist.
AI Security Snapshot
OrgRapid posture read across the 12 domains. Prioritised findings, quick wins, where the real risk sits. The entry point.
AI Security Assessment
OrgFull controls-based assessment. Maturity-rated findings, gap register, remediation roadmap.
ISO 42001 Readiness / Gap
OrgWhere you stand against the AI management system standard, what certification will demand, the path to close.
AI Risk Assessment
ProjectThreat-modelled risk register for a specific system: what can go wrong, how likely, how to treat it.
Privacy / DPIA for AI
ProjectData-protection impact assessment built for AI: training data, inference exposure, retention, cross-border flow.
Vendor AI Risk Review
ProjectA third-party AI or agent product assessed before you buy or renew. An evidence-based verdict, not a questionnaire taken on faith.
Secure AI Architecture & Design Review
ProjectYour design stress-tested against the architect's question. Trust-boundary analysis, failure containment, fixes before build.
SecAI / DevSecOps Pipeline Security
ProjectSecurity built into the AI delivery pipeline: model supply chain, CI/CD, deployment gates.
Managed AI Security
OrgOngoing retainer: continuous posture monitoring, new-system reviews, advisory on tap. Security that keeps pace with deployment.
AI Security Advisory / vCISO
OrgFractional senior AI-security leadership. Strategy, board reporting, programme ownership.