AI security.

What we cover

• NIST AI Risk Management Framework (AI RMF) 1.0. Map / Measure / Manage / Govern, applied to your AI use cases.
• OWASP LLM Top 10. Prompt injection, data leakage, insecure plugin design, model DoS, foundation-model supply chain risk.
• Model governance. Inventory of models in use, lifecycle policy, model card requirements, retirement criteria.
• Data-pipeline review. Where training data comes from, how it's sanitized, how PII is filtered, how prompts are logged and retained.
• AI vendor risk. Reviewing the AI clauses in your SaaS contracts (data residency, training opt-out, breach notification, model versioning).
• ISO/IEC 42001 readiness. The new AI management system standard, for organizations that need a certifiable governance program.
• Acceptable use policy. Practical guidance for what employees can and cannot put into LLMs.

What this is not

This is not red-team prompt-injection-of-the-week theater. It's governance, risk, and compliance for AI, designed so that when a regulator, an auditor, or a customer asks how you manage AI risk, you have a written answer.

Common engagements

• AI Risk Workshop. Half-day session with leadership. Around 4 hours.
• AI Use Case Review. One model, end-to-end. Around 10 hours.
• AI Acceptable Use Policy & governance baseline. Around 20 hours.
• NIST AI RMF readiness. Around 40 hours.
• ISO/IEC 42001 readiness. 80+ hours.

Common questions

Next step