MERRISON DE FREITAS

Principal-engineer-grade AI security, delivered fractionally.

We work with a small number of Series B–D companies shipping AI into product. Architecture reviews, MCP and agent identity design, eval harnesses, threat models — engineering deliverables, not policy documents.

Enquire about an engagement Read our principal's writing

Scroll

↓

What we do

Three engagement formats, each principal-engineer-led and scoped tightly. Pick the shape that fits the situation; we will help you choose if you are not sure.

AI Security Discovery

A four-week fixed-price engagement. We walk the AI surface, identify the worst three risks, and deliver a prioritised roadmap. Self-contained; no commitment beyond it.

Architecture Review

One to three weeks, specific scope. A design review for a feature about to ship, or an existing system that needs a senior outside opinion. The deliverable is a written review with specific design changes.

Embedded Principal

A six-month retainer. Discovery in month one, then ongoing advisory and execution support. The shape most teams need once AI is part of the product roadmap.

See the engagement formats

Who we work with

Series B–D scale-ups in regulated or regulated-adjacent domains — anywhere personal data or money flows through an agent or an LLM, and being wrong has consequences. The teams we work with have AI in production already, or are about to ship it, and want a senior outside opinion on the architecture before something breaks.

Fintech & payments

Money movement, AP and finance ops, anything with a transaction in the loop.

Healthtech & insurtech

Regulated data, clinical or underwriting decisions, PII at scale.

Legaltech

Agents acting on privileged documents and high-consequence outputs.

Regulated-adjacent

Any product where an LLM or agent sits on a path that matters.

Why us

Most fractional security work today is GRC-shaped — running programmes, owning policy, getting through audits. That work is real, but it is not the work an engineering team needs when they are putting an LLM in front of customers. We do the engineering work — design review, identity, eval design, mitigation patterns — and we know first-hand what it takes to design, build and ship agents to production safely, because we have built and shipped them ourselves. We also know the regulatory environment well enough to keep you out of trouble.

FINOS AI Governance Framework

Co-author of the agentic risks.

FINOS Newcomers Award

Recipient, 2025.

Got AI in your product and want a senior outside opinion?

Tell us about the engagement you are considering. We respond to every enquiry within two business days.

Get in touch