Services

We offer three engagement formats. Each one is principal-engineer-led, scoped tightly, and delivered as engineering artefacts rather than policy documents.

AI Security Discovery

A four-week fixed-price engagement to find the risks that matter and tell you what to do about them first.

This is the right starting point when you know AI is now a meaningful part of your product and you want a clear-eyed read on where the real exposure is — before you commit to a longer piece of work, and before an incident makes the decision for you. We walk the AI surface end to end: the agents and their tools, where models sit on the data path, identity and authorisation boundaries, the eval and monitoring story, and the third-party dependencies you have taken on without quite meaning to. We surface the worst three risks and tell you, concretely, what to fix and in what order.

Deliverables

  • A written assessment of the current AI surface.
  • A prioritised risk register, worst-first, with the reasoning behind the ranking.
  • A 90-day roadmap an engineering team can act on.
Duration Four weeks, fixed.
Shape Fixed price for the engagement. Self-contained; no commitment beyond it.
How to engage Tell us about your AI surface and we will scope it.

Architecture Review

One to three weeks. A senior outside read on a specific design — before it ships, or once it is causing you doubt.

Use this when there is a particular thing to look at: a feature about to go live, a new agent or tool-use design, an integration that handles data or money, or an existing system that has grown past the point where anyone is confident it is right. We read the design and the code, not a summary of them. We work out whether the agents have the right tools, the right identity boundaries, and the right failure modes — and we hand back specific, named changes rather than a list of themes. Tightly scoped by design, so you get a senior opinion without standing up a programme of work.

Deliverables

  • A written review with named, specific design changes — not generalities.
  • A follow-up working session with the engineering team to walk through them.
  • A redesign sketch where a change is substantial enough to warrant one.
Duration One to three weeks, by scope.
Shape Fixed price per review, agreed once the scope is clear.
How to engage Send us the system or feature you want reviewed.

Embedded Principal

A six-month retainer. A principal engineer on AI security, embedded in your team for the stretch that matters.

This is the shape most teams need once AI is a permanent part of the roadmap rather than a single feature. We start with a Discovery in month one to establish the landscape, then move into ongoing advisory and execution support: sitting in design reviews, threat-modelling new surfaces as they appear, helping design eval harnesses, and preparing you for the audit or regulator conversations that follow. The engagement is principal-led throughout — the person in your reviews is the person doing the work. It is mutually extendable when it is working and easy to close out when the need has passed.

Deliverables

  • Monthly work plans agreed with your engineering leadership.
  • Ongoing architecture and design reviews as features move through the pipeline.
  • Threat modelling for new AI surfaces, and eval harness design as needed.
  • Readiness preparation for audits and regulator conversations.
  • A quarterly summary written for the board.
Duration Six-month initial term, mutually extendable.
Shape Monthly retainer, sized to the intensity of the work.
How to engage Tell us where AI sits in your roadmap.

Not sure which format fits? Tell us about the situation and we will suggest the right shape. Get in touch. We share indicative figures once we understand the scope.