Engagement

Who it's for

• System architecture is committed; code is being written
• RAG, agentic, or multi-model system with real attack surface
• Upcoming EU AI Act classification decision or Annex IV scaffolding need
• Security or compliance concern identified by a CISO, board, or investor

Typical flow

• Week 1: System walkthrough with the engineering team. Data flow mapping. Threat model (STRIDE for AI, attack trees). Classification under EU AI Act Article 6.
• Week 2: Deep review of specific subsystems: data pipeline, retrieval, agent tool chain, output handling. Annex IV scaffolding.
• Weeks 3-N: Remediation. Sitting with engineers on specific findings. Closing vulnerabilities. Writing evidence alongside the code. Duration depends on the number and severity of findings.

Deliverables

• Threat model document
• Security architecture review with findings and remediation plan
• Annex IV scaffold (technical file structure, initial evidence)
• Closed findings with verifiable code changes

How it ends

• Handoff to the engineering team with documentation
• Often extends into pre-launch Risk Baseline when the system nears launch

Who it's for

• System is about to ship or recently shipped
• EU AI Act classification needed for a specific deployment
• Investor or customer asking about AI security posture
• Board preparing for AI governance disclosure

Typical flow

• Week 1: System walkthrough, EU AI Act classification, initial agent red-teaming scan with Ziran (live system) or review of design artefacts (not-yet-live system).
• Week 2: Deep red-teaming pass. Conformity gap analysis. Document drafting.
• Week 3 (optional): Draft review with client, remediation priorities, final document.

Deliverables

• Comprehensive, actionable executive document: classification, top risks, conformity gaps, prioritised remediation
• Raw red-teaming findings (appendix)
• Remediation roadmap with named owners if requested

How it ends

• Handoff of the document
• Often extends into the post-launch AI Security, Compliance & Governance Partner engagement when the roadmap requires ongoing attention

Who it's for

• System is live and evolving
• Ongoing EU AI Act obligations (post-market monitoring)
• Incident response capability needed for AI-specific issues
• Architecture review required as the system scales

Typical flow

• Monthly retainer, three tiers quoted against the specific risks surfaced earlier
• Regular architecture review as systems evolve
• AI Act evidence maintenance, conformity updates
• Incident response availability
• Governance roadmapping with engineering leadership

Deliverables

• Ongoing threat model updates
• Maintained Annex IV documentation
• Incident response reports when applicable
• Quarterly governance review

How it ends

• Retainer continues as long as it earns continuation
• Three-month minimum, no open-ended commitment

Who it's for

• Multiple AI systems at different lifecycle stages under one programme
• Product evolving fast enough that separate Design, Pre-launch, and Post-launch engagements would create coverage gaps
• Founding-team situation where security is woven in from day one, not bolted on later
• Compliance obligations that span upstream design decisions and post-market monitoring without a clean launch boundary

Typical flow

• Discovery call shapes the scope. A rapid diagnostic week covers whichever systems already exist: current-state scan, gap analysis against EU AI Act obligations and security posture.
• Transitions into embedded support: threat models as new features are designed, red-teaming before releases, Annex IV evidence maintenance, incident response availability, architecture review as systems evolve.
• Cadence agreed per engagement (weekly, bi-weekly, or monthly) based on the pace of the product.

Deliverables

• Running threat model library, kept current as systems change
• Maintained Annex IV documentation across the programme
• Red-teaming reports on releases as they ship
• Incident response reports when applicable
• Quarterly programme review

How it ends

• Reviewed quarterly against scope and value
• No fixed endpoint, no open-ended commitment; continues as long as it earns continuation