Two weeks to underwriter-ready AI governance.
A productized AI security practice for $1–25M businesses navigating cyber insurance AI riders, audit pressure, and customer‑due‑diligence questionnaires.
Built around the standards your underwriter and auditor expect
Fixed-scope across two weeks. Six deliverables. One executive readout.
The same scope every time. No discovery calls to “figure out what you need.” No hourly billing. No surprise change orders. By Day 14 you have everything in this section, paginated, branded, ready to forward to your underwriter or auditor.
AI Tool Discovery
Browser telemetry analysis, employee survey, procurement and SSO log audit. Surfaces every sanctioned and unsanctioned AI tool in active use.
Risk Classification Matrix
Each tool mapped against NIST AI RMF risk severity and business criticality. Identifies which tools need immediate remediation versus policy-only controls.
Cyber Insurance Rider Gap Analysis
Side-by-side of what your carrier's AI security rider requires against what you can document today. Color-coded gaps with remediation priority.
AUP & Training Outline
Acceptable Use Policy drafted to your operational reality, plus a sequenced employee training plan with LMS-ready content modules.
90-Day Remediation Roadmap
Every gap sequenced into a Week 1 / 30 / 60 / 90 plan with owners, dependencies, and expected effort. Hands off cleanly to internal IT or to Implementation.
Executive Readout
Sixty-minute Zoom with leadership, walking through findings, exposure, regulatory citations, and the path to underwriter-ready. Final PDF delivered same day.
Start with the Sprint. Scale into Implementation. Retain a Fractional officer when you need ongoing coverage.
Discovery, classification, gap analysis, AUP, remediation roadmap, executive readout. Designed to satisfy a cyber insurance AI rider questionnaire or vendor security DD on first ask.
Learn about the SprintCloses the gaps the Sprint identifies. DPA repaper, vendor BAA execution, DLP configuration, IR runbook update, control rollout. Sprint fee credits toward Implementation.
Learn about ImplementationNamed AI security officer on retainer for businesses without an internal CISO. Carrier liaison, vendor reviews, employee training, quarterly board readout. Activate once governance is in place.
Learn about FractionalSee what an AI Risk Sprint deliverable actually looks like.
22-page sample Sprint report from a 118-employee healthcare practice. Discovery, risk classification, cyber insurance gap analysis, three findings with regulatory citations, 90-day remediation roadmap. Anonymized; representative of an actual engagement.
Download sample report (PDF · 22 pp · 1.1 MB)Preview · page 4 of 22
Real-World Examples
Case Studies
How real engagements played out — from incident response to clean audit posture.
Harrison & Cole LLP: From Sanctions Order to Documented AI Governance
$270K direct cost, Sprint recovery, malpractice premium contained at next renewal
Cascade Wealth Partners: Proactive Sprint, Clean SEC Examination
$3,200 incident avoided, clean SEC exam, documented best-practice posture
Threadline Analytics: Closing the SOC 2 Type II AI Gap Before the Auditor Did
$5,500 Sprint, $24K Implementation, clean SOC 2 Type II report, two enterprise contracts unblocked
Twenty years in platform security architecture, with deep work in confidential computing, hardware attestation, and supply-chain trust. AMD Fellow. Contributor to Caliptra, the open-source hardware root-of-trust used across the cloud-and-silicon industry.
Read more on the About pageFrequently Asked Questions
Common questions about Shadow AI and our services.
Don't wait for a breach to act
With 71% of employees using AI without approval and shadow AI breaches costing an extra $670Kon top of an already-painful breach, the question isn't if you have exposure — it's how much.