Offers designed to reduce uncertainty, deliver evidence and avoid infinite support. Each service has typical duration, deliverables, exclusions and closure criteria.
Paid entry point to organize uncertainty before proposing a full sprint.
Not included: pentest, full forensics, remediation or certification.
Core product for vendor risk, M&A, investment, procurement, partnership or enterprise onboarding.
Not included: formal audit, deep exploitation, legal opinion or remediation.
Specialized review for AI connected to documents, tools, internal data, agents or workflows.
Not included: full build, model training or legal approval of AI providers.
Accelerator to answer enterprise, prepare audit or close evidence gaps.
Not included: certification, official audit or guaranteed enterprise approval.
Practical preparation so the first real incident is not also the first rehearsal.
Not included: 24/7 response, full forensics, continuous monitoring or breach legal advice.
Recurring guidance only after a sprint, with capped hours and responsibilities.
Not included: daily support, unlimited execution or incidents outside contract.
| Offer | Decision enabled | Typical duration | Fit |
|---|---|---|---|
| Rapid Risk Triage | How serious is this and what should we review first? | 2-3 days | Initial urgency, questionnaire, suspicious vendor or AI initiative. |
| Due Diligence Sprint | Do we sign, buy, invest or pause? | 7-10 days | Vendor/M&A/procurement/enterprise onboarding. |
| AI Risk Review | Can we deploy AI with defensible controls? | 5-10 days | LLM, RAG, agents, copilots or automations with data. |
| Readiness Accelerator | What is missing to answer enterprise/compliance? | 10-20 days | B2B SaaS, tech vendors, audits or security reviews. |
| Incident Tabletop | Do we know what to do during a real incident? | 7-12 days | Companies with sensitive data or critical continuity. |
We do not request access or sensitive evidence without scope and authorization.