Services

Specialist help, scoped tightly.

We work with product, legal, and security teams shipping AI. Every engagement starts with a written scope and a redacted sample of the deliverable so you know exactly what you are buying.

Engagement · 4–8 weeks

AI Privacy Risk Assessment

End-to-end privacy review of an AI system: data flows, training corpora, inference exposure, third parties, retention, and incident readiness. Mapped to NIST Privacy Framework, ISO/IEC 27701, and applicable law.

Engagement · 3–6 weeks

ML Security Red-Team

Adversarial testing of LLM and ML pipelines against the OWASP LLM Top 10, prompt-injection chains, training-data extraction, model inversion, and supply-chain abuse. Includes redacted public summary if desired.

Retainer · 3–12 months

Privacy-by-Design Advisory

Embedded advisory for product, legal, and engineering during the design and launch phases of a new AI feature. Outputs include DPIA, DPA, control library, and a launch readiness review.

How we work

We sign a mutual NDA before any sensitive material changes hands.
All client data is encrypted at rest, segregated per engagement, and deleted on close-out by default. A retention extension requires an explicit written request.
We do not subcontract without prior written consent. Sub-processors are listed in our trust center.
Findings are delivered in writing with reproducible evidence and a prioritised remediation plan.