Choose the deployment model that matches the data boundary.
AI security can run as SaaS, local worker, private worker, OEM sidecar, hybrid, offline, or air-gapped depending on customer and partner constraints.
Deployment routes
Deployment should be chosen based on who owns the UI, where sensitive data lives, and how usage can be reconciled.
Partners
OEM, scanner-provider, MSSP, reseller, consulting, private-label, and technology partner programs.
Licensing
Enterprise, embedded, OEM, white-label, offline, air-gapped, academic, startup, and usage-credit licensing.
Operations
Deployment, support, SLA, security, data-processing, audit, success, and implementation operations.
Commercial Contact
Start an OEM, reseller, MSSP, enterprise, private-label, procurement, or deployment conversation.
Keep sensitive work where it belongs
The strongest architecture gives each buyer the right boundary: SaaS for control, local worker for privacy, sidecar for OEM, and air-gap for sensitive environments.
Platform-Controlled SaaS
The AI Security LLC platform governs identity, organizations, credits, entitlements, usage, artifacts, and reports.
- Best for direct customers and managed commercial programs
- Centralized billing and entitlement decisions
- Fastest path to procurement-ready evidence workflows
Desktop or CLI Worker
Local execution for code, repository, proxy, and evidence workflows with platform-controlled licensing and usage sync.
- Keeps sensitive repositories and traces local
- Supports offline cache and queued usage
- Appropriate for enterprise and consultant delivery
Embedded Sidecar
A headless binary or localhost service that a partner product invokes and ingests as native scanner output.
- Best for scanner providers and platforms
- No partner UI dependency on AI Security LLC
- Supports co-branded, private-label, and white-label packaging
Air-Gapped or Offline
Disconnected deployment for sensitive environments with signed license grants, hard-capped usage, and controlled update channels.
- No continuous internet dependency
- Explicit scope, expiry, and capability limits
- Suitable for high-sensitivity enterprise programs
Default OEM architecture
A partner product keeps its own UI, scheduling, reporting, customer accounts, and workflow while the SecEng engine supplies AI-specific security results.
Partner orchestrator
The partner scanner, Java application, AppSec platform, CI job, or managed-service workflow owns scheduling, customer context, and UI.
SecEng sidecar
A headless binary or localhost API receives bounded scan requests, validates local license state, and runs AI security modules.
Structured outputs
The engine returns JSON, SARIF, markdown, evidence bundles, and normalized finding metadata suitable for native ingestion.
Partner reporting
The partner presents results inside its own product, report, portal, or service workflow without exposing the AI Security LLC UI.
Usage reconciliation
Customer-org usage, credits, license status, and revocation sync to the commercial control plane when the deployment model allows it.
Choose the right commercial model
The Commercial pillar separates how organizations buy, embed, operate, and scale AI Security LLC from the technical capabilities themselves.
Licensing models
Use the licensing shape that matches how the customer or partner wants to buy and operate.
Enterprise Site License
Organizations that want AI security tooling, evidence generation, private workers, Academy access, and negotiated usage capacity.
- Organization-level entitlements
- Private worker support
- Negotiated credits
- Procurement and security review
OEM Embedded License
Scanner vendors and security platforms that want to embed the SecEng engine inside their existing product.
- Partner license
- Customer-org tracking
- Usage rollups
- Redistribution rights
MSSP License
Managed security providers selling AI security assessments and monitoring as a managed service.
- Customer-org reporting
- Managed delivery rights
- Usage credits
- Support boundaries
White-Label License
Strategic partners that need customer-facing brand control, custom report language, and embedded packaging.
- Branding rights
- Output customization
- Higher support obligations
- Audit rights
Deployment options
Commercial packaging should follow the customer data boundary, partner architecture, and procurement expectations.
SaaS control plane
The AI Security LLC web platform governs organizations, credits, entitlements, users, reports, and commercial records.
Local worker
Sensitive repositories, traces, prompts, and artifacts stay local while entitlement and usage sync remains platform-controlled.
OEM sidecar
A partner invokes the SecEng engine through CLI or localhost HTTP and ingests native JSON, SARIF, and evidence outputs.
Air-gapped deployment
Signed offline license grants and controlled update processes support highly sensitive environments.
Support tiers
Support can be matched to the commercial obligation, from pilot support to strategic OEM escalation.
Standard
Early partners, pilots, startups, and small commercial programs.
- Email support
- Pilot guidance
- Documentation support
- Best-effort integration review
Premium
OEM partners, MSSPs, and enterprise programs with customer-facing obligations.
- Partner escalation channel
- Release guidance
- Integration reviews
- Commercial success reviews
Enterprise
Strategic OEM, white-label, air-gapped, and enterprise site-license deployments.
- Escalation path
- Security review support
- Roadmap alignment
- Custom support terms
Commercial path
The fastest route is a scoped pilot that proves technical ingestion and commercial packaging before expanding.
Commercial fit call
Identify partner type, target customers, intended packaging, deployment constraints, support model, and success criteria.
Technical pilot
Prove the CLI or localhost API path against a representative target and confirm JSON, SARIF, and evidence ingestion.
Commercial pilot
Define pricing, customer-org model, support boundary, white-label depth, license controls, and pilot reporting.
Production rollout
Convert to partner agreement, issue production licenses, document integration, and begin customer-org activation.
Representative SKUs
Commercial products should be represented as registry-backed SKUs rather than ad hoc pricing copy.
OEM Pilot
A focused 30-day pilot to prove the SecEng headless engine can be invoked by a partner product and produce ingestible AI security findings.
OEM Base License
Base commercial license for a partner to embed or invoke the SecEng engine across approved internal and customer environments.
OEM Customer Org
Per-customer organization pricing for active OEM customers using partner-distributed SecEng AI security capabilities.
Private-Label Add-on
Private-label packaging where the partner owns customer-facing presentation while AI Security LLC remains available for legal, support, and technical attribution.
MSSP Base License
Commercial base license for MSSPs offering AI security assessments, monitoring, evidence reporting, and customer-org services.
Enterprise Site License
Organization-wide licensing for SecEng workbench access, private workers, evidence generation, Academy content, and custom deployment requirements.
Move from interest to a scoped commercial path
Every commercial conversation should resolve into a clear program, deployment model, license scope, support expectation, and evidence requirement.
Define the commercial motion
Decide whether this is OEM, reseller, MSSP, enterprise, private-label, or procurement-led.
Run a bounded pilot
Use one integration path, one target class, one reporting output, and one commercial success metric.
Move to operating terms
Finalize license scope, customer-org model, support tier, usage controls, and deployment model.
Build the right commercial path
Use a focused pilot to align the technical integration, licensing structure, support model, and customer-facing packaging.