Executive Summary
This sample pack shows the buyer journey for a fictional but realistic AI Product Security engagement. It follows Northstar Support Cloud and its Customer Support Copilot from first intake through architecture review, retrieval authorization, tool permissions, evidence packaging, release gating, and remediation. The value of the pack is not that it contains every artifact. The value is that it shows how the artifacts fit together into a proof chain a buyer can understand.
Sample pack decision
Use this pack as the guided tour for buyer-facing samples. Lead with the intake pack, system inventory, architecture review, RAG authorization review, tool inventory, evidence pack, and release gate.
Sample Pack Snapshot
What buyers should learn
Northstar Support Cloud context
| Field | Value |
|---|---|
| Client | Northstar Support Cloud |
| Product | Customer Support Copilot |
| Environment | production pilot |
| Core AI surface | support copilot with RAG, model gateway, case management, customer messaging, billing read access, and internal notifications |
| Key concern | proof that retrieval and tool authority stay inside defined boundaries |
Buyer journey through the sample pack
| Stage | Artifact | What it proves |
|---|---|---|
| 1 | AI Security Discovery / Intake Pack | scope, urgency, stakeholders, and evidence gaps |
| 2 | AI System Inventory / Application Register | owners, systems, retrieval, tools, and trace state |
| 3 | AI Architecture Review | boundary evidence and launch readiness |
| 4 | RAG Authorization Review | retrieval ACL proof and negative testing posture |
| 5 | Agent Tool Inventory / Tool BOM | tool authority, credentials, and actions |
| 6 | Agent Tool Permission Matrix | allowed, conditional, blocked, and denied actions |
| 7 | AI Control Gap Assessment | owned gaps and release blockers |
| 8 | Enterprise AI Security Evidence Pack | buyer-safe proof and questionnaire answers |
| 9 | AI Governance Evidence Matrix | control-to-evidence mapping |
| 10 | AI Release Gate Checklist | safe change and launch gate |
| 11 | AI Red Team Assessment Executive Summary | adversarial validation and executive summary |
| 12 | AI Security Remediation Roadmap | remediation sequencing |
AI Security Discovery / Intake Pack
The intake pack is the first step in the Northstar sample story.
AI System Inventory / Application Register
The inventory names the owners, surfaces, and evidence gaps.
AI Architecture Review
The architecture review proves where AI authority starts and stops.
RAG Authorization Review
The retrieval review proves whether access control survives indexing and assembly.
Agent Tool Inventory / Tool BOM
The tool inventory names the tools, credentials, and action classes.
Agent Tool Permission Matrix
The permission matrix shows what is allowed, conditional, blocked, or denied.
AI Control Gap Assessment
The control gap assessment turns partial posture into owned remediation.
Enterprise AI Security Evidence Pack
The evidence pack shows how to answer procurement and trust questions.
AI Governance Evidence Matrix
The governance matrix maps claims to evidence.
AI Release Gate Checklist
The release gate shows how AI changes are prevented from shipping unsafely.
AI Red Team Assessment Executive Summary
The red-team summary shows validation, impact, and remediation pressure.
AI Security Remediation Roadmap
The roadmap turns findings into sequenced work.