aisecurity.llc / Trust Center

Trust Center

How we scope, authorize, protect, evidence, and describe AI security work for buyers, procurement, and governance review.

aisecurity.llc is a consulting-led AI security engineering practice. This Trust Center documents the policies, contracts, evidence-handling rules, AI usage boundaries, and claim-readiness model behind our Workbench-backed engagements, public research, and buyer-facing deliverables.

Open Contract Docs Review AI Data Handling

Scope a Review

Research independencePrivacy by designClaim disciplineSponsor separationEvidence caveatsSigner-ready docs

Trust workflow for scoped AI security engagement work

Inputs

Outputs

Research data

Survey responses

Sponsorships

Scorecards

Evidence packs

Redaction

Aggregation

Claim
Readiness
Model

Methodology firewall

Sponsor separation

Claim labels

Legal review

Public research

Evidence packs

Citation library

Attestation packages

Contract docs

Controls

Governance

Healthy / Approved

Caveat / Review

Procurement & legal

Contracts, claim-readiness, and evidence rules for buyer-facing review packages.

Buyer-ready review

Scope a review with authorization, evidence limits, and procurement-friendly deliverables.

AI data handling

Customer data, model training boundaries, provider commitments, and enterprise controls.

Assessment authorization

NDA, DPA, engagement framework, and rules of engagement for review work.

Evidence & claims

Attestations, evidence packs, badges, and claim readiness for scoped deliverables.

Stakeholder transparency

How consulting-first delivery separates sponsorship, procurement review, and methodological independence.

Why buyers should care

Enterprise buyers and procurement teams do not only ask whether AI security work was performed. They ask what was tested, what evidence exists, who approved the claims, what is safe to share, and what remains caveated. This Trust Center documents how we keep those boundaries clear.

Trust Posture

Operating principles

Research independence

Sponsor support does not influence methodology, scoring, findings, chart outputs, or editorial conclusions.

Public-safety boundaries

We do not publish raw job descriptions, raw ATS payloads, raw survey answers, personal data, secrets, or identity-level artifacts.

Claim language discipline

We treat job descriptions as public hiring signals and role-language evidence, not proof of company security maturity.

Governance by default

Public outputs are aggregate benchmarks with caveats and quality checks designed for executive and practitioner scrutiny.

Operating commitments

Commitment

What it means

Protect private data

Raw client information, evidence artifacts, survey answers, and identity details are kept private or redacted before sharing.

Separate sponsor influence

Sponsor support may enable distribution, but it does not shape methodology, findings, or public conclusions.

Minimize AI exposure

AI assistance is applied thoughtfully and only where it supports the engagement, not as a substitute for analysis or authorization.

Label public claims

Every external claim is tagged with a readiness level and scope so buyers understand how to use it.

Redact sensitive evidence

Evidence packs and attestations exclude sensitive operational details that could expose systems or people.

Avoid certification overclaims

We describe evidence and attestations without implying formal certification or audit status unless explicitly granted.

Based on analyzed job-description signals, not proof of any individual company's internal security maturity.

Claim Readiness

Every public claim needs a label.

We label findings before they appear in public materials. Labels indicate how a claim should be used, not how strong the underlying signal is.

Public-ready

Supported by aggregate evidence, caveats, and citation trace.

Public with caveat

Usable externally only with scope, limits, and careful wording.

Internal only

Useful for analysis, targeting, or strategy but not suitable for publication.

Do not claim

Too speculative, too sensitive, too identity-level, or not sufficiently evidenced.

Sponsorship Independence

Sponsors can support the research. They do not steer the findings.

Sponsorship may support research distribution, report production, events, or public artifacts. It does not change the methodology, scoring, named findings, citation selection, chart outputs, or editorial conclusions.

Sponsor agreements are separated from methodology decisions.
Sponsored materials are clearly labeled.
Editorial claims remain evidence-led.
Sponsor access does not include raw private datasets.
All sponsor-facing outputs follow the same claim-readiness rules.

View Sponsor Terms Open Contract Docs

Evidence outputs

Evidence outputs and verification for scoped AI security work.

Diagnostic scorecards, evidence packs, and attestations support scoped engagements with clear boundaries. They help buyers and legal teams verify what was reviewed without implying formal audit certification.

Diagnostic scorecard

Directional signal based on submitted responses and reviewed evidence.

Assessment domains

Shared vocabulary used inside diagnostic, field-guide, and Prove-phase evidence work.

Evidence Pack

Packaged artifacts from an assessment, lab, red-team, or review scope.

Verified Badge

Public badge with scope, issue date, issuer, and caveats.

Evidence outputs are scoped to the systems, artifacts, access, answers, and evidence reviewed. They do not replace formal audit, legal certification, or security warranty.

Legal Execution

Contracts and signer-ready engagement documents

The Trust Center includes a dedicated contracts hub for procurement-ready sponsorship agreements, NDA workflows, scoped services, commercial addenda, and assessment rules of engagement.

Sponsorship Agreements

Sponsor packages, independence language, deliverables, and labeling terms.

NDA Workflows

Mutual confidentiality and review support for assessment or sponsorship discussions.

Scoped Services Framework

A lightweight starting point for scoped review, threat modeling, evidence mapping, or discovery.

Commercial Addenda

Scope, data handling, evidence use, publication rights, and caveats.

Open Contract Docs Scope a Review

Transparency & governance

Trust layer, fully documented.

Every policy, principle, and practice governing how we collect data, use AI, and secure our infrastructure — open and linkable.

Legal & Privacy

All docs

Security & AI

Hub

Responsible AI Principles

9 principles covering security-first AI, human accountability, transparency, abuse prevention, and provider review.

Customer Data & Model Training

Clear policy: your data does not train AI models. Covers what we send to Anthropic and OpenAI, enterprise opt-outs, and provider commitments.

AI Usage Policy

Human review requirements, prohibited AI uses, output limitations, and how we apply data minimization before AI API calls.

Security & AI

Security Practices

Encryption, access control, MFA, dependency scanning, incident response, and vendor risk. Honest disclosure on certifications we hold vs. aspire to.

Secure SDLC

How security is integrated into our development lifecycle — threat modeling, code review, CI/CD controls, and AI-specific checks (prompt injection, output sanitization).

Contract Templates

Signer-ready docs: scoped services framework, NDA, DPA-lite, assessment terms, and commercial addenda.

Vulnerability Disclosure

Report vulnerabilities to security@aisecurity.llc. In-scope, response process, researcher protections, and recognition.

Trust Center

Use the trust layer behind the engagement.

Review the methodology, open contract documents, or start with a scoped engagement that respects procurement, privacy, evidence, and public-claim boundaries.

Open Contract Docs Scope a Review

Scope a Review