The State of AI Security Engineering Report 2026

SECURITY REVIEW ATTESTATION

Independent Assessment · Evidence-Based · Public-Safe

This attests that

ACME Corp

acmecorp.io

ACME Corp engaged aisecurity.llc to conduct a security review of the systems, processes, and public trust surfaces described below.

Service(s) performed

🛡️

Trust Surface Scan

End-to-end audit of public-facing trust artifacts, security disclosures, and buyer-facing evidence.

📋

AI Usage Disclosure Review

Review of AI feature disclosures, model usage statements, and customer-facing AI transparency claims.

⚖️

Privacy & Legal Document Review

📎

Buyer Evidence Readiness Assessment

Security questionnaire readiness, vendor risk artifacts, and SOC 2 / ISO 27001 evidence mapping.

Scope

Systems / Features in ScopeACME Corp public trust center (acmecorp.io/security), all public legal documents, AI feature documentation, help center security disclosures, and externally referenced compliance artifacts.

Review TypeDocument review, public-surface analysis, disclosure accuracy assessment, and evidence-readiness evaluation against common enterprise security questionnaire frameworks.

Engagement IDAISC-2025-0488

Engagement PeriodApril 22, 2025 – May 2, 2025

Report DeliveredMay 6, 2025

Results summary

Strong

ACME Corp's public trust surface is well-structured and demonstrates strong alignment between disclosed practices and observable artifacts. Three medium findings were identified relating to AI disclosure gaps and an outdated sub-processor reference. No high-severity gaps were found in core legal documents or security disclosures.

3Medium findings

6Low findings

9Informational

Domains reviewed

✓

Public Trust Surface

Trust center structure, disclosure completeness, and buyer-facing evidence.

✓

AI Transparency & Disclosure

AI usage language, model disclosure, and feature-level AI notices.

✓

Privacy & Legal

✓

Data Security Claims

Accuracy of encryption, retention, and access-control disclosures.

✓

Access Control Disclosures

Disclosed access controls, SSO, MFA availability, and role descriptions.

✓

Vendor & Sub-processor Disclosure

Sub-processor list accuracy, data flow disclosures, and DPA coverage.

✓

Incident Response Disclosure

Breach notification language, SLA commitments, and contact paths.

◑

Security Monitoring Claims

Logging, detection, and audit trail disclosures.

Attestation

aisecurity.llc attests that a scoped Trust Surface Review was conducted covering the public trust artifacts and disclosures described herein.

✓The review was conducted using aisecurity.llc's published trust surface methodology and evidence-readiness framework.
✓ACME Corp's public security disclosures were found to be materially accurate relative to the evidence and artifacts reviewed.
✓AI usage disclosures reviewed during the engagement were consistent with the product's observed behavior.
✓No critical gaps were identified in core legal documents, security commitments, or buyer-facing evidence within the reviewed scope.
✓Full findings, remediation guidance, and evidence-readiness recommendations were delivered in the associated private report.

Caveats

This review is limited to the public trust surface and materials described herein — it does not assess internal infrastructure or systems.
Disclosure accuracy is assessed at a point in time; legal documents and disclosures should be reviewed whenever material practices change.
This attestation is not a legal opinion, compliance certification, or audit under any regulatory framework.
This attestation is not a guarantee of future accuracy or security.

Attestation level

Strong

Score range: 82 – 92

Public trust surface demonstrates strong alignment between disclosures and observed artifacts, with minor gaps under active remediation.

Authorized by

David Wolf

Principal Security Architect

aisecurity.llc

Date of attestation

May 7, 2025

Verification

ATT-AISC-2025-0488

https://aisecurity.llc/trust-center/attestations/ATT-AISC-2025-0488