ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review

aisecurity.llc

Contracts and Legal Docs

Contract templates and trust documents for scoped AI security work: services, sponsorship, confidentiality, assessment boundaries, red-team authorization, evidence handling, data processing, publication limits, and claim-readiness.

Featured offer

Scoped Services Framework

Use the scoped services framework as the fast path from conversation to authorized work. It supports discovery, AI product security review, red-team validation, blue-team hardening, governance evidence, and follow-on paid scopes without requiring a standing retainer.

Open scoped services frameworkRead the framework

Use this when

Use this when you need a scoped AI security engagement

  • When procurement or legal needs contracts that include evidence handling, claim boundaries, and publication limits.
  • When buyer teams need a documented path from scoping to signed security review deliverables.
  • When security wants an authorized review scope with NDA, DPA, and rules of engagement.
  • When clients or sponsors need transparency around what is evidence-ready versus internal only.
  • When a standalone retainer is not the first step and you need a scoped services agreement instead.

Suggested sequence

Suggested document sequence for review work

  1. 1. NDA / mutual confidentiality to protect discovery, data, and work product.
  2. 2. Scoped Services Framework to define the engagement, deliverables, and approval gates.
  3. 3. Assessment or review terms for rules of engagement, evidence collection, and judgment criteria.
  4. 4. Data handling addendum if customer data, model training, or third-party data is in scope.
  5. 5. Evidence handling and claim-readiness rules for what may be shared, how findings are labeled, and what is internal only.
  6. 6. Post-engagement attestation for a public-safe summary of what was reviewed and what the results mean.

Core

Core agreements

Core

Available

Scoped Services Framework

Master services framework for discovery, product review, red-team validation, governance evidence, and paid scopes without a standing retainer.

Open document →

Core

Available

Sponsorship Agreement

Commercial sponsorship terms with explicit research-independence and disclosure boundaries.

Open document →

Core

Available

Mutual NDA

Mutual confidentiality protections for pre-sales, delivery, and research collaboration contexts.

Open document →

Core

Available

Statement of Work Template

Mission-specific scope, deliverables, timeline, access, assumptions, and acceptance criteria for scoped AI security engagements.

Open document →

Addendum

Commercial addenda

Addendum

Available

Commercial Services Addendum

Converts the services framework into scoped paid work with rate card, invoicing, and activation terms.

Open document →

Addendum

Available

Data Processing Addendum

Controller/processor allocation, data protection obligations, subprocessing, security measures, AI provider boundaries, and customer-data handling for scoped services.

Open document →

Addendum

Available

Assessment Terms Addendum

Scope, authorization, evidence use, testing boundaries, safe harbor, retesting, reporting limitations, and reliance limits for AI product security assessments.

Open document →

Addendum

Available

AI Red Team Rules of Engagement

Rules of engagement for authorized AI red-team validation, including targets, test windows, allowed techniques, prohibited actions, safety controls, evidence handling, escalation paths, and stop conditions.

Open document →

Addendum

Available

Consultant Mission Brief

Defines specialist role, client relationship model, confidentiality, deliverables, and independence boundary for consultant-led missions.

Open document →

Addendum

Available

Sponsorship Launch Addendum

Campaign schedule, sponsor assets, labeling, approval process, and launch deliverables.

Open document →

Policy

Operational policies

Policy

Available

Security Operations Schedule

Operational control schedule for authorized AI security work, covering access, credentials, logging, AI/ML testing boundaries, incident handling, evidence retention, and client escalation.

Open document →

Policy

Available

Evidence Handling Policy

Evidence collection, classification, storage, redaction, retention, deletion, and publication boundaries for AI security assessments, red-team work, governance evidence, and public-safe deliverables.

Open document →

Policy

Available

Publication & Claim-Readiness Policy

Claim-readiness criteria for public research, trust pages, scorecards, attestations, sponsor materials, security review outputs, and buyer-facing evidence.

Open document →

Policy

Available

Data Retention & Redaction Policy

Retention, redaction, deletion, and post-engagement handling for client materials, research artifacts, assessment evidence, exports, and public-safe publication files.

Open document →

Post-engagement deliverables

Scoped Security Review Attestations

After a completed scoped engagement, we may issue a one-page Security Review Attestation: a public-safe, evidence-backed statement describing what was reviewed, which services were performed, what evidence was available, and what result level was observed within that scope. It is designed for buyer enablement, procurement review, and investor communication, not as a formal audit, certification, or security warranty.

View sample attestation →Learn more

Contact

Request or negotiate a document

To request a negotiated version, initiate a signing workflow, or ask questions about any of these documents, contact hello@davidwolf.org.

These are negotiation drafts. All bracketed placeholders must be completed before execution.