ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review
DraftNegotiation draft - fill placeholders before execution
BackRequest Execution

aisecurity.llc

AI SECURITY ENGINEERING

Los Angeles, CA · Athens, GR

aisecurity.llc

hello@aisecurity.llc

Operational Policy · Negotiation Draft

Publication & Claim-Readiness Policy

Claim-readiness criteria for public research, trust pages, scorecards, attestations, sponsor materials, security review outputs, and buyer-facing evidence.

Generated: May 30, 2026Format: Negotiation draftStatus: Fill placeholders before executionVersion: v1.1

Publication & Claim-Readiness Policy

Effective Date: [EFFECTIVE_DATE]
Version: v1.0
Owner: aisecurity.llc
Applies To: Public report content, trust-center pages, sponsor materials, and related publications

  1. Purpose

1.1 This Policy defines the criteria used to decide whether a statement, chart, benchmark, finding, or summary may be published as-is, published with a caveat, held internally, or withheld.

1.2 The policy protects the research, the reader, and the business from overclaiming.

  1. Claim-Readiness Labels

2.1 Provider uses four practical claim-readiness values:

  • public_claim_ready
  • public_claim_with_caveat
  • internal_or_teaser_only
  • do_not_claim

2.2 These values are guidance for editorial and commercial review. They are not legal advice.

  1. Public Claim Ready

3.1 A statement may be marked public_claim_ready when:

  1. the underlying source is public-safe and can be cited or summarized without revealing restricted material;

  2. the claim is supported by the project evidence or aggregate analysis;

  3. the wording is accurate, balanced, and not misleading;

  4. any sponsor relationship is clearly separated from the conclusion; and

  5. the language can survive public scrutiny without requiring hidden context.

  6. Public Claim With Caveat

4.1 A statement may be marked public_claim_with_caveat when the core point is sound, but the wording needs a visible limitation, source note, or method caveat to prevent misinterpretation.

4.2 Typical caveats include:

  • based on analyzed job-description signals, not proof of internal maturity;
  • aggregate benchmark, not company-level certification;
  • directional signal, not universal truth;
  • public-safe summary only;
  • sponsor support does not affect findings.
  1. Internal or Teaser Only

5.1 A statement may be marked internal_or_teaser_only when it is useful for sales, planning, or internal strategy, but not yet fit for public posting.

5.2 This category is appropriate when:

  • evidence is incomplete;
  • the sample is too small;
  • the wording is too specific for public release;
  • the artifact is still under review; or
  • the statement depends on a future sample, appendix, or published asset that does not yet exist.
  1. Do Not Claim

6.1 A statement must be marked do_not_claim when it would:

  • overstate certainty;
  • imply certification or endorsement;
  • reveal private client details;
  • expose raw evidence;
  • claim maturity from weak signals; or
  • create a misleading impression about a sponsor, partner, or client.
  1. Review Criteria

7.1 Before publication, the reviewer should ask:

  1. Is the source public-safe?
  2. Is the evidence sufficient?
  3. Is the wording precise?
  4. Would the reader misunderstand the scope?
  5. Does this create an endorsement, certification, or maturity claim we cannot support?

7.2 If the answer to any of the above is unclear, the item should be downgraded or held.

  1. Sponsor Separation

8.1 Sponsor support does not influence methodology, scoring, findings, chart outputs, editorial conclusions, or publication timing.

8.2 Sponsor references must remain neutral and must not imply endorsement or validation.

8.3 Sponsor-provided copy may be used only if it is clearly labeled as sponsor perspective or sponsor material.

  1. Research and Market Intelligence Claims

9.1 Job-description intelligence, public hiring signals, and aggregate benchmark outputs may be published only when the wording makes clear that they are directional and not proof of internal security maturity.

9.2 Psychometric outputs, if used, must be described as role-language evidence, not personality diagnosis or employee assessment.

  1. Approval Workflow

10.1 Public claims should be reviewed by the content owner and at least one other reviewer familiar with the source evidence.

10.2 Any claim with legal, sponsor, or reputational risk should be escalated for additional review before publication.

  1. Corrections

11.1 If a published claim is later found to be inaccurate, Provider will correct it promptly and, where appropriate, annotate the change.

  1. Recordkeeping

12.1 Provider should retain the claim-readiness rationale for significant public claims, especially where the language is tied to research findings, sponsor materials, or buyer-facing proof.

aisecurity.llc · AI SECURITY ENGINEERINGhello@davidwolf.org

This document is a negotiation draft. Final terms may vary by scope, jurisdiction, and client requirements. All bracketed placeholders must be completed before execution.