Vendor Due-Diligence Packet

aisecurity.llc is an AI product security engineering practice. We help product, security, legal, and finance teams ship AI features, copilots, RAG systems, agents, and workflows without letting customers, attackers, or enterprise security reviewers discover the weak points first.

Engagements follow the MADE methodology — Map what is launching, Attack what can be abused, Defend what must hold, and Evidence what is safe enough to ship — and are delivered under signed, scoped agreements.

Primary contact

David Wolf · hello@davidwolf.org

Flagship offer

AI Launch Security Review — first findings in 5 business days, launch-ready review in 5–10.

Engagement basis

No-Cost Scoping Retainer + Mutual NDA before any paid work; fixed-fee SOW or private offer thereafter.

This packet is assembled so a champion, procurement lead, or finance reviewer can document a responsible vendor-selection decision. It compiles our published security practices, AI-usage and data-handling commitments, subprocessor disclosures, contract and policy library, and the attestation artifacts we can produce after an engagement.

Nothing in this packet is a certification or a guarantee of a security outcome. It evidences how we operate, what we will and will not do with client material, and the controls and agreements that govern an engagement.

• No-cost scoping means confidentiality, access boundaries, and review planning before paid work — not free consulting.
• Paid work is governed by signed SOW, assessment terms, DPA (where applicable), and Rules of Engagement (for adversarial testing).
• Engagement-specific contract terms auto-populate from your scope intake to reduce review friction.

Client work is performed under minimum-necessary access. We do not request production credentials, secrets, or regulated/customer personal data unless an engagement explicitly requires it and the appropriate agreements are in place.

• Access-controlled, need-to-know handling of client material.
• Encryption of evidence stores where feasible; no unmanaged personal storage or consumer chat tools for client evidence.
• Authorized-testing boundaries only; no production exploitation without a signed Rules of Engagement.
• Emergency-stop procedure for any unexpected production impact, critical zero-day, or regulated-data exposure.

Our delivery tooling and deliverables follow secure-SDLC practices: scoped change, review, and evidence capture appropriate to AI security engagements.

We do not use client confidential engagement materials to train public models, publish examples, or improve unrelated offerings except as expressly permitted in an applicable SOW, DPA, or written approval.

• No client content authorized for provider model training.
• Human review of deliverables; AI-assisted analysis is reference, not authority.
• Redaction and minimization defaults on all evidence.
• Public claims only with client approval and appropriate caveats.
• No secrets or regulated data accepted through public forms.

Evidence is collected to the minimum necessary, tied to a work item, finding, or deliverable, and classified (public-safe, client-confidential, restricted-access, legal-hold, delete-on-close).

• Redaction of personal data, credentials, tokens, secrets, and sensitive operational details before sharing.
• Retention reviewed at engagement close; deletion requests honored unless a legal or contractual hold applies.
• Public-safe derivatives require client approval for reuse.

Where customer or personal data may enter scope, a Data Processing Addendum (DPA Lite) is executed before any such data is shared, allocating controller/processor responsibilities, processing purpose, security measures, deletion/return, breach notice, and an AI provider/model-training prohibition.

Privacy policy

Published at /legal/privacy.

Data Processing Addendum

Available at /legal/data-processing-addendum and as a packet contract.

Acceptable use

Published at /legal/acceptable-use.

Our subprocessor list documents the infrastructure and vendor services used to operate the practice. Material changes are communicated per the DPA notice terms.

The following agreements and policies govern engagements. Engagement-specific terms auto-populate from your scope intake; signer-ready drafts are produced during scoping and executed through our document-signing flow.

No-Cost Scoping Retainer

Pre-engagement scoping: $0 fees, no obligation, NDA path, access boundaries, and a draft review plan before any paid work. Converts to a paid SOW only after approval.

AI Launch Security Review SOW

Scoped statement of work for the pre-release AI Launch Security Review — first findings in 5 business days, launch-ready review in 5–10. Auto-populated from your scope intake.

Scoped Services Framework

Master services framework for discovery, product review, red-team validation, governance evidence, and paid scopes without a standing retainer.

Sponsorship Agreement

Commercial sponsorship terms with explicit research-independence and disclosure boundaries.

Mutual NDA

Mutual confidentiality protections for pre-sales, delivery, and research collaboration contexts.

Commercial Services Addendum

Converts the services framework into scoped paid work with rate card, invoicing, and activation terms.

Data Processing Addendum

Controller/processor allocation, data protection obligations, subprocessing, security measures, AI provider boundaries, and customer-data handling for scoped services.

Assessment Terms Addendum

Scope, authorization, evidence use, testing boundaries, safe harbor, retesting, reporting limitations, and reliance limits for AI product security assessments.

Statement of Work Template

Mission-specific scope, deliverables, timeline, access, assumptions, and acceptance criteria for scoped AI security engagements.

AI Red Team Rules of Engagement

Rules of engagement for authorized AI red-team validation, including targets, test windows, allowed techniques, prohibited actions, safety controls, evidence handling, escalation paths, and stop conditions.

Penetration Test & Red Team Rules of Engagement

Rules of engagement for scoped penetration testing and adversarial red team work — authorization, targets, allowed and prohibited techniques, testing window, access plan, evidence handling, emergency stop, and reporting. Covers web/API, cloud, authenticated, business-logic, and AI/agentic testing.

Cloud Testing Boundary Addendum

Bounds cloud/infrastructure testing — separates customer-owned active testing targets from configuration-review targets and from provider infrastructure, with account/region scope, access model, and provider-rules responsibility.

Special Approval Addendum

Explicit authorization gate for high-impact activities (DoS/stress, phishing, social engineering, physical, malware/C2, third-party/shared-tenant). Excluded from standard scope unless signed here and separately approved.

Agentic Workflow ROE Addendum

Bounds testing of tool-using agents and automated workflows — tools/actions in scope, authorized adversarial techniques, action boundaries, rollback, persistence prohibition, and audit-gap reporting.

Consultant Mission Brief

Defines specialist role, client relationship model, confidentiality, deliverables, and independence boundary for consultant-led missions.

Sponsorship Launch Addendum

Campaign schedule, sponsor assets, labeling, approval process, and launch deliverables.

Security Operations Schedule

Operational control schedule for authorized AI security work, covering access, credentials, logging, AI/ML testing boundaries, incident handling, evidence retention, and client escalation.

Evidence Handling Policy

Evidence collection, classification, storage, redaction, retention, deletion, and publication boundaries for AI security assessments, red-team work, governance evidence, and public-safe deliverables.

Publication & Claim-Readiness Policy

Claim-readiness criteria for public research, trust pages, scorecards, attestations, sponsor materials, security review outputs, and buyer-facing evidence.

Data Retention & Redaction Policy

Retention, redaction, deletion, and post-engagement handling for client materials, research artifacts, assessment evidence, exports, and public-safe publication files.

After a completed engagement we can produce attestation artifacts suitable for procurement and buyer assurance:

General Security Review Attestation

Independent technical AI security review artifact for procurement and buyer assurance.

RAG Authorization Review

Retrieval authorization, tenant-boundary, and leakage review attestation.

AI Red Team Completion

Confirmation of completed adversarial testing within an authorized scope.

Trust Surface Review

Public claim, trust-language, and evidence-surface review.

Governance Evidence

Operating-model, control-ownership, and evidence-cadence attestation.

To keep the engagement scoped and defensible, the following are explicitly out of scope unless separately and expressly authorized in writing:

• No rubber-stamp approvals or certification claims.
• No open-ended governance program or platform migration.
• No production exploitation or adversarial testing without a signed Rules of Engagement.
• No use of client confidential materials to train public models or improve unrelated offerings.
• No acceptance of secrets or regulated data through public forms.

To begin, request a No-Cost Scoping Retainer and Mutual NDA. Contact David Wolf at hello@davidwolf.org.

Start no-cost scoping

/marketplace/private-offers?track=procurement-fast-track

Scope a launch review

/scope?offer=ai-launch-security-review&pressure=launch

Trust center

/trust-center