Do we have to be using a specific model provider?

No. We work across OpenAI, Anthropic, Google, Bedrock, Azure AI Foundry, Vertex, self-hosted Llama, and Mistral. The threat model is provider-agnostic; the control implementation isn't.

Can you work alongside our existing CISO function?

We expect to. The CISO sets policy; we close the gap between policy and the agentic surface. Most engagements ship a control matrix the CISO signs.

What happens after the assessment?

Either we hand off the evidence pack and you operate it, or we fold the controls into a Managed AI Stack engagement. Your call.

Are you certified to do this?

Maverin's information-security program is aligned with ISO 27001; we are not certified and do not claim to be. Our security leads carry CISSP, OSCP, and AI-specific red-team qualifications. See the Trust page for our current control posture; attestations available on request.

AI Security & Governance

Threat modelling, data-loss prevention, model risk, and audit trails for LLM and agent-based systems.

Scope this engagement Read how it works

SHAPE · Fixed fee · 3–4 weeks · 2 senior + 1 specialist

Security architects threat-modelling an AI agent system, deploying defences against prompt injection and tool misuse around a giant shield.

THE PROBLEM

Existing AppSec doesn't model prompt injection, tool misuse, or jailbreak chains. Your audit committee will ask. We give you the answers — and the controls — before they do.

01HOW IT WORKS

The shape of the engagement.

01Threat model

STEP 1

STRIDE for agents

Prompt injection, jailbreak, tool misuse, indirect injection through retrieved content. We map every attack surface to a control, not a slide.

02Boundary

STEP 2

DLP & PII design

Where data crosses model providers, where retrieval indexes live, what gets logged, and what's redacted. Designed for your existing DLP stack — Microsoft Purview, Symantec, Forcepoint, Netskope, in-house.

03Evidence

STEP 3

Audit posture

Mapped to ISO 42001, NIST AI RMF, EU AI Act, and your sector regulator. Audit logs of prompts, contexts, tool calls, and outcomes — query-able, exportable, defensible.

WHAT WALKS OUT THE DOOR

Risk registerPolicy & guardrail specAudit postureRed-team playbookEvidence pack

02ACROSS INDUSTRIES

How AI security & governance applies in your industry.

SELECT SECTOR ↓

HOW IT APPLIES

Model risk management (SR 11-7), conduct risk, market abuse surveillance integration, and regulator-ready evidence packs. We work to your three-lines-of-defence model, not around it.

WHAT TRIPS PEOPLE UP

Internal audit will ask about prompt versioning. We design version control + rollback into the harness from the start.

EXPLORE INDUSTRY

ILLUSTRATIVE ENGAGEMENT

MRM PRECEDENT

8 weeks

Tier-1 bank · LLM model card approved

03FAQ

What teams ask before signing.

04OFTEN PAIRED WITH

What usually comes next.

03BUILD

Agentic Automation

Production-grade agents and workflows on your stack — harness, orchestration, tools, MCP, and evals.

06RUN

Managed AI Stack

Two ways in, one way to run it forward. Bring us the AI stack you already ship, or have us build it — both paths converge on a single monthly retainer that owns uptime, drift, cost, and one new workflow each month. We run it forward, regardless of who shipped v1.

05IMPLEMENTATION

Implementation Services

End-to-end rollout — integrations, data plumbing, observability, validation harness, and rollback.