AI governance, private AI, and managed operations · built by Data Science and Engineering Experts NAICS 541330 / 541511 / 541512 / 541519  ·  CMMC-aware
§00·AI Governance, AI Security, and Private AI
healthcare · government · financial services · regulated teams

AI governance, AI security, and private AI for teams that need it to hold up.

We help healthcare, government, financial-services, and other sensitive-data teams adopt AI safely, prove the controls under review, and move critical workloads into private or dedicated environments. Start with a fixed-fee readiness or security sprint, expand into implementation, and keep the program current through retained oversight.

Scope a regulated AI sprint Explore private AI See selected work fixed-scope entry points before platform or retainer spend
governance
readiness
inventory, policy, risk tiers, evidence
implementation
integration
copilots, workflows, data controls
private ai
dedicated
cloud, on-prem, or isolated designs
managed ops
ongoing
monitoring, evidence upkeep, retesting
regulated lanes
health · gov · finserv
HIPAA, NIST AI RMF, GLBA, CMMC-aware
delivery
fixed-fee
scope written before work starts
§ PrivateStack·product, now in beta

the private AI we build and run for clients is also a product. PrivateStack is our secure, multi-tenant LLM platform, now opening in a controlled, approval-gated beta.

Go to PrivateStack you'll continue on privatestackhub.com, where you request access, create an account, and reach your console. beta access is approval-gated.
§ What we sell.
Three towers.

A staged AI services model, from first policy to private operations.

Most teams do not need a giant governance program on day one, and most private AI deals should not start with infrastructure first. We land with a clear readiness package, expand into implementation, and operate sensitive AI systems only when the trust and use case justify it.

Tower 1 · governance and readiness

Create safe adoption fast.

Use-case inventory, acceptable-use policy, vendor review, lightweight risk register, owner matrix, and an evidence pack. This is the fastest entry point for startups, growth companies, and regulated teams that need structure before AI use gets messy.

See governance readiness Read the AI Governance Starter Kit →
Tower 2 · implementation and integration

Turn policy into operating capability.

Workflow design, AI copilots, agent use cases, data integration, control implementation, red-team findings, and remediation plans. The point is to make governance usable inside the systems people actually work in.

See implementation path See an anonymized implementation case note →
Tower 3 · private AI and managed operations

Operate sensitive AI with more control.

Private architecture design, dedicated hosting patterns, air-gapped options where appropriate, MLOps support, monitoring, maintenance, cost controls, and evidence upkeep. This is the premium path after the use case and risk model are clear.

Explore private AI Read: private AI architecture vs public API →
How we sequence it: readiness first, implementation second, private AI and managed operations third. You can buy only the layer you need, or use the first engagement to de-risk the next one.
§ How we prove it.
No fake logos.

Public proof that holds up under scrutiny.

We do not fill the site with invented testimonials, logo walls, or vanity counts. We show proof four ways instead: anonymized operator references where permission exists, shipped-system case studies, sample artifacts and runbooks, and public practitioner work you can inspect yourself.

Anonymized references

Role, context, and stage over named logos.

Where a client quote appears, it stays anonymized and attached to the role and operating context, not a borrowed logo. If attribution is not public, we say “reference on request” and leave it there.

Shipped systems

Production work you can inspect.

We prefer concrete build proof: what shipped, what controls were implemented, what handoff artifacts existed, and how the system was operated after launch.

See selected work Regulated SaaS: secure multi-tenant LLM platform →
Public artifacts

Runbooks, samples, and open-source depth.

When we cannot name a client, we can still show the work: sample deliverables, managed-operations runbooks, control frameworks, and public tools that reflect how we operate.

Inspect the public footprint Healthcare: clinical documentation AI framework → Federal: contract intelligence pipeline →
§ Where you start.
Routed by maturity.

Choose the lane that matches your AI maturity.

Start with the pressure you can name: moving fast without policy, scaling across teams, answering a regulator, or needing private AI infrastructure. Each route leads to a tighter service page or scoping path.

Startup and small growth

AI Launch Pack

Use-case inventory, acceptable-use rules, vendor review, a lightweight risk register, and a short roadmap workshop. Built for teams adopting AI before the policy catches up.

Startup Launch Pack
Growth and mid-market

Governance before sprawl.

Policy set, risk tiering, owner matrix, vendor controls, basic evidence pack, and quarterly governance support for teams with AI already spreading across functions.

Growth governance pack
Regulated industries

AI controls that survive review.

Healthcare, public-sector, and financial-services teams get framework mapping, risk evidence, and control design tied to HIPAA, NIST AI RMF, GLBA, and program-specific security expectations.

Compare regulated entry paths Compare the regulated lanes → See the readiness sample deliverable → Healthcare-specific governance → Finserv-specific governance → Federal capability →
Private AI buyers

More control over sensitive workloads.

Private cloud, dedicated environments, on-prem patterns, and managed evidence upkeep for AI systems where privacy, compliance, and vendor control matter.

Private AI security
Enterprise and complex buyers

Formal oversight at scale.

Federated governance model, committee support, documentation framework, monitoring design, and an audit-ready process for cross-functional AI oversight.

Enterprise control pack
Federal

Unclassified AI governance.

Pre-deployment AI architecture review, AI risk register, NIST AI RMF mapping, and proposal-ready governance narratives for public-sector programs.

Federal AI Readiness Brief
§ Start here·choose the pressure point

Choose the problem we should route first.

If you are not sure which service name fits, start here. Pick the sentence that sounds most like the conversation happening inside your team.

Regulated AI Readiness Sprint AI Security X-Ray Private AI Stack Selected work
fig 01·what we run, end-to-end·representative of how we ship
Open source ↗
~/dsee   cat /var/log/shipping.sample illustrative
[gate] check ok mcp-warden warden.lock · drift gate · CI
[eval] eval pass rag/v3 golden suite green · drift in band
[deploy] deploy ok fedgov/ingest sam.gov sync · batch loaded
[scan] scan bedrock-iam clean ✓
[release]release mcp/gemini-bridge tagged · github
[deploy] deploy ok dsealgo risk-circuit · zero downtime
[review] red-team client-X findings triaged · prioritized
[release]release mcp/perplexity-async tagged · github
[deploy] deploy ok foodee/payments stripe · PII-clean
_
an illustrative slice of the kinds of work we ship Open source ↗
What we run, end-to-end.
fig 01 · stack
Auth / Identity
Clerk · JWT · OIDC
least-priv IAM
API Gateway
66 routes
p95 < 200ms
LLM Routing
LiteLLM · 5 providers
cost-routed
Retrieval
pgvector · BM25+dense
hybrid search
Evals
CI gates · golden suite
drift-tracked
Inference
Bedrock · vLLM
GPU-shared
Observability
Traces · logs · cost
per-tenant
AI Security
Red-team · STRIDE/AI
NIST AI RMF
Governance
EU AI Act · ISO 42001
CMMC-ready
every cell = a thing we'll write, run, and document for you. AWS-native
§ Why us.
Real IP, not slideware.

We don't just test AI security. We build it.

The tooling we deploy in an assessment is tooling we wrote and open-sourced. The posture we bring to your system is the posture we use on our own. Explore the full AI security & cyber risk pillar for regulated teams.

authored IP

mcp-warden

We authored it. An open-source MCP supply-chain lockfile and CI gate that pins an MCP server's declared tool surface into a signed lock and fails CI when that surface drifts. The kind of tooling we deploy in assessments. MIT licensed, on PyPI as mcp-warden-cli, with signed releases and active test coverage.

Inspect mcp-warden
also ours

conclave

A multi-model adversarial council we built to pressure-test our own designs. It is the same posture we bring to your AI system: assume the model is hostile and prove otherwise.

how we staff

Senior-only bench

Engagements run on a published method, the OWASP LLM Top 10 and MITRE ATLAS, by senior practitioners. No junior hand-off, no rented dashboard. The person who scopes is the person on the keyboard.

§01·Secure your AI·find what is exploitable

Find prompt injection, data leakage, and agent abuse before attackers do.

We red-team the whole stack an attacker sees, not just the prompt box. Then we hand you evidence-backed findings and a remediation roadmap, mapped to the OWASP LLM Top 10 and MITRE ATLAS. Fixed-fee, fixed-scope, principal-run. For regulated teams, the red team finds what an examiner's third-party-risk review, a fair-lending challenge, or a Reg S-P incident would surface, before any of them do. Findings map to GLBA, NYDFS Part 500, and the NIST AI RMF, not just the OWASP LLM Top 10.

primary

AI Security X-Ray

2 weeks · $12k to $18k fixed

A point-in-time threat model and adversarial test of one AI system, with severity-ranked findings, remediation, and a runbook. First findings inside 48 hours.

Scope the X-Ray
early access · limited availability · scoping call required
deeper engagement

AI Red Team Sprint

4 weeks · indicative $35k to $55k

A full adversarial campaign across the system, multi-turn attacks, chained exploits, and agent steering, when a two-week X-Ray is not enough.

Request a scoping call
what comes after

AI Security Co-Pilot

retainer · from $8.5k/mo

Ongoing security oversight once the system is live, keeping the red-team harness, the findings backlog, and the AI inventory current as the system changes.

The five attack surfaces we test
  1. Input and output. Direct and indirect prompt injection, jailbreaks, multi-turn Crescendo, system-prompt leakage, improper output handling. LLM01 · LLM02 · LLM05 · LLM07
  2. Retrieval (RAG / vector DB). RAG poisoning, embedding-space attacks, unauthorized document retrieval, context-window disclosure. LLM02 · LLM08
  3. Tool and agentic layer. Excessive agency, tool abuse, confused-deputy chains. Can the agent be steered out of its purpose, and can you stop it. LLM06 · Agentic Top 10
  4. Model and supply chain. Provenance, poisoning exposure, MCP supply-chain review using the integrity checks shipped in mcp-warden. LLM03 · LLM04
  5. Runtime and ops. Unbounded consumption and cost-amplification, guardrail bypass, logging gaps, missing rate, spend, and abuse controls. LLM10
The method, five phases: Scope and threat-model → recon and architecture review → exploitation → verification and risk scoring → report and fix plan. Anchored to the OWASP LLM Top 10 and MITRE ATLAS.
See the full AI Security Assessment
§02·Govern your AI·prove it is controlled

Governance packages matched to company maturity, not just headcount.

The first sale should be easy to understand and easy to scope. We use fixed-fee governance packages to create the AI inventory, policy set, vendor controls, owner matrix, evidence pack, and roadmap that make implementation or private AI work defensible later.

fastest entry

Startup AI Launch Pack

$7.5k to $15k fixed · optional advisory retainer

Use-case inventory, acceptable-use policy, vendor review, lightweight risk register, and one roadmap workshop for teams adopting AI quickly.

See the Launch Pack
core offer

Growth AI Governance Pack

$20k to $60k fixed · quarterly support available

Policy set, risk tiering, owner matrix, vendor controls, basic evidence pack, and practical governance support before AI use spreads across teams.

See the Growth Pack
complex buyers

Enterprise AI Control Pack

$75k to $250k+ · advisory-led

Federated governance model, committee support, documentation framework, monitoring design, and audit-ready process for complex AI oversight.

See enterprise control
What readiness means here: we map your AI to the framework you care about and align it onto the controls you already run. We produce readiness evidence and a remediation roadmap. We do not certify, guarantee, or attest compliance; that is your auditor's role.
See AI Governance Readiness
§03·Private AI and managed operations·premium control layer

Private AI should start with architecture, not a platform promise.

Private AI and managed operations are higher-value offers, but they require trust, scope discipline, and delivery capacity. We sell the path in stages: architecture first, implementation second, managed operations once the system and risk model are clear.

entry point

Private AI Architecture Brief

$15k to $35k fixed

Data-flow review, hosting pattern, model and access design, governance evidence requirements, and an implementation plan your leadership can approve.

Explore private AI
deployment

Private AI Stack

$50k to $150k lighter deployments · larger programs scoped

Dedicated or isolated AI environment, identity and access controls, model gateway, logging, cost controls, data boundaries, and security testing before launch.

recurring

Managed AI Operations

$5k to $25k+ per month

Ongoing monitoring, maintenance, retesting, evidence upkeep, model/vendor change review, and governance support for systems already in production.

Free resources·finserv compliance library

Twelve workbooks. No paywall. Built for the officer who has to implement the framework.

GLBA information security program templates, the full NYDFS Part 500 gap assessment, the Reg S-P broker-dealer workbook, the SEC AI exam guide for advisers, a master control matrix across GLBA, NYDFS, CCPA and the NIST AI RMF, and a 2023 to 2026 regulatory deadline tracker. Take what you need to your next risk committee meeting.

GLBA NYDFS Part 500 Reg S-P CCPA/CPRA NIST AI RMF SR 26-2
Browse the compliance library

Not ready for a call? Score your AI governance readiness in 10 questions. Take the scorecard

§04 Why DSE.
Boutique posture.

A small firm of senior practitioners, specialized in governed AI systems.

We are not a pyramid. There is no junior hand-off, no rented dashboard, and no thesis to push. We pick a narrow problem, the governance, security, implementation, or operation of the AI you are actually shipping, and we go deep.

published method

OWASP, ATLAS, NIST AI RMF.

Coverage is organized against the OWASP LLM Top 10 and MITRE ATLAS, and governance is mapped to the NIST AI RMF. You can audit the method, not just trust it.

authored IP

mcp-warden and conclave.

mcp-warden is open-source, MIT, with signed releases, on PyPI as mcp-warden-cli. conclave is the adversarial council we built to pressure-test our own designs.

specific surfaces

We tell you what we test.

The five attack surfaces are enumerated above, input and output, retrieval, the tool and agentic layer, the model and supply chain, and runtime and ops. You know exactly what we test before you pay.

senior-led scoping

Scoper equals deliverer.

The person who runs the senior-led scoping call is the person who delivers the work. No hand-off to a team you never met.

deep technical writing

We work in the open.

We publish how we test, in detail, including a walkthrough of how we run an OWASP LLM Top 10 assessment.

ReadHow we test the OWASP LLM Top 10
Data Science & Engineering Experts came up building production AI systems, RAG pipelines, agents, and multi-tenant platforms, so when we govern, secure, or operate AI, we read the architecture the way the engineers who built it do. The data science and data engineering practice still runs; it is no longer the headline — you can size your own data foundation with our free data engineering assessment. We are the same data experts, now pointed at governed AI adoption and private AI operations. See our data engineering services and data science work
§05  What we won't take on

Work we decline, so expectations are clear.

We are useful when the work requires technical testing, control mapping, and accountable remediation. We are not the right fit for certificates, dashboard reselling, staff augmentation, or compliance theater.

If your problem requires evidence, control mapping, and ownership, it is likely one of ours.
§06 Who we serve.
One senior bench.

One senior bench. Built for teams adopting AI under pressure.

The same senior practitioners govern, secure, implement, and operate AI for startups, growth companies, regulated financial institutions, and federal programs putting AI into production.

Startup and growth companies

Safe adoption without bureaucracy.

For founders and operators who need acceptable-use rules, vendor review, an AI use-case inventory, and a realistic roadmap before AI work becomes scattered across every team.

Startup Launch Pack
Growth, mid-market, and regulated teams

Governance that survives review.

For teams whose AI use now has owners, vendors, policies, model risk, customer evidence, board attention, or examiner pressure attached. We create the control map and help turn it into operating practice.

AI governance readiness Financial-services library →
Private AI and federal

More control over sensitive AI.

For organizations that need dedicated hosting, private architecture, stronger data boundaries, or unclassified AI governance review before putting sensitive workloads into production.

Private AI security Federal capability →
§07 Insights.
Receipts you can read.

We work in the open, and we publish how.

Most firms hide their method and their code. Ours is on GitHub and in the Refinery Report. Read why AI projects stall, what the real ROI looks like, and how we run an OWASP LLM Top 10 assessment.

DSE open-source work · OSS Open source ↗
mcp-wardenMCP CI gateMIT → conclaveadversarial councilopen →
mcp-warden ships signed releases on PyPI as mcp-warden-cli.
The tooling we deploy in assessments is tooling we open-source.