shipping production AI · since 2026 NAICS 541330 / 541511 / 541512 / 541519  ·  CMMC-aware
§ Services·Index·v2026.05
scroll for detail  ↓

Start small.
Climb the ladder. Each engagement ends in a named deliverable, a fixed fee, and a runbook.

AI Engineering, AI Security, AI Consulting, AI Strategy — done by the same senior practitioners, in any combination. We sell the work, not the slide deck about the work. Our security work runs as a ladder: low-friction entry offers — phishing programs, vendor risk assessment services, tabletop drills — that solve an obvious pain and grow into AI security consulting, virtual CISO for AI programs, and governance retainers. Our edge is the crossover: the same bench that builds your AI and data platforms secures them — access control, data observability, and governance, by the people who wrote the architecture.

01 AI Engineering LLM systems · MCP servers · Eval harnesses · Inference infra read §01 →
02 AI Security AI Red-Team · NIST AI RMF Governance · vCISO · The Ladder read §02 →
03 AI Consulting AI Readiness Sprint · Build vs buy · Fractional CDO read §03 →
04 AI Strategy Roadmap · Operating model · M&A diligence · AI Policy read §04 →
§ Start here·what's broken?

Start here. What's broken?

Most teams come to us mid-problem, not shopping for a service. Pick the line that sounds like your week, and we'll point you at the fix, the proof it works, and something worth reading on the way.

§00·Method

Same way every time.

Whatever service you buy, the engagement rails are identical: fixed scope, named team, weekly cadence, a runbook on the way out.

Fixed-fee, fixed-scope
A scope doc in 48 hours.
Discovery call → written deliverables, milestones, fee. No T&M, no scope creep.
Two-pizza teams
Principal + senior eng + SME.
No partners with thesis to push. The people on the proposal are the people on the keyboard.
Weekly demo cadence
Working software, every Friday.
Written decision logs on every call. You can audit the trail end-to-end at any point.
Production-grade default
CI, observability, runbook ship together.
"Done" means a third party can deploy and operate it. Always.
Full IP transfer
All source, all docs, signed over.
No vendor-lock. We win again because the work was good, not because you can't leave.
30-day post-launch
We answer the phone.
Free 30-day support window after hand-off. Fractional retainer optional.
§00b·Why DSE

Senior bench. Real IP.

Not a staffing pyramid and not a slideware shop. A senior-only bench, open-source security IP we authored, and engagements that end in named deliverables you keep.

See mcp-warden on GitHub ↗
Senior-only bench
No Big-4 churn.
No rotating junior pyramid. The principal who scopes the work is the one on the keyboard, start to finish.
Authored open-source IP
mcp-warden, by DSE.
We authored mcp-warden, an open-source MCP supply-chain integrity gate, MIT-licensed with signed releases. The same depth backs the security work.
Named deliverables
You keep the artifacts.
Every engagement ends in named deliverables, source, docs, and a runbook, signed over to you. No black box, no vendor lock.
Finserv and federal fluent
Built under an audit clock.
Comfortable mapping to NIST AI RMF, SR 11-7 model risk, OWASP LLM Top 10, and CMMC, the controls regulated and federal buyers actually answer to.
01
§01 · AI Engineering · 8–12 weeks typical

Production LLM systems, not pilots.

RAG pipelines, agentic workflows, multi-tenant SaaS, inference infrastructure. We ship the service, the eval harness, the observability — and the runbook that outlives the engagement. AWS-native by default; bring-your-cloud on request.

What's included

LLM applications & agents
RAG, multi-step agents, tool-calling, multi-tenant SaaS. See PrivateStack — private, multi-model LLM below.
MCP server design & integration
Model-context-protocol servers. We run six in production; happy to write yours.
Fine-tuning & eval harnesses
LoRA/QLoRA, custom eval suites, prompt regression in CI. Drift < 0.5%.
Vector store architecture
pgvector, Atlas Vector Search, Pinecone. Hybrid BM25 + dense retrieval.
Inference infrastructure
Bedrock, SageMaker, self-hosted (vLLM, Ollama). Cost-routed via LiteLLM.
CI gates & observability
Golden-case suites in CI. Per-tenant traces, logs, cost. Alerting from day one.
You receive
A service in production, not a deck about one.
  • Production LLM service, deployed
  • Eval harness + CI gates
  • Observability stack (traces, cost, drift)
  • 23-page runbook, IP transfer
  • 30-day post-launch support
Engagement shape
Typical length
8–12 wks
Team
2 + SME
Cadence
weekly demo
0 → prod
11 wks avg
Commercial version
Move fast. Leave a runbook.

Lean cadence, decision log, IP transfer. Customer-zero by week 11 is the standard story.

+ Federal delta
Same build · ATO-friendly wrapper.

SBOM, model + dataset provenance, traceability matrices, ATO-friendly architecture diagrams. Cleared-staff on request.

Capability spotlight · Private LLM platformlive · privatestackhub.com

A private LLM platform that minimizes cost — your data stays yours.

PrivateStack is our multi-model platform for running AI on open-weight models like Llama and Mistral — deployed inside your own cloud or VPC, or hosted by us. Proprietary models (GPT, Claude, Gemini) stay on tap for the workloads that need them. We have built this end-to-end and run it in production; we can stand up the same pattern for you.

Private by default
Open-weight models deployed on your own cloud or VPC — prompts and data never leave your boundary. Full sovereignty when you need it.
Built to minimize cost
Open-weight models on infrastructure you own or we manage avoid the per-token metering of proprietary APIs at scale. Pick the model tier per workload.
Multi-model, no lock-in
Open-weight first, with GPT, Claude, and Gemini routed in when a task calls for them. Cost-routed through a single layer, observability throughout.
Your infrastructure or ours
Run it yourself for full control, or have us host and operate it for the right price. Either way, you receive the source, the runbook, and full IP.
Built and shipped end-to-end — see the PrivateStack case study.
Scope a private LLM build
02
§02 · AI Security & Governance · 2–8 weeks typical

Security baked in, not bolted on.

AI security consulting that runs as a ladder — start with a scoped, fast-to-approve entry offer and grow into AI risk assessment, red-teaming, an AI governance framework, and a virtual CISO for AI programs. Threat models adapted for LLM and agent systems. Findings with remediation, not a 60-page binder. Lean, high-value advisory — we do not run a 24/7 SOC or managed detection; we make your team and tooling defensible.

What's included

AI red-teaming
Prompt injection, tool abuse, data exfiltration testing, agentic loop abuse. OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF. See the AI security red-teaming framework.
Threat modeling
STRIDE adapted for LLM/agent systems. Supply-chain risk on model + dataset provenance. Patterns from our secure multi-tenant LLM platform.
AI governance build
A NIST AI RMF-aligned AI governance framework, EU AI Act classification, ISO 42001, model risk, policy-as-code. Use policy + governance charter.
Data observability & access review
Data observability security and access control review for data platforms — alert/log review and data-access monitoring across SaaS and cloud. Lean advisory, not a 24×7 SOC.
IAM hardening
Bedrock/SageMaker least-privilege policies. JWT/OIDC, secrets, key rotation. Grounded in our enterprise AI deployment architecture.
Eval & supply-chain assurance
Model + dataset provenance, SBOM, third-party model risk. Eval rigor from our RAG evaluation harness.
You receive
Findings with remediation, not a deck.
  • Threat model doc, current architecture
  • Red-team report w/ severity-ranked findings
  • Remediation plan + retest after fixes
  • AI use policy + governance charter
  • NIST AI RMF / EU AI Act mapping memo

Buyers usually start on the security ladder below and grow into this work.

Engagement shape
Typical length
4–6 wks
Team
Sec + Eng
Re-test
included
Frameworks
RMF · 42001
Commercial version
Audit-ready, not regulator-required.

Mapped to your existing SOC 2 / ISO 27001 controls. Findings + remediation in plain language for engineering leadership.

+ Federal delta
RMF first, full traceability.

NIST AI RMF mapped on every artifact. CMMC-aware delivery. Cleared-staff capable for sensitive engagements. ATO-friendly handoff.

§02b·The ladder

Start here.
Grow into it.

Three tiers, one bench. Entry offers are scoped tight and priced for fast budget approval — they solve a visible problem and document due diligence. They also surface the work that pays off most: AI security, governance, and retained leadership.

Tier 1 entry offers Tier 2 AI security & governance advisory Tier 3 retained vCISO & GRC
Tier 1 · Entry offers Low-friction. Fast to approve. 2–4 weeks · templated · repeatable
AI Security Snapshot Sprint · from $18k
AI Security Snapshot Sprint
A point-in-time threat model and adversarial test of one AI system — so you know where it can be abused before an attacker does. LLM/app threat model (STRIDE adapted for LLM and agent behavior), targeted prompt-injection and tool-abuse testing against its actual interfaces, and a data-exposure pathway review. Mapped to OWASP LLM Top 10 + MITRE ATLAS. You receive severity-ranked findings with remediation guidance, a one-page executive summary, and a runbook — a point-in-time review of the scoped system as configured during the engagement. Prompt injection and data leakage are already being exploited in the wild and now sit at board level. See what an AI security assessment costs and whether a boutique or a big firm fits. Scope a Snapshot →
Security awareness + phishing program
Reduces employee-driven risk. Templated monthly content and reporting your board can see.
Vendor & third-party risk reviews
Questionnaire-based, repeatable template — practical vendor risk assessment services that document supplier risk.
Tabletop exercises
Ransomware and breach drills packaged as a workshop. Demonstrates due diligence to auditors and insurers.
Security policy starter pack
Acceptable-use, access-control, incident-response, and vendor policies — templatized and ready to adopt.
Basic vulnerability & control review
A plain-English, prioritized gap list. A scoped review, not a full pentest.
Access review workshop
Identity and least-privilege — an access control review for data platforms across SaaS, cloud, and data tooling.
Incident readiness checkup
A cleanly scoped breach-readiness assessment with a short, actionable findings list.
Tier 2 · Core advisory Where the AI edge shows. 4–8 weeks · findings + remediation
AI Red-Team Engagement · scoped from $35k
AI Red-Team Engagement
Adversarial testing built for AI systems — we attack your LLM and agent surface the way a real adversary would, on a repeatable cadence: prompt injection (direct and indirect), tool/function abuse, agentic-loop abuse, and data exfiltration, mapped to OWASP LLM Top 10 + MITRE ATLAS. Adversarial and prompt-regression suites wire into your CI/CD so regressions are caught before release, with a re-test and severity-ranked remediation each cycle. This is an AI/application red-team — not a network penetration test, physical assessment, or social-engineering engagement; those are scoped separately and require their own authorization. See the full AI red teaming and LLM security testing offer, the red-teaming framework, and how we test each OWASP LLM Top 10 risk. Scope a red-team →
AI Governance Framework · NIST AI RMF · scoped
AI Governance Framework (NIST AI RMF)
A working AI governance program aligned to the NIST AI RMF — Govern, Map, Measure, Manage — with an AI system inventory, an acceptable-use and model-risk policy (policy-as-code where it fits), and EU AI Act risk classification plus ISO 42001 readiness mapping. You receive a governance charter, AI inventory, policy set, and a NIST AI RMF-aligned control map your board and auditors recognize, with an optional review retainer to keep it current as your program and the regulations move. Banks and fintechs under examiner pressure should start with AI governance readiness for finserv or the deeper AI governance for banks and fintechs. Scope a governance build →
Incident readiness & IR planning
Playbooks, roles, and an incident readiness retainer option — so a bad day has a written plan, not a scramble.
Data observability & access monitoring
Data observability security: alert/log review and data-access monitoring around SaaS and data platforms. Lean advisory — not a 24×7 SOC.
Security posture assessment + roadmap
Where you stand, what to fix first, and a sequenced remediation roadmap with owners and effort. Grounded in our secure multi-tenant platform work.
Tier 3 · Retained leadership Senior cover, by the month. monthly retainer · fractional
vCISO for AI Programs · from $6k/mo
vCISO for AI Programs
Senior security leadership for your AI program, on a fraction of a hire — where the line between model risk and infosec is the whole job. Retained AI-risk leadership owning the risk posture and governance cadence, board-ready risk reporting your insurer can act on, and program continuity that keeps the red-team harness, the RMF framework, and the AI inventory current. There are 2.8M–4.8M unfilled cyber roles and two in three organizations report a moderate-to-critical skills gap — a fraction of a full hire buys the senior cover an AI program actually needs. High-value advisory with a runbook on exit, not a headcount you rent and not a 24/7 SOC. See how a vCISO for AI works →
Governance / GRC retainers
Ongoing AI governance framework upkeep, control reviews, and audit support as your program and regulators move.
The differentiator
The bench that builds it secures it.

The crossover between AI/data architecture and business information security — access control, data observability, and governance — handled by the people who wrote the architecture, not a separate audit team reading it cold.

What we are not
Advisory, not a SOC.

No 24×7 managed detection, no MDR, no round-the-clock staffing. We make your team and tooling defensible and hand back a runbook — high-value advice, not a headcount you rent.

03
§03 · AI Consulting · 4–8 weeks typical

Engineering-adjacent advisory.

Readiness assessments, architecture reviews, build-vs-buy memos, fractional CDO/CAIO. The person reviewing your stack is the person who'd build it — not a partner with a deck to defend.

What's included

AI Readiness Sprint · from $12k
AI Readiness Sprint
A four-to-six-week fixed-scope read on whether your business is actually ready to ship AI — and which use case to fund first. A maturity scorecard across data, governance, infrastructure, and talent; a shadow-AI audit of where AI is already running unsanctioned and what it exposes; and a prioritized 90-day use-case roadmap with cost estimates. Consultant-led AI projects succeed roughly 67% of the time versus ~33% for internal builds — the Readiness Sprint is the cheapest way to land on the right side of that line before you spend the build budget. Fixed scope, fixed fee, runbook on exit. Scope a Readiness Sprint →
Vendor + build/buy memo
Model selection, platform RFPs, TCO modeling, switching-cost analysis.
Architecture review
Existing AI/ML system audit. Scalability + cost passes. Specific, named fixes.
Fractional CDO / CAIO
10–20 hrs/wk embedded senior. Board-facing. Hiring plan included.
Federal AI advisory
CMMC, FedRAMP, FAR clauses for AI services. Sourcing across vehicles.
Audit & eval support
Stand up internal AI audit functions. Train your team to run them after we leave.
You receive
A memo your CFO can read in twenty minutes.
  • Maturity scorecard (data · infra · talent · gov)
  • 90-day roadmap with cost estimates
  • Vendor recommendation memo
  • Board-ready deck (10 slides max)
  • Optional fractional retainer terms
Engagement shape
Typical length
4–8 wks
Team
Principal
Output
memo + deck
Fractional
10–20 h/wk
Commercial version
Board-ready, plainly written.

Recommendations sized to a quarter of headcount, with reversibility scores on every decision.

+ Federal delta
Procurement-fluent.

FAR-clause-aware recommendations. CMMC/FedRAMP impact on every memo. Vehicle-strategy alongside the build-vs-buy.

04
§04 · AI Strategy · 6–10 weeks typical

Multi-quarter, executive-level.

12-month roadmaps, operating-model design, investment theses, M&A due diligence. We model the ROI in numbers your CFO will defend and your board will sign — and we'll be back next quarter to revise them.

What's included

12-month roadmap
Phased initiatives, quick wins, dependency graph, ROI per phase.
Operating model design
Centralized vs federated AI org. RACI, hiring plan, capability stacks.
Investment thesis
ROI/NPV model with risk-adjusted scenarios. Sensitivity on the three biggest assumptions.
M&A diligence
AI/data asset valuation. Tech DD for acquirers. Integration risk.
Policy & acceptable use
Internal AI usage policy, customer-facing disclosures, governance charter.
Quarterly review
Optional. We come back, audit progress, revise the model. Light retainer.
You receive
A strategy doc your engineers will respect.
  • Strategy document (25–40 pages, no fluff)
  • Executive presentation (board-ready)
  • Financial model (xlsx, with assumptions)
  • Governance framework + policies
  • Optional quarterly review cadence
Engagement shape
Typical length
6–10 wks
Team
2 sr + CFO
Output
doc + deck + xlsx
Review
quarterly
Commercial version
Sized for a board that wants numbers.

ROI/NPV with sensitivity bands. Reversibility on every initiative. We'll defend every number we wrote.

+ Federal delta
Mission-aligned, vehicle-aware.

Mission-aligned strategy. Acceptable-use frameworks for public-facing AI. Vehicle and budget cycle realities baked into phasing.

§ FAQ·Common questions

Before you ask.

Can we start small?
Yes — that's the point of the ladder. A Tier 1 entry offer (phishing program, vendor risk review, tabletop, access review) is scoped tight and fast to approve. Most clients start there and grow into AI security consulting and a virtual CISO as the value becomes obvious.
Do you run a 24/7 SOC or managed detection?
No. We're a lean, high-value advisory firm — no MDR, no round-the-clock staffing. We make your team and tooling defensible, set up data observability security and access monitoring you can run, and leave a runbook. If you need a staffed SOC, we'll help you scope and select one.
What makes your AI security work different?
The crossover. The same senior bench that designs your AI and data platforms does the access control review, threat modeling, and AI risk assessment — so the security recommendations are buildable, not theoretical. See the red-teaming framework.
Can you act as our CISO?
Yes — fractional and virtual CISO, including a virtual CISO for AI programs, on a monthly retainer. Senior security leadership on a fraction of a full hire, with governance and GRC support as your program matures.
Which frameworks do you map to?
NIST AI RMF for the AI governance framework, plus OWASP LLM Top 10 and MITRE ATLAS for red-teaming, and ISO 42001 / EU AI Act where they apply. For federal work, RMF maps onto every artifact and delivery is CMMC-aware.
Do you offer an incident readiness retainer?
Yes. We build the IR plan and playbooks, then keep them current on a light incident readiness retainer — a written plan for a bad day, not a scramble. It pairs naturally with the vCISO engagement.