Three engagement formats — Discover, Operate, Implement. Twenty-five service lines underneath, from one-week diagnostic spot-checks to multi-month implementation projects to standing monthly retainers. Every engagement is fixed-scope with named senior advisor accountability.
Every service falls into one of three formats. Most clients start with a Discover engagement, then graduate to an Operate retainer, then add Implement projects as needs surface.
Short, contained engagement that produces a tangible deliverable — usually a report, an inventory, a heat map, or a roadmap. The wedge into the relationship.
Monthly retainer covering quarterly reviews, ongoing oversight, training cadence, hotline access, briefings, incident response, and policy maintenance.
Defined-scope projects pulled from Discover findings or Operate conversations — use case rollouts, vendor work, policies, audits, evals, code review.
Click any service for the full playbook (where one exists), or book a call to discuss a custom scope. Color-coded tags signal personality: standard (teal), emphasis (sienna), high-stakes or technical (black).
Find what's there. Map the surface. Prioritize what to fix first.
Find every AI tool your team is actually using. Map data flows. Risk-rank. Produce a 25-page report your CEO can read in one sitting.
DiscoverIdentify duplicate subscriptions, unused seats, consolidation targets. Often pays for itself within 30 days.
DiscoverWhat people are doing with AI, where it's working, where it's failing silently. Foundation for every other engagement.
DiscoverSingle-department focused assessment — HR, Finance, Marketing, Customer Service. Same depth as the full Shadow AI Audit, scoped to one function.
DiscoverComprehensive review of AI-related spend across all departments. Surfaces waste, hidden charges, credit-card subscriptions, and forecasts the next 12 months.
DiscoverLight-touch "if regulators showed up tomorrow, what would they find" assessment. Pre-compliance screen, accessible findings.
DiscoverVisual risk assessment across your AI use cases. Each plotted on a probability × impact grid. Top 5 risks identified, prioritized, costed.
Standing oversight. Recurring deliverables. The relationship that compounds.
Standing review of deployed AI, costs, incidents, drift. Core deliverable of the Operate retainer — anchor of the recurring relationship.
OperateQuarterly company-wide training. Documents EU AI Act Art. 4 compliance. Includes role-specific tracks for HR, Finance, Sales, Marketing.
OperateRandom sampling of AI outputs in customer-facing or financial processes. Catches drift, hallucination, bias surfacing in production.
OperateQuarterly 90-minute board-ready briefings on AI risk landscape, regulatory updates, your portfolio status, and recommended next moves.
OperateMaintained calendar of regulatory deadlines tied to your specific AI deployments. Quarterly status updates, deadline alerts, action item tracking.
OperateWhen an AI decision goes wrong publicly — bias finding, leaked data, hallucinated claim — we're on-call for triage, root-cause, comms support, corrective action.
OperateSubscription advisor access for stuck founders and operators. Slack + email response within 24 hours. Three tiers from $99/mo.
Ship the thing. Audit the thing. Document the thing. Defined-scope project work, fixed price.
Senior dev reviews AI-generated code pre-deploy. Auth, secrets, prompt-injection surface, eval coverage, cost guardrails, error handling.
ImplementStand up a new AI capability — customer service AI, hiring AI, knowledge base, document automation, sales enablement. End-to-end.
ImplementMap your risk surface to vendor categories. Recommend best-fit (with disclosed referral relationships). Implementation included.
ImplementDrafting + rollout collateral. Plain-language policy + employee one-pager + FAQ + manager talking points + comms template.
ImplementPer-vendor assessment with disclosed referral relationships. Standardized rubric across security, privacy, AI-specific risk, commercial.
ImplementStatistical bias testing of AI outputs against protected groups. Documented methodology, mitigation recommendations, audit-ready report.
ImplementFind the prompts that will leak data, get jailbroken, or hallucinate disastrously. Hardening recommendations + ongoing-review rubric.
ImplementBuild 20–50 test cases so model swaps don't silently break your product. Eval framework picked to fit your stack, seeded with realistic test data.
ImplementModel selection, caching strategy, rate limits, fallbacks. Often pays for itself in the first month — sometimes the first week.
ImplementMake sure your AI-generated privacy policy actually matches what your app does. Specific to AI products with user data flowing through models.
ImplementAI usage disclosure page, plain-language model card, security overview. The artifacts your enterprise prospects will ask for in due diligence.
When you take EU funding, sign your first enterprise customer, or hit a regulatory threshold, you'll need formal compliance work — ISO 42001, EU AI Act conformity, SOC 2. Our sister practice GovernMy.ai handles that, with the same client team you already trust. Your operational relationship with us continues in parallel.
30-minute call. We listen, ask questions, and tell you which service fits. If we're not the right fit, we'll say so.