Service offerings, scoped for clarity.
A five-tier framework for scoping AI security & governance engagements. Every engagement is delivered services-only — no new tool procurement required — and priced as a fixed fee for a defined scope and duration.
Grounded in NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS, and your sector's regulatory obligations.
Five tiers, one clear model.
Fixed-fee, services-only engagements scoped to your environment. A defined scope protects you from scope creep and keeps the focus on outcomes. Pricing is shared after a short scoping conversation.
You don't have a clear picture of what AI is in use, what data it touches, or what policy governs it. Risk is accumulating invisibly.
Builds your first AI inventory, runs stakeholder interviews, drafts foundational AI use and procurement policy, and delivers a current-state baseline.
Leadership can finally answer "what AI are we running, and is it safe?"
A documented AI inventory, a baseline risk register, and an acceptable-use and procurement policy.
AI tools are live on default settings with no security review. Data-exposure and misconfiguration risks are real but unmeasured.
Reviews deployed AI tools for configuration, access, and data-exposure risk; hardens them against a defined baseline; closes the highest-impact gaps first.
The AI you already rely on stops being a silent liability.
A security review of deployed AI tools, hardened configurations, and a prioritized remediation list.
You have controls, but they're siloed and not mapped to any recognized framework — so you can't prove your program to a board, an examiner, or a regulated client.
Maps your existing controls to NIST AI RMF, OWASP LLM Top 10, and your sector's regulatory obligations, then closes the gaps to a governed program.
A defensible, framework-aligned program you can stand behind in audits and client due diligence.
Control-to-framework mapping, a gap analysis, executive and board reporting, and a remediation roadmap.
You have a structured program with AI in production, but you haven't tested whether your controls survive a real adversary.
Threat-models your AI systems and runs adversarial testing — prompt injection, model abuse, data exfiltration — then validates and tunes your controls. Includes an incident-response tabletop.
Confidence that your governance holds under pressure, not just on paper.
Threat models, adversarial test results, a tuned control set, and an IR tabletop exercise.
Your program is mature, but new systems, new threats, and shifting regulation erode any program left unwatched.
Provides continuous adversarial testing, regulatory monitoring, and lifecycle governance on an ongoing retainer.
Your program stays current and ahead as the threat and regulatory landscape moves.
Continuous red-teaming, ongoing framework and regulatory alignment, and lifecycle management with metrics.
AI Risk Wake-Up Session.
A half-day workshop for leadership teams getting ahead of AI risk before it becomes a problem. AI adoption is moving faster than most governance can keep up — this session gives your leaders a shared understanding of where the risks sit and a clear framework for what to do next.
Half-day facilitated workshop, in-person or virtual
Up to 12 — leadership, IT, HR/legal, staff
3.5 hours, with two 15-minute breaks
Leadership teams beginning their AI security & governance journey
Half-day, up to 12 participants, includes a one-page AI Risk Snapshot.
Same format delivered remotely; no travel or logistics overhead.
Recording add-on: +$500 for a clean, RYZA-branded recording your team can use as an internal training resource.
Not sure which tier fits?
Take the Maturity Check, or start with a Wake-Up Session — we'll map where you are today and the path forward.