Useful when the team needs a security answer, a governance pack,
or fractional ownership without hiring a full-time AI risk lead.
Assessment
AI Security Assessment
Independent review before a chatbot, agent, AI feature, or vendor workflow goes live.
Checks
Prompt injection, data leakage, model abuse, agent tools, MCP exposure, access control, logging, and supply chain.
Output
Risk-ranked findings, control backlog, and executive summary.
Starter Pack
AI Governance Starter Pack
A concrete operating pack for teams that need AI governance without a long consulting programme.
Checks
AI policy, use inventory, risk register, vendor assessment, incident process, and owner attestation.
Output
Board-ready AI governance pack and reusable evidence templates.
Fractional Lead
Fractional AI Governance Lead
Part-time senior security and governance leadership while the programme is forming.
Checks
Intake cadence, risk decisions, underwriter answers, control validation, and engineering handover.
Output
Monthly operating rhythm with named owners and decision records.
Audience
Who this helps
Best for UK regulated SaaS, fintech, payments, insuretech, insurance, and AI-enabled product teams preparing for insurer, customer, audit, board, or EU AI Act readiness review.
Trigger
Pressure point
AI chatbot or agent launch, prompt-injection concern, sensitive-data leakage risk, AI inventory gaps, AI vendor rollout, insurance renewal, board questions, underwriting Q&A, and unclear model ownership.
First outputs
AI use inventory
AI threat model
Security assessment report
Vendor diligence workflow
Risk register
Board-ready control summary
Expected change
AI security risks become visible before external review.
Insurer, customer, and board questions get cleaner answers.
Governance moves from policy text into operating cadence.
Engagement modes
Advisory session
Focused sprint
Fractional leadership
Build-and-handover
Typical output
Threat model, risk-ranked findings, control backlog, vendor notes, and executive summary.
Typical scope
One AI app, agent, vendor workflow, regulated review question, or launch decision.
How scope is set
The review starts from the customer's live risk question, not from a generic control checklist.
Best fit
Regulated SaaS, fintech, insuretech, payments, or insurance teams
AI-enabled products preparing for launch, renewal, audit, board, or customer review
Teams that need security evidence, owner decisions, and remediation actions
Not a fit
Generic AI strategy decks
Model training, prompt copywriting, or growth hacking
Policy-only work detached from architecture, controls, or delivery
Relevant experience
AI review backed by practical security delivery.
This is not a policy-only exercise. The review connects AI risk to
architecture, threat modeling, cloud controls, engineering
workflow, and audit evidence.
Application security depth
Principal Application Security Engineer
Threat modeling with STRIDE and OWASP ASVS
Security architecture reviews for product and platform teams
Cloud and engineering governance
AWS and Kubernetes security review
Secure SDLC design and rollout
Security tooling and CI/CD guardrails
Risk, assurance, and enablement
Risk assessment and vulnerability management
Compliance and audit evidence support
Mentoring and operating-model support for hundreds of developers
Public company track record
Experience across payments, enterprise SaaS, ecommerce,
vulnerability management, financial-services data, and banking
environments.
TeyaAnaplanASOSPaddy Power BetfairQualysMSCI BarraCiti
Example artifact
AI security and governance evidence pack
A structured evidence pack for insurer, customer, board, and audit questions about AI use, security controls, vendor risk, and control ownership.
InventoryAI use, owner, data path
ThreatPrompt injection / data leakage / tool abuse
DecisionApprove, restrict, or remediate
EvidenceUnderwriting Q&A pack
Next actionOwner attestation cadence
AI use inventory and owners
Threat model and abuse-case notes
Vendor, model, and tool-risk review
Control backlog and open decisions
Underwriting Q&A and board summary
Service questions
Common questions for this starting point.
Can this cover both AI security and AI governance?
Yes. The useful line between them is evidence: what the AI system can do, how it can fail, who owns it, which controls exist, and which risks still need a decision.
Does this guarantee insurance cover?
No. It improves readiness and answers; insurers still decide coverage, exclusions, pricing, and conditions.
Can you review agents, tools, or MCP-style integrations?
Yes. The assessment looks at tool permissions, indirect prompt injection, data exfiltration paths, logging, approval boundaries, and operational ownership.
Next step
Start with a 30-minute fit call.
If an insurer, customer, board, regulator, or security reviewer is asking harder AI questions, send me the deadline, AI system, owner, blocker, and preferred call window.
Have an AI launch, vendor, or regulated review question?
London / remote. Available for AI security assessments, AI
governance starter packs, insurance evidence, product and platform
security, PCI/HSM work, and fractional security leadership.Full career history and public track record on LinkedIn