AI-era security & cyber risk · built for regulated industries readiness & advisory  ·  senior-only bench
§ AI Security & Cyber Risk·Regulated industries·v2026.07

AI security & cyber-risk consulting for regulated industries.

The AI era changed your attack surface and your control expectations at the same time. DSE is the security and governance partner for healthcare, government, financial-services, and other sensitive-data teams putting LLMs, copilots, and agents into production — vendor and model risk, adversarial testing, incident readiness, shadow-AI discovery, privacy, and social-engineering defense — delivered as senior-led, fixed-scope readiness and advisory work. Not a generic managed-security shop; a boutique built for regulated AI risk where privacy, oversight, and buyer diligence all matter at once.

§ How we work

DSE designs, assesses, and advises. Every engagement on this page is readiness, assessment, or advisory work — we do not certify, attest to, or audit your controls, and no engagement guarantees a regulatory or examination outcome. For ongoing monitoring we design the program and orchestrate a vetted managed-detection (MDR) partner on your behalf; we do not operate a 24/7 SOC. Frameworks are used as reference, not as promised certifications.

§A
The practice.
Readiness & advisory · fixed scope.

Make AI-era risk defensible.

Each line below is a scoped, senior-led engagement that ends in findings and a plan you can act on — not a binder. Pick the one that sounds like your problem and book a scoping call; the fee is fixed in writing after we scope it together.

Third-party risk

Vendor & Third-Party AI Risk Review

Your biggest AI exposure is often a vendor's model, not your own. We review the AI inside the tools you buy and the partners you rely on — what data they touch, how models are governed, and where the concentration and fourth-party risk sit — and hand back a board-ready AI vendor risk register and a remediation roadmap you can defend to an examiner.

Scope a vendor AI risk review →
Model risk

Model Risk Management (Lite)

Proportionate, SR 26-2-aligned validation-readiness for the AI and ML systems that behave like models. We help you tier what counts, document assumptions, data, and limitations, stand up effective-challenge and monitoring practices, and route generative and agentic AI to the right framework — so your models are controlled and auditable before anyone asks. Right-sized for mid-market banks and larger credit unions, not a big-bank model-risk factory.

Scope model-risk readiness →
Incident readiness

AI Incident Response Tabletop

A facilitated, scenario-driven exercise for the failure modes AI introduces — a prompt-injection breach, a leaking copilot, a hallucinated decision, a poisoned model or dataset. We pressure-test who decides, who communicates, and how you contain it, then leave you with a gap report and an IR playbook outline your team actually owns.

Scope an AI IR tabletop →
Shadow AI

Shadow AI Discovery + Policy Readiness Sprint

Find where staff are already pasting company data into public AI tools, map the real exposure, and stand up an acceptable-use policy and lightweight controls before it spreads. A fixed-scope 3–4 week sprint that ends with an exposure map, a control roadmap, and an AI acceptable-use policy framework.

Scope a shadow-AI sprint →
Privacy

Privacy / DPIA for AI

A data-protection impact assessment scoped for AI systems: what personal and sensitive data flows into training, prompts, and logs; the lawful basis and retention story; and the controls that keep it defensible. A readiness assessment and gap analysis with a remediation roadmap — not a certification or legal opinion.

Scope an AI privacy / DPIA →
Human layer

AI Deepfake / Social-Engineering Defense Readiness

Voice clones, deepfake video, and AI-crafted phishing have made impersonation cheap and convincing. We assess how exposed your people and processes are — payment approvals, executive impersonation, help-desk verification — and hand back a prioritized readiness plan to harden the human layer against AI-assisted fraud.

Scope a deepfake defense read →
§B
Already live.
The proven security practice.

Security you can scope today.

The new lines above sit on top of a security and private-AI practice that already ships. These offerings have their own pages — start there, or book a scoping call and we will route you.

Assessment & red team

AI Security Assessment

A point-in-time threat model and adversarial test of an AI system — prompt injection, tool and agent abuse, and data-leakage pathways — with severity-ranked findings and remediation. Senior-led and fixed-fee.

Scope an assessment →
Adversarial testing

LLM / Agent Security Testing

Adversarial testing built for RAG, copilots, and agents — direct and indirect prompt injection, tool/function abuse, agentic-loop abuse, and data exfiltration — wired into your release cadence with remediation evidence.

Scope a red-team engagement →
Private AI

Private-AI Security

For teams deploying private or self-hosted LLMs on regulated data: deployment-boundary and data-egress controls, access control on model calls, audit logging, change control, and a compliance-evidence map — walked against your actual environment.

Scope private-AI security →
Governance stack

AI Governance Control Center

The hub of DSE's free, browser-local AI-governance tools built on one shared AI register — inventory, risk tiering, and Gen-AI risk scoring — plus the advisory that turns the output into a controlled, auditable program.

Scope a governance build →
§ Ongoing monitoring

We design the program; a vetted partner runs the monitoring. When you need continuous detection and response, we set direction on an advisory retainer and orchestrate a vetted managed-detection (MDR) partner on your behalf. DSE owns the strategy, the risk register, and the reporting cadence — we do not operate a 24/7 SOC, and we are transparent about that boundary so you know exactly what you are buying.

Scope an oversight retainer →
§C
Start free.
Browser-local · nothing sent.

Do the first pass yourself.

Three free, 100% client-side tools that pair with the practice above. Nothing you enter leaves your browser — bring the output to a scoping call and we pick up from there.

Vendor risk

AI Vendor Due-Diligence Questionnaire

Assemble a tailored AI vendor DDQ covering governance, model validation, data and security, third- and fourth-party risk, incident response, and ongoing monitoring.

Build a vendor DDQ →
Model risk

Model Risk Tiering Calculator

Answer a few questions to get a materiality-based read on whether an AI system counts as a model in scope, and the structured tier and controls that follow.

Tier a model →
Classification

EU AI Act Risk Classifier

Walk a structured questionnaire to see where an AI system lands across the EU AI Act risk categories, so you know the obligations before you build.

Classify a system →

Last reviewed: 2026-07-03 · Initial release. This pillar is the hub for DSE's AI-era security and cyber-risk practice; the new service lines are described here and scoped on a call. All work is readiness, assessment, and advisory — not certification, attestation, or audit.