shipping production AI · since 2020 NAICS 541511 / 541512 / 541519  ·  CMMC-aware
§ Services·Index·v2026.05
scroll for detail  ↓

Four services.
One bench. Each engagement ends in a named deliverable, a fixed fee, and a runbook.

AI Engineering, AI Security, AI Consulting, AI Strategy — done by the same senior practitioners, in any combination. We sell the work, not the slide deck about the work. Below: the menu, the receipts, and the differences between a commercial and a federal version of each.

01 AI Engineering LLM systems · MCP · evals · infra read §01 → 02 AI Security Red-team · threat models · governance read §02 → 03 AI Consulting Readiness · build/buy · fractional read §03 → 04 AI Strategy Roadmap · op-model · M&A · policy read §04 →
§00·Method

Same way every time.

Whatever service you buy, the engagement rails are identical: fixed scope, named team, weekly cadence, a runbook on the way out.

Fixed-fee, fixed-scope
A scope doc in 48 hours.
Discovery call → written deliverables, milestones, fee. No T&M, no scope creep.
Two-pizza teams
Principal + senior eng + SME.
No partners with thesis to push. The people on the proposal are the people on the keyboard.
Weekly demo cadence
Working software, every Friday.
Written decision logs on every call. You can audit the trail end-to-end at any point.
Production-grade default
CI, observability, runbook ship together.
"Done" means a third party can deploy and operate it. Always.
Full IP transfer
All source, all docs, signed over.
No vendor-lock. We win again because the work was good, not because you can't leave.
30-day post-launch
We answer the phone.
Free 30-day support window after hand-off. Fractional retainer optional.
01
§01 · AI Engineering · 8–12 weeks typical

Production LLM systems, not pilots.

RAG pipelines, agentic workflows, multi-tenant SaaS, inference infrastructure. We ship the service, the eval harness, the observability — and the runbook that outlives the engagement. AWS-native by default; bring-your-cloud on request.

What's included

LLM applications & agents
RAG, multi-step agents, tool-calling, multi-tenant SaaS. Cited: PrivateStack, BisChat.
MCP server design & integration
Model-context-protocol servers. We run six in production; happy to write yours.
Fine-tuning & eval harnesses
LoRA/QLoRA, custom eval suites, prompt regression in CI. Drift < 0.5%.
Vector store architecture
pgvector, Atlas Vector Search, Pinecone. Hybrid BM25 + dense retrieval.
Inference infrastructure
Bedrock, SageMaker, self-hosted (vLLM, Ollama). Cost-routed via LiteLLM.
CI gates & observability
Golden-case suites in CI. Per-tenant traces, logs, cost. Alerting from day one.
You receive
A service in production, not a deck about one.
  • Production LLM service, deployed
  • Eval harness + CI gates
  • Observability stack (traces, cost, drift)
  • 23-page runbook, IP transfer
  • 30-day post-launch support
Engagement shape
Typical length
8–12 wks
Team
2 + SME
Cadence
weekly demo
0 → prod
11 wks avg
Commercial version
Move fast. Leave a runbook.

Lean cadence, decision log, IP transfer. Customer-zero by week 11 is the standard story.

+ Federal delta
Same build · ATO-friendly wrapper.

SBOM, model + dataset provenance, traceability matrices, ATO-friendly architecture diagrams. Cleared-staff on request.

02
§02 · AI Security · 4–6 weeks typical

Security baked in, not bolted on.

Threat models adapted for LLM and agent systems. Red-team reports with findings and remediation, not a 60-page binder. AI governance programs mapped to the frameworks your auditors and regulators already know.

What's included

AI red-teaming
Prompt injection, jailbreak resistance, data exfiltration testing, agentic loop abuse.
Threat modeling
STRIDE adapted for LLM/agent systems. Supply-chain risk on model + dataset provenance.
AI governance build
NIST AI RMF, EU AI Act classification, ISO 42001 alignment. Use policy + governance charter.
PII/PHI data-flow audits
DPIA, retention, access controls. Maps for legal + privacy review.
IAM hardening
Bedrock/SageMaker least-privilege policies. JWT/OIDC, secrets, key rotation.
Supply-chain & SBOM
Model + dataset provenance. SBOM generation. Third-party model risk review.
You receive
Findings with remediation, not a deck.
  • Threat model doc, current architecture
  • Red-team report w/ severity-ranked findings
  • Remediation plan + retest after fixes
  • AI use policy + governance charter
  • NIST AI RMF / EU AI Act mapping memo
Engagement shape
Typical length
4–6 wks
Team
Sec + Eng
Re-test
included
Frameworks
RMF · 42001
Commercial version
Audit-ready, not regulator-required.

Mapped to your existing SOC 2 / ISO 27001 controls. Findings + remediation in plain language for engineering leadership.

+ Federal delta
RMF first, full traceability.

NIST AI RMF mapped on every artifact. CMMC-aware delivery. Cleared-staff capable for sensitive engagements. ATO-friendly handoff.

03
§03 · AI Consulting · 4–8 weeks typical

Engineering-adjacent advisory.

Readiness assessments, architecture reviews, build-vs-buy memos, fractional CDO/CAIO. The person reviewing your stack is the person who'd build it — not a partner with a deck to defend.

What's included

AI readiness assessment
Data, infra, talent, governance maturity. Scorecard + 90-day priorities.
Vendor + build/buy memo
Model selection, platform RFPs, TCO modeling, switching-cost analysis.
Architecture review
Existing AI/ML system audit. Scalability + cost passes. Specific, named fixes.
Fractional CDO / CAIO
10–20 hrs/wk embedded senior. Board-facing. Hiring plan included.
Federal AI advisory
CMMC, FedRAMP, FAR clauses for AI services. Sourcing across vehicles.
Audit & eval support
Stand up internal AI audit functions. Train your team to run them after we leave.
You receive
A memo your CFO can read in twenty minutes.
  • Maturity scorecard (data · infra · talent · gov)
  • 90-day roadmap with cost estimates
  • Vendor recommendation memo
  • Board-ready deck (10 slides max)
  • Optional fractional retainer terms
Engagement shape
Typical length
4–8 wks
Team
Principal
Output
memo + deck
Fractional
10–20 h/wk
Commercial version
Board-ready, plainly written.

Recommendations sized to a quarter of headcount, with reversibility scores on every decision.

+ Federal delta
Procurement-fluent.

FAR-clause-aware recommendations. CMMC/FedRAMP impact on every memo. Vehicle-strategy alongside the build-vs-buy.

04
§04 · AI Strategy · 6–10 weeks typical

Multi-quarter, executive-level.

12-month roadmaps, operating-model design, investment theses, M&A due diligence. We model the ROI in numbers your CFO will defend and your board will sign — and we'll be back next quarter to revise them.

What's included

12-month roadmap
Phased initiatives, quick wins, dependency graph, ROI per phase.
Operating model design
Centralized vs federated AI org. RACI, hiring plan, capability stacks.
Investment thesis
ROI/NPV model with risk-adjusted scenarios. Sensitivity on the three biggest assumptions.
M&A diligence
AI/data asset valuation. Tech DD for acquirers. Integration risk.
Policy & acceptable use
Internal AI usage policy, customer-facing disclosures, governance charter.
Quarterly review
Optional. We come back, audit progress, revise the model. Light retainer.
You receive
A strategy doc your engineers will respect.
  • Strategy document (25–40 pages, no fluff)
  • Executive presentation (board-ready)
  • Financial model (xlsx, with assumptions)
  • Governance framework + policies
  • Optional quarterly review cadence
Engagement shape
Typical length
6–10 wks
Team
2 sr + CFO
Output
doc + deck + xlsx
Review
quarterly
Commercial version
Sized for a board that wants numbers.

ROI/NPV with sensitivity bands. Reversibility on every initiative. We'll defend every number we wrote.

+ Federal delta
Mission-aligned, vehicle-aware.

Mission-aligned strategy. Acceptable-use frameworks for public-facing AI. Vehicle and budget cycle realities baked into phasing.