AI governance services for teams shipping LLM and agent systems. We are the engineer who readies your AI system for the audit someone else conducts. Big-4 firms write you a strategy memo, GRC platforms sell you a dashboard, lawyers write you an opinion. We ship the eval suites, audit logs, model registry, red-team findings, and remediation PRs that turn an AI governance framework (EU AI Act risk tiers · NIST AI RMF · ISO 42001) into something an auditor can actually sign off on. Responsible AI as engineering deliverable, fixed-fee discovery audit.
AI governance is the practice of running production AI under regulator-defensible controls: a model inventory, eval framework, audit logs of every inference retained for the regimes lookback window (typically 7 years for SR 11-7-aligned bank deployments), red-team findings with remediation tracking, and a monitoring dashboard for drift, refusal rate, and groundedness. Unlike SOC 2 (which covers organizational security controls) and unlike GDPR (which covers personal data handling), AI governance specifically covers the LLM and model-decision layer. Unlike traditional model risk management for ML (one labelled dataset, one trained model), LLM governance must handle prompt-injection attack surface, retrieval drift, third-party API dependency, and probabilistic output validation. Common frameworks mapped in deliverables include SR 11-7 (US bank model risk), ISO 42001 (AI management system), the EU AI Act, NIST AI RMF, and the NAIC Model Bulletin on AI use by insurers.
AI governance consulting that anchors on engineering deliverables: eval suites, model cards, audit logs, red-team reports, remediation PRs. Three positioning truths up front, because you've read enough strategy memos. Most teams arrive after a Big-4 has handed them a 200-page report; we ship the engineering that turns it into a system an auditor can review.
We are the engineer who readies your AI system for the audit someone else conducts. The Big-4 will write you a strategy memo. GRC platforms will sell you a dashboard. Lawyers will write you an opinion. We ship the eval suites, audit logs, model registry, red-team findings, and remediation PRs that turn that strategy memo into something an auditor can actually sign off on. AI governance consulting that ladders into shipped artefacts on day 5, not phase 2.
Same governance framework whether you ship on Claude, GPT, Llama, Mistral, or a fine-tuned 7B. EU AI Act risk tiers don't care about your vendor. NIST AI RMF and ISO 42001 controls don't either. We anchor responsible AI and generative AI governance in real engineering deliverables (model cards, eval reports, prompt-injection regression suites, immutable audit logs), not vendor-locked checklists you can't take with you.
Series-A LLM startup with one product surface and a single eval set? Hire a fractional GRC lead, not us. Public-sector procurement with an 18-month timeline and a board mandate? Hire a Big-4 firm that can survive the contract. You're the right fit when you're engineering-led, you've already read the strategy memo, and you need an auditor-ready system in 4–8 weeks — not a 200-slide deck.
The fixed-fee AI governance audit is not a discovery deck. It is a five-stage engineering pipeline with a named deliverable every day, mapped to EU AI Act / NIST AI RMF / ISO 42001 obligations as we go. End-to-end in one calendar week. Same shape we ship on every AI development engagement, scoped down to a fixed-fee gap analysis.
The dirty secret of AI risk management is that whether your buyer asks for EU AI Act readiness, NIST AI risk management framework alignment, or ISO 42001 prep, the engineering work is largely the same: model cards, eval suite, immutable audit log, DPIA-equivalent impact assessment, incident runbook, supplier register. We ship the artefact once. We crosswalk it to whichever framework your audit committee, your regulator, or your enterprise buyer cares about.
Article and clause references current as of 2026. EU AI Act = Regulation (EU) 2024/1689. NIST AI RMF = AI Risk Management Framework 1.0 (Jan 2023). ISO/IEC 42001:2023 = Artificial Intelligence Management System.
AI compliance is where shipped systems die quietly: a policy in a Notion page nobody reviews, a vendor register that's six months old, an incident runbook nobody has tested. We don't ship governance theatre. Three artefacts, written into the repo, versioned with your releases, routed through legal and security review. AI policy that survives an audit committee meeting, not one that lives on a shared drive.
Two policies, not one. The AI policy is internal (what teams can ship, where the kill-switches are, who signs off on a model swap). The AI acceptable-use policy is external (what your end users and third-party API callers may do with your system). We draft both, route them through your legal review, and keep them versioned with your repo. Standard AI compliance gap on most teams: a policy that lives in a Notion page, never reviewed, contradicted by what the engineering team actually ships.
Most LLM systems run on three to seven third-party AI vendors — base model, embedding model, vector DB, observability, eval platform, sometimes a moderation API. We inventory every external AI call, score each vendor on BAA / DPA posture, retention defaults, sub-processor list, and named-jurisdiction processing, and ship a written register. The output is the supplier annex an auditor will ask for, written in plain English, not a 40-page risk matrix nobody reads.
EU AI Act Article 62 sets a 15-day clock for serious-incident reporting on high-risk systems. NIST AI RMF wants a documented incident playbook. ISO 42001 Clause 10.2 wants corrective-action records. We write a runbook with named owners, severity tiers, a tested rollback path, and a reporting-clock chart that maps your jurisdiction to the right notification window. Stored in the repo, not in a binder.
The audit is the entry point for every AI governance services engagement. Same shape, same kill-point logic, same Friday written deliverable as every other audit we ship across the practice. An AI compliance audit that ends with engineering work to do, not a slide deck and a re-engagement quote.
Workshop on architecture, jurisdictions, named use cases. We pull a snapshot of your current eval set and CI hooks. The day-2 deliverable is a risk-tier call (EU AI Act framing) and an eval-coverage scorecard with named gaps. This is the cheapest week to discover you're a Limited-risk system, not a High-risk one — saves you eight figures in unnecessary controls.
We read your logging architecture, your model registry, your retention policy. The deliverable is a gap list — what's missing for EU AI Act Article 12 logging, NIST AI RMF Manage 4.1, ISO 42001 Annex A.8. If the gap is small, we recommend a remediation PR on day 5. If the logging architecture is wrong at the architecture layer, this is the day we tell you the audit recommends a re-architecture before the pilot — and we walk away from selling you a pilot we can't ship.
OWASP LLM Top 10 ran against your production endpoints (or staging if production isn't on the table). We add 40+ prompt-injection test cases — direct, indirect, multi-turn, payload-in-document, tool-output-poisoning — and document findings with severity, repro steps, and proposed remediation PR. Standard scope on every chatbot + agent we ship; here we run it as an independent assessment, not a self-audit.
Friday output: a written gap report that maps every finding from the week onto EU AI Act articles, NIST AI RMF subcategories, and ISO 42001 Annex A controls. Plus a 30-60-90 remediation roadmap with named PRs, cost bands, and a kill-point on each remediation phase. The same artefact you'd hand to a board AI committee, a regulator's pre-engagement query, or a Big-4 firm running the certification step.
AI red team work that stops at a yearly engagement misses the new exploits that land between cycles. We ship prompt-injection testing wired to nightly eval, mapped to the OWASP LLM Top 10 (2025), with every successful bypass turned into a regression case the next morning. AI security audit findings come with merged remediation PRs, not a 60-page PDF. Standard scope on every chatbot and agent we ship — available as an independent ai security assessment on systems we didn't build.
OWASP LLM01. Direct prompt injection in user input · indirect via tool outputs, RAG documents, retrieved emails. Our regression suite ships 40+ payloads on every agent — system-prompt leak, persona-override, instruction-hijack, payload-in-PDF, payload-in-support-ticket. Standard scope on every agent we ship; available as an independent prompt-injection testing engagement on systems you didn't build with us.
OWASP LLM02 + LLM06. We test for system-prompt leakage, retrieval of training-data fragments, PII regurgitation, secret extraction (API keys, internal hostnames, customer identifiers). Mapped to a golden adversarial set with each payload tagged by severity and exfil-class. Output is a findings document with severity-ranked remediation PRs, not a generic LLM security assessment slide.
Multi-turn social-engineering, persona stacking, hypothetical framing, low-resource-language pivots, base64 / homoglyph encoding. We run these against your refusal policy and document each successful bypass with the exact turn sequence. AI security audit findings come with a regression case added to the nightly eval — so the same exploit can't ship past you twice.
Full OWASP LLM Top 10 (2025) coverage — prompt injection, sensitive disclosure, supply-chain, data + model poisoning, improper output handling, excessive agency, system-prompt leakage, vector + embedding weaknesses, misinformation, unbounded consumption. Ships with an AI threat model diagram tailored to your architecture: trust boundaries, attacker classes, asset inventory, attack paths.
The same checklist we run on day 1 of every AI governance audit. If your system clears all ten green flags, you're already at responsible AI framework parity — call us when you want a second opinion. If three or more land in the red, the discovery audit will pay for itself by surfacing the gaps before a regulator, an enterprise buyer, or an algorithmic audit firm does.
tap pass / fail on each criterion · saved locally in your browser
Versioned model card + system card in the repo. Names intended use, eval results, known limits, retraining cadence, and named owner.
"It's in a Notion page somewhere." No version history. No named owner. Last updated before the current model swap.
Golden eval set checked into the repo. CI pass-gate fires on every PR. Regression cases added whenever an exploit lands.
Three prompts in a Jupyter notebook. "We'll formalise the evals once we ship." No regression cases for known failures.
Append-only store with manifest hashes. Prompt + tool-call + decision + user-context captured. Retention policy written, default 12 months.
CloudWatch logs at default retention. No tool-call trace. No way to reconstruct what a given user actually saw.
Written DPIA-shaped impact assessment per system. Signed by named owner. Re-reviewed on every material change. Lives in the repo, not a shared drive.
"Legal said it's fine." No artefact. Re-review happens only when a regulator asks.
Each use case mapped to EU AI Act risk tier (Unacceptable / High / Limited / Minimal) with reasoning. NIST AI RMF Map function complete.
"We think it's Limited." No written reasoning. Different teams classify the same system differently.
AUP versioned and published. Internal operator version separately signed. Routed through legal review on each release.
Generic LLM disclaimer in the footer. No operator-facing version. Never reviewed by legal.
Inventory of every third-party AI call. BAA / DPA on file for each vendor that touches sensitive data. Retention + sub-processor list reviewed quarterly.
"We use OpenAI." No idea how many vendors are in the pipeline. Retention defaults never reviewed. No BAA on PHI-touching paths.
Independent red-team run within the last 90 days. Findings tracked to remediation PRs. Nightly prompt-injection regression on top.
Single red-team done at launch. Findings live in a slide deck. No nightly regression. New exploits land in production first.
Runbook with named owner, severity tiers, rollback path. Drill run at least every six months. Reporting-clock chart maps jurisdiction to notification window.
"We'll figure it out if it happens." No runbook. Rollback path untested. No idea what Article 62 says.
Feature flag + model-pin + previous-version artefact retained. One-command rollback. Tested in the last quarter on a non-prod scenario.
Rollback means "redeploy from git." No feature flag. Previous model artefact already garbage-collected.
Score your own system. Saved locally in your browser. Run it past your AI security audit lead, your DPO, your engineering lead, and your CISO separately — disagreement between them is itself a finding.
ai governance platform · vs · ai governance engineering service
Buyers who search "ai governance platform" usually want a SaaS dashboard. Buyers who search "ai governance services" usually want an engineering team. The two solve different shapes of the same problem, and most regulated enterprises end up needing both.
An AI governance platform (Credo AI, OneTrust AI Governance, Holistic AI) is a control plane: a model registry, a policy library, a risk dashboard, a multi-stakeholder workflow. It is the right buy when you have 30+ AI systems across the org, a staffed GRC function, and a board that wants one screen to look at. The platform itself does not ship eval suites, write audit-log code, or merge remediation PRs. It tracks the artefacts your engineering teams produce. Annual platform fee usually $25K–$100K, plus implementation services on top.
We are the engineering service that produces the artefacts a platform would track. The eval suite checked into your repo. The append-only audit log behind your agent. The model cards versioned with each release. The prompt-injection regression that runs nightly. The vendor register with the BAA gaps named. If you already own a platform, we plug into it. If you don't, the artefacts we ship are portable — they live in your repo, not in our tooling. Most teams under 10 AI systems do not yet need a platform. They need the engineering done.
honest scope · referral list
Three engagements where we openly recommend a different firm. We would rather refer you out than take a contract we cannot ship.
Five real options for an AI governance engagement in 2026. The Big-4 (KPMG, EY, PwC, Deloitte) ship the strategy memo and the board narrative. GRC platforms (Credo AI, OneTrust, Holistic AI) ship the dashboard and the policy templates. Specialist auditors (babl.ai, ORCAA) ship the independent third-party audit. In-house GRC teams ship continuous oversight once they're staffed. We ship the engineering: eval suite, audit log, model registry, remediation PRs. None of these are wrong; they solve different shapes of the same need. Here's when each one wins, and where we openly recommend you hire somebody else.
We respect the Big-4 advisory practices, the GRC platforms, and the specialist algorithmic auditors. We work alongside them — typically as the engineering implementer between a Big-4 strategy phase and a babl.ai or ORCAA third-party audit. We don't replace any of them. Pricing bands reflect public partner-led and platform-tier ranges; your mileage varies by scope and jurisdiction.
Twenty-minute fit call. We will tell you when your problem is squarely in the Big-4 lane, when you need a GRC platform, or when a babl.ai-grade independent audit is the right next step. No deck, no obligation.
Anonymized capability patterns from real shipped engagements. The point of each one is what we shipped — versioned eval suites, immutable audit logs, model cards, de-id pipelines, prompt-injection regression. Named references shared under NDA. (For broader patterns from regulated industries, see our healthcare AI development capability sets.)
Clinic group shipped an LLM patient-intake chatbot in pilot and needed defensible HIPAA + clinical-safety evidence before the regional ops team would approve a wider rollout. They had a model card sketch and a hand-curated test set; nothing wired to CI.
Built a versioned eval suite on a 200-row golden set with PHI-scrub gates (regex + LLM-based de-id) and prompt-injection regression. Wired the eval pass-gate into CI; failed builds block deploy. Audit log moved to an append-only Postgres table with manifest hashing; retention written into the runbook. Model card formalised and checked into the repo.
Customer-service agent for an enterprise SaaS shipped to pilot and was jailbroken via a payload embedded in a support ticket. The exploit reached production traffic before the team caught it. Pilot was paused; board wanted a re-launch plan in two weeks.
Mapped the system to OWASP LLM Top 10. Wrote 40+ prompt-injection test cases covering direct, indirect (ticket payload), tool-output poisoning, and multi-turn jailbreak. Wired them to a nightly eval run. Instrumented the audit log with full prompt + tool-call trace. Ran a red-team in week 4 of the pilot resume.
Regional payer ran a prior-authorization automation pilot and needed BAA-compliant logging plus a de-identification pipeline before internal compliance would approve production. Pilot had been running on default cloud-vendor logging; nothing usable for audit.
De-id helpers built (regex + LLM-based PII scrub on inbound clinical text). Immutable audit log moved to append-only S3 with a hashed manifest per write; archived to Glacier on a 90-day cadence. Model-card scaffolding written for the internal governance review committee. Cost-floor model swap (Sonnet 4.6 for adjudication, Haiku 4.5 for triage) shipped with the same audit-log instrumentation.
Same pricing as every other AI services pillar we run. The audit is the entry point; about half of governance engagements ladder into a remediation pilot inside the quarter, and continuous engagements typically pick up the next two or three use cases on the roadmap. No annual contracts.
Five-day audit that ends with a written gap report mapped to EU AI Act + NIST AI RMF + ISO 42001 — not a slide deck.
Ship the audit's top remediation block. Eval suite hardened, audit log retained, model card written, red-team regression in CI.
Embedded governance engineering on the rest of the roadmap — new use cases, new vendors, new jurisdictions, new exploits.
Book the fixed-fee AI governance audit. Five days, four written engineering deliverables, one framework crosswalk, one 30-60-90 remediation roadmap. We map your system to EU AI Act risk tiers, NIST AI RMF functions, and ISO 42001 controls; we run an OWASP LLM Top 10 red-team; we leave behind a gap report your audit committee or your next enterprise buyer can read.
AI governance work usually ladders into a Claude or OpenAI engineering engagement, sits alongside an industry-specific pillar like healthcare or legal, or pairs with an integration build. These pages go deeper on each lane the audit might land on.
The strategy-side of governance — discovery audit-led roadmap before the engineering pilot.
The engineering deliverables — eval suite, audit log, model registry — we ship on every build.
Multi-step autonomous agents with the prompt-injection regression suite wired in from day one.
AI plugged into Salesforce, NetSuite, Slack — with the audit-log + lineage stack inherited.
HIPAA-shaped governance: BAA + PHI scrub + audit log + de-id helpers — shipped on shipped pilots.
HIPAA-pathway RAG with audit-logged retrieval and a clinical eval set we built from EMR notes.
Indemnity / IP clause extraction with precision-on-adversarial-clauses eval; full audit trail.
ISA-99 / IEC 62443 OT gate. Read-only PLCs. Where AI governance meets industrial controls.
The kill-points, eval gates, and audit logs we wire into every automation workflow. The governance posture in code.
Concrete methodology for keeping eval honest after cutover — frozen set, weekly replay, no-promote on regression. The CI half of every governance posture.
Decision support for choosing between RAG, fine-tuning, hybrid, or prompt engineering — anchors the model-risk paper trail to a citable rubric.