How it works
Build the capability one team at a time.Prove it before you scale.
Pick one security team. Fit a skill or two to the way it already works, and measure what changes. No big-bang, and nothing to rip out.
Assess: One function, honestly measured. The diagnostic sets the baseline everything after is judged against.
What this app is
A methodology and a fitted skill library. Not a tool to buy.
This is an independent research practice for building an organisation’s own AI-Security Center of Excellence, fitted to the tools it already owns, with measured before/after. The 1,000+ skills are raw material; the value is the few you fit to a function and prove. Read the full argument on the home page →
Your role-specific path
Start with what worries you.
CISO
The board just asked: are we OK on AI?
Function head
Your team adopted AI before you decided anything.
Practitioner
Anyone can write an AI skill. Running ten of them safely is your problem now.
Compliance
Four AI regulations. One budget.
Non-technical adopter
About to paste something into an AI? Read this first.
DevSecAIOps
Your old gates catch bad code. Upgrade your pipeline for AI.
What you sign up for
Three short phases.Each one ends in a go or no-go.
You only fund the next phase after the last one pays off.
Phase 1 · A few weeks
Assess
Baseline one team. Where it stands today, graded on evidence, not opinion. No tooling change.
What you walk away with
A one-page diagnostic: where the team is, what each top gap costs to close, and the one or two moves that pay off most.
The decision
Fund the Pilot?
Phase 2 · A few weeks
Pilot
Fit the chosen skills to the team’s own tools and process. Run them on real work. Capture before and after.
What you walk away with
A measured before-and-after on real work, with the skill fitted to the function as a reusable asset.
The decision
Fund Scale?
Phase 3 · Ongoing
Scale
Roll the proven pattern across the team, then onto the next function. Each step is funded by the result of the last.
What you walk away with
A scaling cadence and a per-function rollup that ties up to the board view.
The decision
Which function next?
Why assess · the loop
You assess to earn the next rung of autonomy.
The diagnostic reads a function on two axes: how well its AI is governed, on the AI Security Maturity Model (AISMM, L1–L5), and how far its work is automated, on the AI Cyber Maturity Model (AI-CMM, L1 Manual→L4 Autonomous; our model · calibrated to SAE J3016, never a CSA or SAE rating). The gate connects them: autonomy must never outrun governance, because autonomy without measured governance is unpriced risk.
The industry frames it the same way. Forrester’s AEGIS (Agentic AI Guardrails for Information Security) framework argues for least agency, granting an agent only the autonomy your controls can catch: that is our gate. It argues for continuous assurance, re-verifying as systems change: that is our loop. External framing, cited not copied; the rubric underneath stays CSA (Cloud Security Alliance) AISMM and the AI Controls Matrix (AICM).
Cadence: re-assess when something material changes (a new model, a new data class, a rung-advance attempt), not on a calendar.
For leaders
You can’t fund what you can’t measure.
Every step is graded on evidence, costed, and proven before the next is funded.
A defensible starting point
Per team, where it stands today, graded on evidence. The number you’re improving from.
A costed next step
The one or two moves with the best return, each tied to a specific, auditable control. You know what you’re buying.
A pattern you can repeat
What works on one team becomes the playbook for the next, so the second function is faster than the first.
First 5 minutes
Get the most out of it in five steps.
No account, no setup. Each step is a real page, two minutes or less.
Start with the threats →
Plain-English AI threats, including the agentic category, each pointed to the one fitted control that answers it. The non-technical on-ramp.
See the whole picture →
How AI adoption is measured and governed across every team, the picture you fund from.
Look up a control →
By domain, framework, instrument or ownership.
Open one control domain →
See its real objectives, the standards crosswalk, the auditing guidance, and a fitted skill.
See the measured proof →
One app, one guard, one before-and-after.
Where everything lives
Explore more, whenever you’re ready.
Home, the picture →
Two mandate doors, the capability engine, and the maturity ↔ controls mapping.
Threats, the problem in plain English →
The AI threats that matter, including the agentic category, each named with its fitted control. Cited, not reinvented.
Controls, the reference drill →
Start from an obligation and narrow: lens → domain → control objective → the few skills that fit.
Tollgates, the DevSecAIOps gate framework →
The pipeline gates that catch AI-specific failure modes before they reach production.
Explain, ask it in plain English →
A fidelity-first Q&A over the real standards corpus, by text or voice.
Readiness pulse, the leadership self-check →
An 11-question, five-minute self-assessment of your organization’s AI governance readiness.
Board, the portfolio scorecard →
A one-glance read of maturity and autonomy across every function.
Plays, the workflows →
The workflows the practice is organized around, each with its own KPI and fitted skills.
Case study, the proof →
The methodology run end-to-end on a real app, measured.
Insights, the thinking →
Essays and worked examples behind the method.
See it work
Two worked runs, end to end: a Security Operations team and an AI app’s jailbreak guard.
Anchored to
The CSA (Cloud Security Alliance) AI Controls Matrix (AICM) and AI Security Maturity Model (AISMM), mapped to the rules you answer to: the EU AI Act, ISO/IEC 42001 and NIST’s (National Institute of Standards and Technology) AI guidance, so satisfying one set clears many. See the crosswalk →
Frequently asked questions
Every page here has its own FAQ.
Not one long list, six short ones, each answering how that specific page’s template works, not today’s numbers.
The acronyms, in one place.
AICM
CSA (Cloud Security Alliance) AI Controls Matrix, the verifiable control surface: 18 domains, 247 control objectives.
AISMM
CSA (Cloud Security Alliance) AI Security Maturity Model, how well you secure AI (L1 Initial → L5 Efficient).
AI-CMM
AI Cyber Maturity Model, our own model, calibrated to SAE (Society of Automotive Engineers) J3016’s automation levels, how autonomously a function defends (L1 Manual → L4 Autonomous).
AI-CAIQ
The questionnaire that baselines a function against the AICM, an attestation, not a self-score.
MECE
Mutually Exclusive, Collectively Exhaustive: every skill maps to exactly one AICM domain, no overlap, no gaps.
CSP / AP / MP / OSP
The four service-provider roles the auditing guidance is written for: CSP (Cloud Service Provider), AP (Application Provider), MP (Model Provider), OSP (Orchestrated Services Provider).
Focus areas
The four lenses: AI Security · AI Safety · Privacy · InfoSec / Cybersecurity.
Control objective
One specific thing you must do, assessed pass / fail.
Fit-point
Where a generic skill is adapted to your stack, the deliverable, not the raw skill.
SSRM
SSRM (Shared Security Responsibility Model): which controls your organization owns versus the AI provider owns.
Deployer / Provider
The two sides of that split. Deployer is the org that runs or embeds the AI; Provider built the underlying model or service.
Posture: operated vs procured
Whether you built and run the AI system yourself, or bought and configured someone else’s, changes which controls are yours to hold.
The gate
The rule that ties the two ladders together: autonomy (how independently AI acts) must never outrun maturity (how well it is governed).
Autonomy stages
The four AI-CMM (AI Cyber Maturity Model) rungs: Manual (no AI in the loop) → Assisted (AI drafts, a human approves) → Augmented (AI acts within scope, human supervises) → Autonomous (AI acts under policy, humans audit after).
Plays
The workflows the practice is organized around, each with its own KPI, required controls, and fitted skills.
Agentic: goal manipulation
An attacker hijacks what an autonomous agent is trying to do, not just one response.
Agentic: memory poisoning
An attacker tampers with the store an agent treats as its own ground truth.
Agentic: excessive permissions
An agent takes an unauthorized, destructive action outside its intended scope.
Agentic: deceptive behavior
An agent hides or misrepresents what it did, including tampering with its own logs.
Agentic: resource exhaustion
A runaway agent consumes compute or budget until the system degrades for everyone.