ai · security · skills

How it works

Build the capability one team at a time.Prove it before you scale.

Pick one security team. Fit a skill or two to the way it already works, and measure what changes. No big-bang, and nothing to rip out.

One team at a timebaseline
Pick one security function
Run the function diagnostic
Save the baseline: maturity × autonomy, the gate reading

Assess: One function, honestly measured. The diagnostic sets the baseline everything after is judged against.

What this app is

A methodology and a fitted skill library. Not a tool to buy.

This is an independent research practice for building an organisation’s own AI-Security Center of Excellence, fitted to the tools it already owns, with measured before/after. The 1,000+ skills are raw material; the value is the few you fit to a function and prove. Read the full argument on the home page →

Your role-specific path

Start with what worries you.

CISO

The board just asked: are we OK on AI?

Function head

Your team adopted AI before you decided anything.

Practitioner

Anyone can write an AI skill. Running ten of them safely is your problem now.

Compliance

Four AI regulations. One budget.

Non-technical adopter

About to paste something into an AI? Read this first.

DevSecAIOps

Your old gates catch bad code. Upgrade your pipeline for AI.

What you sign up for

Three short phases.Each one ends in a go or no-go.

You only fund the next phase after the last one pays off.

Phase 1 · A few weeks

Assess

Baseline one team. Where it stands today, graded on evidence, not opinion. No tooling change.

What you walk away with

A one-page diagnostic: where the team is, what each top gap costs to close, and the one or two moves that pay off most.

The decision

Fund the Pilot?

Phase 2 · A few weeks

Pilot

Fit the chosen skills to the team’s own tools and process. Run them on real work. Capture before and after.

What you walk away with

A measured before-and-after on real work, with the skill fitted to the function as a reusable asset.

The decision

Fund Scale?

Phase 3 · Ongoing

Scale

Roll the proven pattern across the team, then onto the next function. Each step is funded by the result of the last.

What you walk away with

A scaling cadence and a per-function rollup that ties up to the board view.

The decision

Which function next?

Why assess · the loop

You assess to earn the next rung of autonomy.

The diagnostic reads a function on two axes: how well its AI is governed, on the AI Security Maturity Model (AISMM, L1–L5), and how far its work is automated, on the AI Cyber Maturity Model (AI-CMM, L1 Manual→L4 Autonomous; our model · calibrated to SAE J3016, never a CSA or SAE rating). The gate connects them: autonomy must never outrun governance, because autonomy without measured governance is unpriced risk.

The industry frames it the same way. Forrester’s AEGIS (Agentic AI Guardrails for Information Security) framework argues for least agency, granting an agent only the autonomy your controls can catch: that is our gate. It argues for continuous assurance, re-verifying as systems change: that is our loop. External framing, cited not copied; the rubric underneath stays CSA (Cloud Security Alliance) AISMM and the AI Controls Matrix (AICM).

1 · Assess2 · Fix the top gaps3 · Re-assess4 · Advance one rungone rung per loop

Cadence: re-assess when something material changes (a new model, a new data class, a rung-advance attempt), not on a calendar.

What each rung advance requires

ManualAssisted

Gate clear: governance at L2 (Repeatable) for the workflow being assisted.

A human still approves every action, so written, repeatable procedure is the floor.

AssistedAugmented

Gate clear, plus Security Monitoring ≥ L3 and Incident Response ≥ L2.

Running AI in the loop demands monitoring and incident response in place — you must see what it does and respond when it errs.

AugmentedAutonomous

Gate clear, plus Security Monitoring ≥ L4 and Incident Response ≥ L3 and Model Security ≥ L2.

Letting AI act autonomously additionally demands model-security controls — adversarial testing and artifact integrity — before per-action human approval is removed.

Each pass hands youThe maturity radarA ranked gaps registerA fitted-few prescriptionA saved baseline you re-run

For leaders

You can’t fund what you can’t measure.

Every step is graded on evidence, costed, and proven before the next is funded.

A defensible starting point

Per team, where it stands today, graded on evidence. The number you’re improving from.

A costed next step

The one or two moves with the best return, each tied to a specific, auditable control. You know what you’re buying.

A pattern you can repeat

What works on one team becomes the playbook for the next, so the second function is faster than the first.

Where everything lives

Explore more, whenever you’re ready.

Home, the picture

Two mandate doors, the capability engine, and the maturity ↔ controls mapping.

Threats, the problem in plain English

The AI threats that matter, including the agentic category, each named with its fitted control. Cited, not reinvented.

Controls, the reference drill

Start from an obligation and narrow: lens → domain → control objective → the few skills that fit.

Tollgates, the DevSecAIOps gate framework

The pipeline gates that catch AI-specific failure modes before they reach production.

Explain, ask it in plain English

A fidelity-first Q&A over the real standards corpus, by text or voice.

Readiness pulse, the leadership self-check

An 11-question, five-minute self-assessment of your organization’s AI governance readiness.

Board, the portfolio scorecard

A one-glance read of maturity and autonomy across every function.

Plays, the workflows

The workflows the practice is organized around, each with its own KPI and fitted skills.

Case study, the proof

The methodology run end-to-end on a real app, measured.

Insights, the thinking

Essays and worked examples behind the method.

See it work

Two worked runs, end to end: a Security Operations team and an AI app’s jailbreak guard.

Anchored to

The CSA (Cloud Security Alliance) AI Controls Matrix (AICM) and AI Security Maturity Model (AISMM), mapped to the rules you answer to: the EU AI Act, ISO/IEC 42001 and NIST’s (National Institute of Standards and Technology) AI guidance, so satisfying one set clears many. See the crosswalk →

On the numbers. Every figure is modeled until it is measured on your own data, on a staging copy, with no production or real personal data involved.

Frequently asked questions

Every page here has its own FAQ.

Not one long list, six short ones, each answering how that specific page’s template works, not today’s numbers.

CISO

How the board template works.

Function head

How the diagnostic and rubric work.

Practitioner

How this page’s sections fit together.

Compliance

How to use these three sections together.

Non-technical adopter

How to read this page.

DevSecAIOps

How the gate framework works.

The acronyms, in one place.

AICM

CSA (Cloud Security Alliance) AI Controls Matrix, the verifiable control surface: 18 domains, 247 control objectives.

AISMM

CSA (Cloud Security Alliance) AI Security Maturity Model, how well you secure AI (L1 Initial → L5 Efficient).

AI-CMM

AI Cyber Maturity Model, our own model, calibrated to SAE (Society of Automotive Engineers) J3016’s automation levels, how autonomously a function defends (L1 Manual → L4 Autonomous).

AI-CAIQ

The questionnaire that baselines a function against the AICM, an attestation, not a self-score.

MECE

Mutually Exclusive, Collectively Exhaustive: every skill maps to exactly one AICM domain, no overlap, no gaps.

CSP / AP / MP / OSP

The four service-provider roles the auditing guidance is written for: CSP (Cloud Service Provider), AP (Application Provider), MP (Model Provider), OSP (Orchestrated Services Provider).

Focus areas

The four lenses: AI Security · AI Safety · Privacy · InfoSec / Cybersecurity.

Control objective

One specific thing you must do, assessed pass / fail.

Fit-point

Where a generic skill is adapted to your stack, the deliverable, not the raw skill.

SSRM

SSRM (Shared Security Responsibility Model): which controls your organization owns versus the AI provider owns.

Deployer / Provider

The two sides of that split. Deployer is the org that runs or embeds the AI; Provider built the underlying model or service.

Posture: operated vs procured

Whether you built and run the AI system yourself, or bought and configured someone else’s, changes which controls are yours to hold.

The gate

The rule that ties the two ladders together: autonomy (how independently AI acts) must never outrun maturity (how well it is governed).

Autonomy stages

The four AI-CMM (AI Cyber Maturity Model) rungs: Manual (no AI in the loop) → Assisted (AI drafts, a human approves) → Augmented (AI acts within scope, human supervises) → Autonomous (AI acts under policy, humans audit after).

Plays

The workflows the practice is organized around, each with its own KPI, required controls, and fitted skills.

Agentic: goal manipulation

An attacker hijacks what an autonomous agent is trying to do, not just one response.

Agentic: memory poisoning

An attacker tampers with the store an agent treats as its own ground truth.

Agentic: excessive permissions

An agent takes an unauthorized, destructive action outside its intended scope.

Agentic: deceptive behavior

An agent hides or misrepresents what it did, including tampering with its own logs.

Agentic: resource exhaustion

A runaway agent consumes compute or budget until the system degrades for everyone.

Start with one team.

Pick a function, run the short diagnostic, and see where it stands, in a couple of minutes.