Essay
The companion to the build playbook — not what we build, but how to operate it on this platform to extract the most value, by role and by move.
31 May 2026 · 12 min read · Binu Chacko
Situation
You already pay for platforms that ship AI-security features.
Complication
They ship switched off, and nobody owns switching them on — so budget asks for what is already owned.
The question
“How much control coverage is already paid for?”
The answer
Map platform features to control objectives, turn on before buying — the leverage audit comes before the vendor call.
A companion to the CoE Modular Build Playbook. The playbook is what we build and why; this is how to operate it on this platform — by move, by lens, and by role.
The platform is the operating system for our AI Security & Safety Center of Excellence: a vetted skill substrate, the AI Controls Matrix (AICM) control spine that organises it, and a deployment method that turns it into measured capability — one function at a time. Three surfaces carry it: Library (the substrate), Engage (the deployment plan), and Insights (the strategy and the proof).
Everything here serves one loop. The platform’s value is the loop, not the catalogue.
| Move | What it means | The asset that powers it |
|---|---|---|
| Diagnose | Where a function actually loses time and assurance. | Engage — the maturity assessment |
| Prescribe | The few skills that close the gap. | Library — browse by domain / framework / instrument |
| Fit | Wire those skills to our tools, our data, our autonomy limits. | The skill record + the autonomy spectrum |
| Prove | Baseline before, measure after, report the real number. | Engage — the deployment plan; the honesty rules |
Three surfaces, three jobs. Reach for the one that matches your question.
| Surface | What it is | Reach for it when |
|---|---|---|
| Library | The skill substrate, under three lenses (domain / framework / instrument). | You need the actual capability — to find, evaluate, and fit skills to a workflow. |
| Engage | The deployment plan: the operating model, the maturity path, the assessment. | You are standing a function up, or showing leadership where we stand and what is next. |
| Insights | The build playbook, this operator guide, and the worked case study. | You need the strategy, the operating method, or the proof. |
The Library offers three lenses over the same substrate. The data truth never moves: every skill belongs to exactly one control domain. The lenses are ways of reading it — never second partitions.
Start here. Every skill maps to exactly one control domain; this is how we reason about coverage, ownership, and gaps. Browse a domain to see everything we hold for it.
Switch to this lens when a regulation or standard is driving the work — the General Data Protection Regulation (GDPR), EU AI Act, National Institute of Standards and Technology (NIST) AI Risk Management Framework, ISO/IEC 42001, MITRE ATLAS, the OWASP LLM Top 10. It surfaces every skill that maps to that obligation, regardless of domain.
Use this lens when you need to test a control, not just build it: the tools, in three lanes — testers (probe a skill or target), corpora (fixed input sets that fix a baseline), and controls (mitigations a tester grades).
Rule of thumb: domain to scope, framework to comply, instrument to verify.
A skill here is not a runbook. It is a governed object with five attributes. Read them in order — and to leverage a skill, work down the same list against our own environment.
| Attribute | Read it as | To leverage it |
|---|---|---|
| Trigger | What invokes the skill. | Confirm the trigger matches our workflow. |
| Encoded judgment | The senior call, written down once. | Adapt the judgment to our environment. |
| What the AI executes | The mechanical work it runs. | Wire the execution to our tools and data. |
| Where autonomy ends | The human-in-the-loop boundary. | Set the boundary to our risk appetite. |
| The control it satisfies | Its AICM domain(s). | Record the coverage; expose any gap. |
Autonomy is a setting, not a guess — climb the trust ladder one rung at a time: human-in-the-loop (AI proposes, a person approves), then human-on-the-loop (AI acts, a person monitors), then bounded autonomy (hard limits, mandatory rollback, full audit). Reversibility is the precondition for autonomy. The full mechanics live on the deployment plan.
Three moves each — the fastest path to value by who you are.
The moves that extract maximum value — work them in order.
Learn these three axes — not an authoring sub-category list. The first is the partition (the data truth); the other two are lenses over it.
The AICM control domains. Every skill belongs to exactly one:
The regulations and standards a skill maps to — privacy law (GDPR, HIPAA, CCPA, …) and security/AI frameworks (NIST AI RMF, MITRE ATLAS, ATT&CK, D3FEND). One skill can carry several.
The tools, kept structurally distinct: testers, corpora, and controls. A control is never graded by itself — that separation is the integrity check.
The rule that governs all three: the partition is the data truth — one primary domain per skill. The lenses are ways of reading it, never additional buckets.
What we do not do — straight from the doctrine that keeps this defensible.
Next: the full build sequence in the CoE Modular Build Playbook, or stand a function up with the deployment plan.
← Newer essay
The External-Assurance Artefact
Older essay →
The AI Security & Safety Center of Excellence: A Modular Build Playbook
Subscribe for the next essay.