101s.aiContact
Engagements

Three ways to work with 101s.ai.

We don't replace your security organisation — we plug into it. Every engagement is mapped to your existing risk register, governance, and architecture, with deliverables your CISO and your engineers can both use.

Engagement 01

Decision-Maker Consultation

Who it's for
CEO / COO / CIO / CISO / Head of Engineering / Risk leadership
Outcome
A prioritised agentic-AI risk register, go/no-go criteria for proposed use cases, and a board-ready briefing — in two weeks.
What we cover
  • Working session with executive sponsors and security leadership.
  • Frame your agentic AI use cases against the joint-guidance risk taxonomy: privilege, design, behaviour, structural, accountability.
  • Map proposed agents to risk tiers and reversibility classes.
  • Identify the smallest set of controls required to safely pilot, and the explicit triggers for rollback.
  • Produce: risk register, go/no-go scorecard, two-page board briefing.
Book a consult
Engagement 02

Plan & Architecture Review

Who it's for
Architecture, platform, security engineering, vendor risk teams
Outcome
An independent, source-cited audit of the proposed or in-flight agentic system, with a sequenced remediation plan tied to allied government guidance.
What we cover
  • Architecture deep-dive: identity model, tool surface, data flows, prompt context, memory, sub-agent topology.
  • Threat model using OWASP GenAI / Agentic Top 10, MITRE ATLAS™, and joint-guidance risk classes.
  • Privilege and isolation review — least privilege, segmentation, just-in-time credentials, attestation.
  • Oversight and HITL design — checkpoint placement, quarantine policies, log integrity.
  • Mapping to NIST AI RMF, NIST 800-207 Zero Trust Architecture, CISA Secure-by-Design, OT principles.
  • Deliverable: prioritised findings + sequenced remediation roadmap with effort/impact estimates.
Request a review
Engagement 03

Guidance Watch & Quarterly Brief

Who it's for
CISO office, GRC, AI governance committee
Outcome
Continuous tracking of allied agency, NIST, OWASP, and MITRE updates relevant to your agentic stack — with plain-English impact assessment and a quarterly executive briefing.
What we cover
  • We watch ASD's ACSC, CISA, NSA, NCSC-UK, NCSC-NZ, Canadian Cyber Centre, NIST, OWASP, MITRE ATLAS™, ETSI SAI.
  • When something material changes, you get a same-week briefing: what changed, who's affected, what to do.
  • Quarterly executive read-out tailored to your environment.
  • Direct line for ad-hoc clarifications between briefings.
  • Optional: contribute findings into your internal governance forum (AI Council, ARB, Risk Committee).
Start the watch
How we engage
We work in fixed-scope, fixed-fee blocks. Every deliverable is source-cited to the underlying joint guidance and recognised standards (NIST, OWASP, MITRE, CISA), so your team can defend recommendations on their own.
Contact

Tell us what you're building.

Send a short description of the agent, the data it touches, and the decision you're trying to make. We'll reply within one business day.

We'll reply within one business day. We never share your information.