Not a general cyber programme — a targeted AI uplift.
Most organisations don't need a full security review — they already have one, or their MSP handles it. What they need is a security uplift targeted at the specific risks AI adoption introduces: oversharing of sensitive data through Copilot, identity weaknesses that AI tools amplify, and AI-specific risk controls that traditional cyber frameworks don't cover. This engagement is that targeted uplift.
Duration: 6–8 weeks elapsed. 20–30 senior days, 8–12 graduate days.
What you get
Identity Model Assessment
Entra ID hygiene, conditional access, privileged access — reviewed specifically for AI adoption risks, not generic security standards.
Data Sensitivity & Oversharing
Microsoft Purview sensitivity labelling assessment, oversharing exposure via Copilot, and DLP policy alignment.
AI-Specific Risk Controls
Prompt injection, data exfiltration via AI tools, model risk — controls that traditional cyber frameworks don't cover.
Remediation Backlog
Prioritised findings with effort estimates and architecture recommendations your team or MSP can implement.