AI Security Services
Built for the Real World

Fixed-scope engagements. Clear deliverables. Pricing that makes sense. Every service designed to help you deploy AI securely and in compliance.

Assessments

Know Your AI Risk Before It Becomes an Incident

AI Threat & Risk Assessment

Duration: 2-3 weeks$8,000 - $15,000

Your AI systems have attack surfaces you haven't mapped yet. This assessment identifies them.

  • Complete inventory of AI/ML systems, models, data pipelines, and third-party AI services
  • Threat modeling using STRIDE and MITRE ATLAS frameworks
  • Risk assessment: prompt injection, data poisoning, model theft, adversarial attacks, supply chain
  • Evaluation of AI-specific access controls, logging, and monitoring
  • Prioritized risk register with remediation recommendations
Deliverable: AI Risk Register + Remediation Roadmap (detailed report + executive summary)

Best for: Companies deploying AI that haven't conducted a formal AI security assessment

Book Discovery Call →

LLM / GenAI Security Review

Duration: 1-2 weeks$5,000 - $10,000

Focused assessment of your generative AI deployments — chatbots, copilots, RAG pipelines, and AI-powered features.

  • Prompt injection testing (direct and indirect)
  • Data leakage and PII exposure analysis
  • Output filtering and guardrail effectiveness review
  • RAG pipeline security assessment
  • API security review for LLM integrations
  • Cost and abuse vector identification
Deliverable: LLM Security Findings Report + Hardening Guide

Best for: Companies using LLMs (ChatGPT, Claude, custom models) in production

Book Discovery Call →

AI Red Team Exercise

Duration: 2-4 weeks$15,000 - $30,000

Think like an attacker. We test your AI systems the way an adversary would.

  • Adversarial prompt injection campaigns
  • Data extraction and exfiltration attempts
  • Model evasion and manipulation testing
  • Training data poisoning feasibility analysis
  • Social engineering vectors targeting AI workflows
  • Detailed exploit documentation with proof-of-concept demonstrations
Deliverable: AI Red Team Report with exploits, business impact analysis, and remediation priorities

Best for: Companies with mature security programs looking to validate their AI defenses

Book Discovery Call →
Governance & Compliance

Build AI Governance That Satisfies Auditors and Accelerates Business

AI Governance Program Design

Duration: 4-6 weeks$15,000 - $25,000

A comprehensive governance framework for your AI operations, designed for your size, industry, and risk profile.

  • AI use case inventory and risk classification
  • Framework selection and mapping (NIST AI RMF, ISO 42001, EU AI Act)
  • Complete AI policy suite: Acceptable Use, Ethics, Risk Management, Data Governance, Vendor Assessment
  • Governance committee charter and operating model
  • Roles and responsibilities matrix
  • KPI and metrics framework for AI governance
Deliverable: Complete AI Governance Framework + Policy Suite + Implementation Guide

Best for: Companies with no formal AI governance seeking a structured program

Book Discovery Call →

EU AI Act Compliance Readiness

Duration: 3-4 weeks$10,000 - $20,000

The EU AI Act is the world's first comprehensive AI regulation. Enforcement has begun. Are you ready?

  • AI system inventory and risk classification (Unacceptable / High / Limited / Minimal)
  • Gap analysis against EU AI Act requirements for your risk tier
  • Conformity assessment preparation for high-risk AI systems
  • Documentation and transparency requirements mapping
  • Ongoing monitoring and compliance maintenance plan
Deliverable: EU AI Act Compliance Roadmap + Risk Classification Matrix + Gap Analysis Report

Best for: Companies with EU customers, operations, or data subjects

Book Discovery Call →

SOC 2 Acceleration + AI Controls

Duration: 3-6 months$15,000 - $35,000

SOC 2 readiness accelerated with AI-specific controls built in from the start — not bolted on after the fact.

  • Trust service criteria mapping with AI-specific controls
  • AI-powered policy generation and gap analysis
  • Control design and implementation guidance
  • Evidence collection automation recommendations
  • Auditor communication and management
Deliverable: Audit-ready SOC 2 program with AI controls mapped and documented

Best for: SaaS companies preparing for their first SOC 2 audit while deploying AI

Book Discovery Call →

HITRUST Certification Sprint + AI

Duration: 6-12 months$25,000 - $55,000

HITRUST certification using Bastille's proven framework that achieved certification in as little as 9 months. Now with AI-specific controls integrated.

  • MyCSF scoping and assessment configuration
  • Control implementation guidance across all HITRUST domains
  • AI-specific control mapping and implementation
  • Policy and procedure development
  • Evidence collection and management
  • Validated assessment coordination and remediation support
Deliverable: HITRUST certification achieved with AI controls fully mapped

Best for: Healthcare and healthtech companies deploying AI that need HITRUST certification

Book Discovery Call →
Fractional Leadership

CISO-Level AI Security Leadership.
Without the $400K Salary.

Senior security leadership with deep AI expertise at a fraction of the cost of a full-time hire.

Advisory Tier

5-10 hours/month
$5,000 - $7,500/mo
  • Board and executive AI risk reporting
  • Strategic guidance on AI security priorities
  • Ad-hoc questions and review

Standard Tier

15-20 hours/month
$10,000 - $15,000/mo
  • Everything in Advisory, plus:
  • AI security program management
  • Vendor AI security evaluations
  • Policy development and maintenance
  • Team mentoring and hiring guidance

Premium Tier

25-30 hours/month
$15,000 - $20,000/mo
  • Everything in Standard, plus:
  • Full security program oversight
  • Incident response leadership
  • Compliance program management
  • Direct team management

3-month minimum commitment · Monthly billing · 30-day notice after initial term

Process

How We Work

1

Discovery Call

Free, 30 minutes. We learn about your challenges, you learn about our approach.

2

Scoping & Proposal

Fixed-scope proposal in 1-2 business days. Clear deliverables, timeline, and pricing.

3

Kickoff & Delivery

Fully remote. Weekly check-ins, async collaboration, transparent progress tracking.

4

Deliverables

Final deliverables presented live. Executive summary + detailed report. Knowledge transfer included.

5

Ongoing Support

Continue with a retainer or engage us for follow-up projects as your program matures.

Frequently Asked Questions

Do I need to be in a specific industry?

We specialize in healthtech and SaaS but work with any company deploying AI that needs security and compliance guidance.

Is everything fully remote?

Yes. All engagements are delivered remotely. We use Slack/Teams, Zoom/Google Meet, and your preferred documentation platform.

How quickly can you start?

Most engagements begin within 1-2 weeks of signed agreement. For urgent needs, we can accommodate faster timelines.

Do you replace our internal security team?

No. We complement your team by providing AI-specific security expertise. We often work alongside existing CISOs, security engineers, and compliance teams.

What if we need more capacity than one consultant?

Bastille has a network of vetted AI security professionals we can deploy on larger engagements. Same quality, same methodology, more capacity.

Let's Talk About Your AI Security

Free 30-minute discovery call. No obligation. No sales pitch. Just an honest conversation about your AI security needs.

Book Your Discovery Call →