Evidence · Redacted sample

What a Private AI Readiness Assessment actually looks like.

A redacted, illustrative version of the deliverable you receive — the structure, the depth, and the kind of judgment you're paying for. Representative of real engagements; no real client.

Illustrative sample

This page is a redacted, composite example built to show the shape and depth of a real assessment — not the record of any specific client, and not a real organization's data. Figures are illustrative. A real deliverable is a written report plus a live walkthrough, scoped to your environment and your obligations.

The engagement, at a glance

The question it answers
Can we run AI on our own data — safely, compliantly, and on infrastructure we control — and what will it actually take?
Format
Fixed fee. Fixed scope. Two to three weeks.
Deliverable
A written report and a live walkthrough with your team.
What it decides
Whether and how — it does not build anything. Implementation is a separate, clearly scoped engagement.

The client, anonymized

A regulated mid-market organization — roughly 250 staff — holding sensitive customer and operational records under more than one compliance obligation. Leadership was under board pressure to “do something with AI,” several teams were already pasting confidential material into public chatbots, and no one could answer the first question that matters: if we do this, where does our data actually go?

The goal of the assessment was not to say yes or no. It was to replace that uncertainty with a plan the organization owns.

Candidate use cases: what’s worth doing

The engagement began by inventorying every AI use case the business actually wanted — not the ones a vendor was selling — and triaging each one on business value against data-exposure risk. The value of this table is as much the two rows we told them to stop as the three we told them to start.

Candidate use caseBusiness valueData sensitivityVerdict
Internal knowledge assistant over policies, procedures, and contractsHigh — cuts research time across several teamsHigh — corpus contains regulated and confidential materialProceed — private only
Drafting customer response lettersMedium–highHigh — customer PIIProceed — human in the loop
Internal developer code assistanceMediumMedium — proprietary sourceProceed — isolated instance
Summarizing recorded customer callsMediumHigh — recordings, consent, residencyDefer — resolve consent & retention first
Public marketing copy generationLowNoneOut of scope — fine on commercial tools

The last row matters as much as the first: not everything needs to run inside your walls. Spending private-AI effort on data that was never sensitive is its own kind of waste.

For the three use cases worth doing, the recommendation was a single private stack: every component runs on infrastructure the organization controls, and no regulated data is sent to an outside model provider. The diagram below is the reference design the report is built around.

Private AI reference architectureStaff access an application layer inside your security boundary. Inside the boundary, an orchestration layer performs retrieval-augmented generation against a local large language model running on hardware you own, a retrieval index of your documents, and your own data sources — all protected by HSM-backed key custody. The connection to public third-party model APIs, shown outside the boundary, is severed: no regulated data leaves the enclave.Your peopleAUTHENTICATED STAFF · SSOYOUR SECURITY BOUNDARY · THE ENCLAVEENCRYPTION & KEY CUSTODY · HSMApplication layerCHAT / ASSISTANT UIOrchestrationRETRIEVAL (RAG) · GUARDRAILSPROMPT + OUTPUT AUDIT LOGLocal LLMRUNS ON HARDWARE YOU OWN (GPU)Retrieval indexVECTOR EMBEDDINGS OF YOUR DOCSYour data sourcesDOCUMENTS · RECORDSSYSTEMS OF RECORDBLOCKED — NO REGULATED DATA LEAVESPublic model APIsTHIRD-PARTY · OUTSIDE YOUR CONTROL
Reference design. Every component runs inside your boundary; key custody is HSM-backed and cross-cutting; the path to public model APIs is deliberately severed.

On the limits of this claim — stated plainly, because it’s the kind of thing a serious buyer checks. This architecture keeps regulated data inside your control while it is in use: it never leaves your boundary and is never handed to a model you can’t see into. That is a sovereignty guarantee, not a memory-encryption one — on its own it does not protect plaintext in RAM from a fully compromised host. Where that specific threat is in scope, the report says so and adds confidential-computing measures (a hardware trusted execution environment and attestation) explicitly, rather than implying them. Owning the hardware is necessary; it isn’t the whole story, and a good assessment doesn’t pretend it is.

Data-protection & compliance findings

Findings are mapped to the organization’s actual obligations — whichever frameworks apply (for example HIPAA, GLBA, PCI-DSS, NIST 800-171 / CMMC, or state privacy law), not a generic checklist. A representative subset:

Finding 01 — Shadow AI already in use (High)

Staff were pasting regulated material into public chatbots with no policy and no record. Recommendation: stand up the private assistant as the sanctioned alternative, then close off the public tools — you can’t police a gap you haven’t filled.

Finding 02 — Key custody undefined for the new stack (High)

The proposed vector index and document store would hold embeddings and copies of regulated data with no decision on who holds the keys. Recommendation: HSM-backed key custody, owned by you, before any data is ingested.

Finding 03 — Prompt and output logging unbounded (Medium)

The assistant’s audit log would itself become a concentrated store of sensitive prompts and answers. Recommendation: scope, encrypt, and set retention on the log up front — treat it as regulated data, because it is.

Phased roadmap

Phase 0 — This assessment
Decide whether and how. You leave with the plan on this page, whether you build it with me or on your own.
Phase 1 — Private assistant (pilot)
One high-value use case, one team, on the reference stack. 6–10 weeks. Illustrative build estimate: $40k–$70k depending on data sources and integration depth.
Phase 2 — Expand & harden
Add the remaining approved use cases; formalize monitoring, retention, and access review. Sized after the pilot.
Ongoing
Optional advisory retainer to keep the roadmap and the controls honest as it grows.

Figures above are illustrative and exist to show that the deliverable includes real cost estimates — your numbers are scoped to your environment.

Two things. First, the call-summarization use case — deferred until consent and retention were sorted, not because it couldn’t be built but because building it first would have created a new problem while solving a smaller one. Second, a heavier confidential-computing tier the organization did not yet need: real, but premature for their threat model and budget. If the honest answer is that you need less than you feared, that’s the answer you get.

Book a working call See how the engagement works