AI Risk Due Diligence

The AI Risk DD Report

Our flagship engagement produces a Shadow Simplex Score (SSS) report — a systematic, reproducible risk assessment derived from a patent-pending geometric framework. Two offering tiers are available:

SSPLX-001 Baseline Standard tier

Seven-factor defeasibility-weighted SSS across the dimensions enumerated below — XSC, SCS, ECI, MDI, SAI, CCI, VII — with shadow-simplex centroid analysis and tier classification. Coverage under US Provisional 64/066,231.

SSPLX-002 Extended Composite Premium tier

Adds the five-register stratification, the capability normalizer C(κ), the 9 × 6 risk-primitive matrix, and the transcendental meta-condition veto layer. Non-compensatory multiplicative aggregation throughout. Coverage under SSPLX-002-PROV.

Unlike qualitative audits or vendor-supplied model cards, the SSS report is:

Independent — no financial relationship with any model vendor; findings cannot be purchased into a favorable outcome

Quantitative — a numeric score derived from a documented, reproducible methodology, not narrative opinion

Court-defensible — structured to support regulatory response, litigation, and board disclosure obligations

Regulatory-mapped — findings cross-referenced against EU AI Act, NIST AI RMF, SEC, HIPAA, and DORA as applicable

What the report covers

Full SSS scorecard (7 dimensions)

EU AI Act risk tier classification

Model architecture integrity review

Training data lineage & copyright exposure

AIBOM (AI Bill of Materials)

Bias, fairness & disparate impact testing

Adversarial robustness assessment

Shadow AI system inventory

Model drift & monitoring gap analysis

Regulatory gap analysis (EU AI Act, NIST)

Security & supply chain risk review

Executive presentation (board-ready)

30/60/90-day remediation roadmap

Cost-to-remediate projections

Next available slot

June 2026

Q3 slots filling — recommend booking now

Request proposal & scoping call

Delivered in 2–4 weeks. Includes executive presentation + remediation playbook.

Typical pricing (2026)

Mid-market

1–3 AI systems, standard scope

$40K–$100K

Enterprise

Complex stacks, multiple systems

$100K–$200K

PE / M&A Expedited

Deal timeline pressure, rush delivery

Custom

Process

From first call to final report

Scoping call (30 min, no cost)

We review your AI system inventory, deal timeline, regulatory context, and key risk areas. You leave with a clear sense of engagement scope, timeline, and cost range — usually within 24 hours of the call.

Proposal & NDA execution (2–5 days)

We issue a scoped proposal with fixed pricing, clear deliverables, and timeline commitments. NDA and engagement letter signed before any data sharing begins.

Technical assessment (1–3 weeks)

We conduct the full SSS assessment: documentation review, architecture interviews, technical testing, regulatory mapping, and shadow AI discovery. You receive a weekly status update with any emerging findings flagged immediately if material.

Draft report & review (3–5 days)

Draft report delivered for factual accuracy review. We don't negotiate findings — but we correct factual errors and incorporate context you provide. Final SSS score does not change after this stage without written agreement.

Final delivery & executive presentation

Final report package delivered: written report, SSS scorecard, executive presentation deck, and 30/60/90-day remediation roadmap. We present findings to your board, deal team, or GRC committee — included in all engagements.

Scoring

The seven SSS dimensions

Every dimension is assessed independently using diagnostic protocols derived from the Shadow Simplex Framework, then weighted to produce the composite score.

XSC

Cross-System Coherence

Measures whether AI systems across your stack produce consistent, coherent outputs — or whether multi-system pipelines introduce compounding errors and semantic drift. Tests for cascade failure conditions.

SCS

Systemic Control Strength

Evaluates the governance controls in place: model lifecycle management, access controls, output monitoring, human-in-the-loop configurations, and incident response capability.

ECI

External Compliance Index

Maps the system's current posture against applicable regulatory obligations — EU AI Act Article 9/17/69, NIST AI RMF, SEC cybersecurity disclosure rules, HIPAA, DORA, and SR 11-7 as applicable.

MDI

Model Drift Index

Assesses the organization's ability to detect and respond to model drift — both conceptual drift (changing input distributions) and behavioral drift (shifting output patterns over time). Identifies monitoring gaps.

SAI

Shadow AI Index

Discovers and catalogs AI systems operating outside formal IT governance — including personal LLM accounts, unregistered API integrations, and departmental deployments without enterprise review. Often the highest-risk dimension for large enterprises.

CCI

Cascade & Contagion Index

Models failure propagation risk: if one AI system in your architecture makes a significant error, how far does it propagate? Identifies architectural chokepoints and missing isolation boundaries.

VII

Value & IP Integrity

Reviews training data provenance, copyright exposure in model outputs, IP ownership structures for custom models, and the AIBOM (AI Bill of Materials) for third-party components. Critical for M&A transactions where AI is a material asset.

FAQ

Common questions

Standard AI audits produce narrative reports with qualitative findings. The SSS is a numeric score derived from a documented, reproducible methodology — the SSPLX-001 baseline aggregates seven weighted dimensions; the SSPLX-002 extended composite adds non-compensatory multiplicative aggregation, five register sub-scores, the capability normalizer C(κ), and a transcendental meta-condition veto layer. Closer to a credit rating than a consultant's memo. Direct comparison across systems, tracking over time, and a single defensible composite for regulatory and M&A purposes.

Not necessarily. The scope depends on your situation. For third-party model assessments we typically work from API access, model cards, and architecture documentation. For custom model audits we prefer secure access to model artifacts. For shadow AI discovery we use network-level signals and HR/IT inventory data. Every engagement begins with an NDA before any access is granted.

Yes. We offer expedited timelines for deal situations. A scoped single-system assessment can be delivered in 7–10 business days. For complex multi-system stacks under deal pressure, we'll discuss what a phased approach looks like — initial findings in week one, complete report by close. Expedited pricing applies.

The foundational research is published as a public pre-print: "The Shadow Simplex: A Critical Framework for Analyzing Failure Modes in Self-Evolving Multi-Agent Reinforcement Learning Systems." The scoring methodology (SSS), dimensional weights, and diagnostic protocols are proprietary and protected by pending patent.

Yes — SSS Continuous Monitoring is a subscription service starting at $2K/month. It delivers weekly SSS delta reports, model drift alerts, regulatory change notifications, and shadow AI discovery feeds via API or dashboard. Many clients start with an AI-DD report and transition to continuous monitoring for ongoing assurance.

Fintech, regtech, and healthcare AI are our primary verticals — industries where regulatory exposure and data sensitivity are highest. We have particular depth in financial services model validation (SR 11-7), HIPAA-adjacent AI applications, and enterprise data infrastructure with AI components. We serve clients nationally, with especially strong presence in the Southeast US.