Where we're starting
Get ahead of the disclosure event.
The real risk isn't only a data leak — it's the moment ET has to answer for one. If a client question, an insurer audit, or a subpoena lands tomorrow, you need a defensible answer about which AI tools were in use, who used them, and what data was touched. Right now, those answers don't exist.
- Unsanctioned tools are already on endpoints. Personal Copilot, ChatGPT, Gemini accounts — plus vendor "AI" inside Procore and Sage — outside your visibility and outside any approval workflow.
- No enforceable policy in place. Without one, you have no defensible position when a client, insurer, or prime asks what protections were in force.
- Announcing first destroys the evidence. The moment employees hear "audit," logs and traces start disappearing. The work runs quietly until findings are ready.
What's in the audit
The deliverables
- AI Exposure Inventory. Every AI tool in use — corporate and personal — scored against your client confidentiality and insurance requirements.
- Endpoint & file-system review. Desktop AI installs and what project documents have been touched, uploaded, or shared with third-party models.
- Written findings report + policy requirements doc. Prioritized action plan plus what your attorney needs to draft the formal AI-use policy. We coordinate the handoff.
- Company-wide rollout session. Findings and new policy presented together — answering employee questions with answers, not speculation.
Our approach · A.P.I.
01Audit
Inventory every AI tool, account, and data path actually in use today.
02Policy
Draft the sanctioned-vs-banned boundary your attorney can sign and your team can follow.
03Implement
Roll out findings + policy in one coordinated session — no rumor cycle, no speculation.
How we work
Operating principle
The audit runs quietly, coordinated with you only — not announced internally, not shared with the broader team until findings are ready. That's how we preserve the logs and traces we need. The rollout lands at the close: your team hears "here's what we found, here's the new policy" in one coordinated moment.
Investment
3 weeks · 50% on signing, 50% on delivery