Your AI. Managed.

Most businesses adopt AI with zero governance, no security review, and nobody watching the costs. We fix that. Take the 2-minute assessment — see exactly where you stand and what you're leaving on the table.

Answer 7 Questions

Get Your Score + Report

Book Free Consultation

What AI tools is your team using?

None — we haven't adopted AI yet ChatGPT / Copilot casually Multiple AI tools, some with company data AI is embedded in our workflows / products

What data passes through your AI tools?

Public information only Internal emails and documents Customer PII or financial records Regulated data — healthcare, legal, government

Do you have an AI usage policy?

No — staff use whatever they want We have informal guidelines Written policy exists but isn't enforced Formal AI governance with enforcement

How do you monitor AI tool usage?

We don't — zero visibility We track which tools are being expensed Some logging in place (API keys, SSO) Full monitoring — DLP, model inputs/outputs tracked

Have you assessed AI-specific risks?

No — never considered We've discussed it but no formal assessment Partial assessment — some risks identified Formal AI risk assessment completed

How do you manage AI costs?

No tracking — buried in expense reports We check monthly bills after the fact Budgets set per team but no optimization Active cost monitoring with optimization

Is your team trained on AI security?

No training whatsoever Occasional mentions in team meetings Annual awareness session Ongoing training with role-specific modules

Four Ways to Protect Your AI

Start where you are. Scale as you grow. Every tier includes a written report with clear next steps.

Tier 1: AI Readiness Scan

$750 AUD

One-time assessment — delivered in 48 hours

INCLUDES 7-domain AI posture assessment
INCLUDES Written gap analysis report (PDF)
INCLUDES Risk rating per domain (Governance, Data, Cost, Training, Monitoring, Risk, Compliance)
INCLUDES 12-month AI maturity roadmap
INCLUDES Insurance-readiness score for AI tools

TIMELINE: 2 hour session + 48hr report delivery

Start Your Scan

Tier 2: AI Security Build

$3,500–$6,000 AUD

One-time build — delivered in 2-4 weeks

INCLUDES Custom AI Acceptable Use Policy (AU-compliant)
INCLUDES AI tool governance framework + approval workflow
INCLUDES Data classification schema for AI inputs/outputs
INCLUDES Staff AI security training module (customised)
INCLUDES Vendor AI risk assessment for 3 tools
INCLUDES AI incident response playbook

TIMELINE: 2-week engagement + documentation pack

Book Your Build

Tier 3: Managed AI Operations

$1,200–$1,800 AUD/mo

Ongoing management — month-to-month, no lock-in

INCLUDES Monthly AI posture report with trend analysis
INCLUDES AI cost monitoring + optimisation recommendations
INCLUDES Quarterly policy review against regulatory changes
INCLUDES AI tool inventory health checks (licences, shadow IT)
INCLUDES Staff AI security awareness refresher (quarterly)
INCLUDES Priority incident support (4hr response SLA)

TIMELINE: Onboarding week 1, then ongoing monthly cycle

Explore Operations

Tier 4: vCISO for AI

$2,500–$4,000 AUD/mo

Strategic leadership — quarterly commitment

INCLUDES Everything in Tier 3 (Managed Operations)
INCLUDES Board-level AI risk reporting (quarterly)
INCLUDES ISO 42001 (AI Management) readiness program
INCLUDES AI ethics framework alignment (AU AI Ethics Principles)
INCLUDES Vendor AI risk program (ongoing assessments)
INCLUDES Monthly strategy sessions with leadership
INCLUDES AI procurement review for new tools

TIMELINE: Onboarding month 1, then quarterly reporting cycle

Inquire About vCISO

How We Deliver

Every tier follows the same battle-tested pipeline — no black boxes, no surprises.

Intake & Scope

30-min discovery call. We map your AI footprint — tools, data flows, teams, budgets. You get a scoping document before anything is billed.

Assessment

7-domain AI posture review. Governance, data protection, risk management, cost control, team readiness, monitoring, and compliance mapped against your industry benchmarks.

Build & Document

Policies, frameworks, playbooks, and training — customised to your business. Delivered as a structured documentation pack with version tracking.

Operate & Report

Monthly posture reports, cost dashboards, policy reviews, and incident support. Ongoing monitoring with trend analysis and quarterly board summaries.

Common Questions

What's the difference between Tier 3 (Managed Ops) and Tier 4 (vCISO)?

Tier 3 is operational — we monitor, report, and maintain your AI security posture month to month. Tier 4 is strategic leadership — we sit with your board, align AI security to business goals, run ISO 42001 readiness programs, and provide vendor-wide AI risk oversight. Think Tier 3 = monitoring + reporting. Tier 4 = monitoring + reporting + strategy + board-level governance.

Do I need to start at Tier 1?

No. If you already know where your gaps are — or you've been told by an insurer, auditor, or client that you need AI governance — jump straight to Tier 2. Tier 1 is designed for businesses that don't yet know their AI risk exposure.

Is this just another AI policy template?

No. Every deliverable is custom-built to your tools, your data, your team structure, and your industry. We don't ship generic templates. Your AI Acceptable Use Policy will reference your actual tools (ChatGPT Enterprise, Copilot, Claude, etc.) and your actual data classifications. Templates are for people who don't understand AI risk — you're paying us because we do.

How does this relate to xysec.io?

Managed AI services at lil.business cover assessment, governance, training, and cost management — the advisory layer. For technical security monitoring (SIEM, 24/7 SOC, endpoint detection), clients are referred to xysec.io — the cybersecurity firm where our founder serves as Operations Director. This separation keeps advisory independent from infrastructure delivery, and you always know who's responsible for what. Full disclosure is provided in every engagement letter.

What industries do you work with?

Australian SMBs across healthcare, legal, financial services, real estate, manufacturing, construction, retail, and marketing agencies. If your industry handles sensitive data (PII, health records, financial information) and you use or plan to use AI tools, we're built for you.

Can you help with ISO 42001 certification?

Yes — under Tier 4 (vCISO for AI). We run a structured ISO 42001 AI Management System readiness program covering context of organisation, leadership, planning, support, operation, performance evaluation, and improvement. We get you audit-ready, not just compliant-on-paper.

Entity Disclosure: Managed AI services are delivered under lil.business (sole trader — Monster). Technical security monitoring (SIEM, 24/7 SOC) is delivered under xysec.io / SecureCloud Pty Ltd, where Monster serves as Operations Director. This is a related-party referral disclosed in every engagement letter. Clients are under no obligation to engage xysec.io.