High-touch · founder-delivered · three a month

The GCC AI-Agent Security & Compliance Assessment.

The moment your AI agent can act (call a tool, move money, decide about a person) it pulls obligations from up to five GCC regulators into scope at once: ADGM, CBUAE, DIFC, Dubai, and UAE Federal. We find the threats and map each one to the exact obligation it triggers, so you can deploy with proof instead of hope.

The clock is real. The CBUAE responsible-AI guidance and its regularization deadline are coming, and DIFC Regulation 10 is already in force. Start now and there is runway to fix what is found.

We’ll reply to scope it. Findings or it is free. Advisory estimate, not legal advice.

Our guarantee

Findings or it is free. If the assessment does not surface material, regulator-mapped findings you were not already tracking, you do not pay for it. And we rework the evidence pack until it is usable for your auditor. We do not guarantee compliance, certification, or that you will avoid a fine: every fine figure is an advisory estimate to verify with counsel.

What you get

  • A threat model, mapped to your regulator. Each threat tied to the specific ADGM, CBUAE, DIFC, Dubai or UAE Federal obligation it triggers, with a primary-source citation and an advisory AED exposure figure.
  • A board-ready report. Executive summary, composite risk, and a prioritized fix-this-first roadmap your leadership can act on.
  • An auditor-ready attestation pack. The obligations, an evidence register, and a sign-off block, plus a live readout call to walk your team through it.

How it works

1

Free coverage check

Paste a description of your system and see that we read your architecture correctly. It does not produce obligations: that is the paid work.

2

Coverage Snapshot, about 48 hours

A short, real assessment: the top findings, which regulators and roughly how many obligations are in scope, and the headline advisory exposure. The fee credits toward the full assessment.

3

Full Assessment, about 10 business days

The complete deliverable, scoped to your licence and regulator, plus a live readout call. Optional ISO 42001 gap add-on.

Prefer to look first? Run the free coverage check.

From Janreth: Agentic AI Threat Modeling. Every mapping traces to a primary source; figures are obligations in scope plus the regime-wide statutory ceiling, not a per-bug fine. Advisory estimate; verify before client use; not legal advice.

© Janreth · Privacy · Terms