How It Works
A continuous intelligence cycle from threat to test
AICAP implements a continuous intelligence cycle designed to transform raw assurance intelligence into prioritised, actionable test requirements. It complements your existing your existing test and evaluation workflows — AICAP provides the intelligence; your platforms execute the tests.
Monitor
Know within minutes when something changes that affects your AI systems. Continuous ingestion from CVE feeds, adversarial research, model registries, agent framework advisories, open-weight model disclosures, AI code generation vulnerability patterns, training data provenance alerts, and supply chain compromise notifications.
Correlate
Instantly understand which systems are affected. Trace vulnerabilities through model families, fine-tuning chains, agent tool dependencies, and multi-model pipelines. Behavioural fingerprinting for systems with unclear documentation.
Prioritise
Focus on what matters most. Multi-factor risk scoring weighs exploitability, operational context impact, agent autonomy level, supply chain exposure, and remediation complexity. Critical issues surface first.
Generate
Get test-ready in minutes. LLM-powered synthesis produces test specifications, adversarial scenarios, and red team targeting packages — including multi-step agent attack chains and tool-use injection scenarios.
Evaluate
Understand results, not just pass/fail. Automated analysis flags gaps, identifies inconclusive results, and generates audit-ready reports mapped to regulatory frameworks including the EU AI Act, SSCoP, ISO 27001, and sector-specific standards.
Feedback Loop
Every cycle makes the next one better. Results refine future prioritisation and test generation. The system learns which intelligence sources yield the highest-value discoveries.
Deploy Anywhere You Operate
AICAP is built for real-world deployment constraints. Choose the deployment model that fits your environment:
Commercial Cloud — API integration with leading providers for rapid deployment and scaling.
UK Sovereign Cloud — Accredited government platforms for OFFICIAL and OFFICIAL-SENSITIVE workloads.
Self-Hosted Air-Gapped — Open-weight models running on your infrastructure for classified workloads and air-gapped environments. No data leaves your network.
Containerised with Kubernetes across all deployment modes. Same capability, any environment.
A note on open-weight models: Sovereign AI in regulated and sovereign environments increasingly means self-hosted open-weight models. These have a fundamentally different risk profile — no vendor patching, community-discovered vulnerabilities, and unknown training data provenance. AICAP's Monitor stage is designed to track the open-weight ecosystem, so you'll know about risks before they compound through your fine-tuned deployments.
Complement, Don't Replace
AICAP is designed to integrate with your existing test and evaluation platforms via REST APIs. It won't ask you to rip and replace — it enriches what you already have with the intelligence layer that's missing.
SAML/OIDC authentication, Prometheus observability, and AlertManager integration mean AICAP will fit into your operational workflows from day one.