Harness Security Assessments as a Service
The capstone methodology module. B0–B11 are techniques, controls, and frameworks; B12 is the operational layer that turns them into a scoped, priced, reported, retestable engagement. The six-phase methodology (PTES / NIST SP 800-115 adapted) — Scoping, Reconnaissance, Discovery, Exploitation/Validation, Reporting, Retesting — with each phase tied to the module that supplies its content. The buyer is the CISO / AI security lead, and the deliverable is the scored artifact B9's checklist executor produces, packaged into a five-section report a board can read.
The six-phase methodology is a loop, not a pipeline — and only two phases are the testing B9/B10 supply. Scoping (B0 legal plane → SOW + scope file), Reconnaissance (B1 surface map), Discovery (B9 checklist + B10 chains), Exploitation/Validation (B0 minimum-proof), Reporting (B9 output packaged), Retesting (B0.2 residual-risk). An engagement that runs only the testing phases is 'run B9 and hand over the output' — half an engagement, illegal without scope, unsellable without a report, unverifiable without a retest. The retest feeds back into scoping for the next engagement; that loop is the recurring value.
Scoping is where B0's legal control plane gets written into the engagement contract, and the four-point enumeration is what makes it complete. Surfaces (B1 template), pinned model versions, provider authorizations (B0's three conditions — ToS / waiver / self-hosted; fail all three and the surface is out of scope), and exclusions. The most common scoping mistake is a client who says 'jailbreak everything' without checking their provider's terms — the deployer cannot authorize what the provider forbids, and the provider_authorization check runs at scoping, not at testing. The SOW carries seven clauses, three of them AI-specific (provider authorization, dual-use/disclosure, DMCA § 1201 waiver).
The engagement report is the same scored artifact B9's checklist executor produces, packaged into five sections for a CISO. B9's 8 PASS/FAIL + 2 MEASURED rows become findings F-01..F-10; B10's chains become F-11+ that the checklist alone misses; the B9 risk-to-module mapping becomes the control matrix. The report generator enforces the honesty at the output layer — it rejects a finding with no taxonomy reference, a MEASURED finding without a success rate, and a Critical finding without a remediation route. The strictness is what prevents the '10/10 PASS' lie a client may demand.
Retesting measures residual risk, never binary 'fixed' — and the service's long-term value is comparable artifacts across releases. The verdict is Resolved / Improved / Unchanged / Regressed under identical conditions (same harness, same sampling, same pinned model version). The retest re-runs the FULL B9 checklist and re-attempts the B10 chains because a patch can open a new gap or reroute a chain. The four-layer packaging (methodology, tooling, templates, evidence) is what makes artifacts comparable across releases — the injection-success-rate trend over six releases is what a CISO buys. Drift in any layer breaks the comparability.