AIR builds your readiness assessment, response plan, six scenario playbooks, regulatory notification matrix, and tabletop exercise kit from a three-minute intake. One PDF, delivered to your inbox in hours.
$1,495. One time. Price stated before you click anything.
Get your planSelf-service checkout through Stripe. No calls, no demos, no sales thread.
"Please send a copy of your incident response plan." Your cyber insurer at renewal · an enterprise customer's security questionnaire · an auditor's document request
Different senders, same email. And the honest answer in a lot of businesses is a template someone downloaded two jobs ago, with nobody's name in it. AIR exists so you can reply the same day, with a plan that is recognizably about your company.
Free and fast. It names nobody, matches nothing you actually run, and the people asking for it have read a hundred of them. It answers the email without answering the question.
A good consultant builds a strong plan over a number of weeks, at consulting prices. The right call for complex enterprises. Slower and heavier than most businesses need for a working plan this month.
Entirely doable. NIST publishes the guidance free of charge. Budget several working days, and someone on staff who enjoys reading framework documents and statute text.
AIR is the fourth option: the specificity of consultant work, at a fixed price, on a same-day clock.
One PDF, six components, built from your sixteen intake answers.
Every element of a 43-element catalog (NIST CSF 2.0 subcategories, organized to the NIST SP 800-61r3 incident response lifecycle) is accounted for: identified gap, or not asserted ready. No invented scores, no percentages.
Roles with write-in name slots, a SEV-1 to SEV-4 severity matrix, bright-line activation criteria, a communication order, and evidence rules your team can actually follow at 2 AM.
Ransomware, business email compromise, data breach, insider misuse, lost device, vendor breach. Steps match your reality: Microsoft 365 or Google Workspace, EDR or none, and the backup posture you actually reported.
Only the obligations your answers establish: HIPAA, SEC Form 8-K, FTC Safeguards Rule, NYDFS Part 500, state breach statutes, card brands, your insurance carrier. Each row carries its deadline and its citation.
A 60-minute facilitated scenario with timed injects, facilitator notes, and after-action questions. Your first exercise is on the calendar before the binder gets dusty.
Your gaps, ordered by risk and sequenced into three horizons, so the cheapest highest-leverage fixes land first.
Fixed price, stated up front. Your intake link arrives by email immediately after checkout.
How your business runs: who handles IT, what your email lives on, where backups stand, which rules touch your data. Plain questions, no document uploads, no connectors.
Print it. Write two names in the roles table. Put the tabletop on the calendar. Reply to the email that asked for your plan.
Your notification deadlines come from the cited rule text, selected in code from your answers. The AI cannot invent a regulator, a deadline, or a statute. Gaps stated by your own answers are computed directly and labeled "stated in your intake."
Summaries, context, and directional findings are drafted by the engine against a closed catalog. Anything it cites outside that catalog is dropped before it can reach your document. We built the guardrail because we know exactly how these models fail.
Every element is either an identified gap or "not asserted ready." Nothing is assumed in place because you paid us. The methodology page of your PDF says which findings came from your answers and which are directional, in plain language.
You are not buying seats, logins, or a dashboard to ignore. An agent does the work, a human-gated pipeline reviews the delivery, and you get the artifact. That is the AaaS difference.
The matrix cites the rules and summarizes the deadlines so your counsel starts from organized facts instead of a blank page. During a real incident, counsel confirms applicability. The deliverable says this on its face.
AIR is the plan, the playbooks, and the readiness picture. It does not watch your network or respond on your behalf. If you want continuous coverage afterward, that is what our subscription tiers are for.
No document makes you "compliant," and we will not pretend otherwise. AIR makes you prepared, on paper that holds up to the people who asked.
One-time purchase · no subscription required · delivered by email
Checkout runs through Stripe. Your intake link arrives immediately. The deliverable follows within hours of your intake, and in any case within 2 business days.
The pipeline generates and reviews your deliverable after you submit intake; most arrive the same day, often much faster. Our service commitment is within 2 business days at the outside. If we miss it, the Refund Policy applies: you get your money back.
Yes. The email-compromise playbook falls back to provider-agnostic steps that still name the moves: save sign-in history, revoke sessions, reset credentials, hunt persistence. The other five playbooks do not depend on your email platform.
They are used to build your deliverable, processed on US-based infrastructure, with the subprocessors listed on our Subprocessors page. No cloud connections, no agents installed, no telemetry collected. The intake is sixteen questions about how your business runs.
The major US overlays: the HIPAA Breach Notification Rule, SEC Form 8-K Item 1.05, the FTC Safeguards Rule notification requirement, NYDFS Part 500, state breach statutes, card-brand and acquirer obligations, and your cyber insurance carrier. Rows appear only when your answers establish they apply. If few apply to you, your matrix is short and says so honestly.
AIR is an agent built and operated by ElasticD3M, LLC, and we say so plainly. The parts that must be exact (deadlines, citations, catalog elements, playbook steps) are deterministic, curated content selected in code. The drafted parts are grounded against a closed catalog and a delivery gate reviews every PDF before it ships. The methodology page in your deliverable explains exactly which is which.
Your $1,495 credits in full toward the first month of any Aegis AI subscription tier within 30 days. The plan stands on its own either way; the subscription is for businesses that want the readiness picture maintained continuously, with evidence behind it.