daylite / review kit
Get started, $490
For AI-agent startups selling to enterprises

Your deal is stuck on the AI section of their security review.

Enterprise vendor questionnaires grew a new section in 2026. Agent inventory, action audit, model provenance, output monitoring, AI subprocessors. Your SOC 2 does not cover it. We write your answers for you, mapped to the standard reviewers use, and get you unstuck in a week.

Fixed price, delivered in 7 days. Full refund if it does not get you past the AI section.

VENDOR RISK ASSESSMENT · SECTION 7: ARTIFICIAL INTELLIGENCE7 of 12
7.31Provide an inventory of all AI models and autonomous agents in your product, including provenance and hosting.ANSWERED
7.32Describe how agent actions are logged. Can the logs be altered after the fact?ANSWERED
7.33How do you prevent our data from reaching third-party or foreign-hosted models?ANSWERED
7.34List all AI subprocessors, their data retention terms, and training-use commitments.ANSWERED
7.35Describe human oversight for consequential agent actions and how overrides are recorded.ANSWERED
How it works

Done for you. Not another blank template.

You are buying finished answers, written from your actual stack, not a kit you fill in yourself. Three steps, about a week end to end.

STEP 1

Check out, then a 30-minute intake

A structured form about your models, agents, data flows, and tools. No code, no credentials. That is all we need from you.

STEP 2

We write your pack

Your answers, drafted from your intake and mapped to CSA AI-CAIQ, NIST AI RMF, and ISO 42001. Every honest gap comes back with a fix, not a blank.

STEP 3

Delivered in 7 days, refined on a call

The full document set, plus a 1:1 to walk your reviewer's exact questionnaire. If it does not get you past the AI section, you get a full refund.

Why this exists

SOC 2 got you into the room. The AI section keeps you there for weeks.

Procurement teams bolted an AI module onto their standard vendor review this year. It asks questions your compliance platform has no answers for, because they are about your agents at runtime, not your policies on paper. Founders answer them one painful email thread at a time, and the deal waits. We watched it stall funded, SOC 2-certified teams for a month or more.

What you get

Six documents reviewers actually ask for.

You fill a 30-minute intake about your stack. We deliver the pack within 7 days, written in the framework language reviewers map against.

DOC

AI section answer bank

Tailored answers for the CSA AI-CAIQ, the 320-question standard reviewers adopted in 2026, plus NIST AI RMF and ISO 42001 mapping so the reviewer can check their boxes.

DOC

Agent and model inventory

The one-pager every reviewer asks for first: models, agents, hosting, provenance, what touches customer data.

DOC

Architecture and data-flow one-pager

Template plus a worked example. Where data enters, what the agent can reach, where it can never go.

DOC

AI addendum for your DPA

Training-use, retention, and subprocessor language for your counsel to review and attach.

DOC

Incident response one-pager

What happens when an agent misbehaves, who gets told, and how fast. Reviewers want to see you thought about it.

DOC

Evidence checklist

When they say "prove it", this is the list of artifacts to show, in the order they ask.

EARLY ACCESS

Documents say what your policies are. Live evidence shows what your agents did.

The Live Evidence tier adds a drop-in sidecar to your stack. Every consequential agent action lands in a tamper-evident, hash-chained log, and your trust page shows chain-verified numbers your customer's security team can check themselves. Compliance platforms cannot offer this. They are not in your runtime path. We are.

$ curl https://evidence.yourco.com/verify
{
  "status": "INTEGRITY_OK",
  "entries_verified": 48211,
  "agent_actions_governed": 48211,
  "pii_egress_blocked": 312,
  "hash_algorithm": "SHA-256",
  "signature_algorithm": "HMAC-SHA-256",
  "crypto_module": "FIPS-validated (AWS-LC-FIPS)"
}
Pricing

One deal unblocked pays for it many times over.

A compliance consultant for this runs five figures. The Kit is a fixed price with a money-back guarantee.

START HERE
Review Kit
$490
one time, done for you
  • All six documents, written from your intake
  • Delivered within 7 days
  • CSA AI-CAIQ v1.1, NIST AI RMF, ISO 42001 mapped
  • 1:1 call to walk your reviewer's questionnaire
  • Full refund if it does not clear the AI section
Get started, $490

Founding price. Rising after the first cohort.

Trust Page
$199
per month
  • Your kit, hosted on a page you send instead of email threads
  • Always current as your stack changes
  • Access requests and NDA gating
  • Update service for new questionnaire formats
Join waitlist
Live Evidence EARLY ACCESS
$499
per month
  • Drop-in sidecar, tamper-evident action log
  • Chain-verified counters on your trust page
  • One-click evidence export per customer review
  • FIPS-validated crypto module
Request access
✓ 30-minute intake, no code or credentials ✓ Delivered in 7 days ✓ Full refund if it does not clear the AI section ✓ No subscription, no lock-in
Who is behind this
DK

Dmitrii Karataev. Twenty years running infrastructure and security for enterprises. Today I run AI governance inside a US consumer-finance company, where these documents face real reviewers and real regulators, not hypothetical ones. The kit is the pack I wish every AI vendor had handed me.

We already have SOC 2. Do we need this?

SOC 2 is why you got the questionnaire at all. The AI section is the part SOC 2 does not cover: agents, models, provenance, runtime behavior. That is what the kit answers.

Why not just ask ChatGPT to answer the questionnaire?

Plenty of teams do, and reviewers have learned to spot it. Security teams now flag AI-drafted policy prose that describes controls the vendor does not have, and a caught hallucination stalls the review worse than a blank. The kit is different in kind: answers tied to your actual stack from the intake, and on the evidence tiers, backed by verifiable runtime records no chatbot can produce.

Is this a template I fill in, or done for me?

Done for you. You spend 30 minutes on the intake; we write the answers from your stack and deliver the finished pack. The only thing we hand you to edit is the DPA addendum, for your counsel to review.

Is this legal advice?

No. It is engineering and security documentation. Have your counsel review the DPA addendum before you attach it.

What do you need from us?

A 30-minute intake form about your stack: models, hosting, data flows, tools your agents can call. No source code, no credentials.

What if our reviewer asks something the kit does not cover?

Every order includes a 1:1 review call. Bring the actual questionnaire and we work through the gaps together. If it still does not clear the section, you get a full refund.