Loading...
Insights on AI adoption, security, and technology. Delivered weekly.
Arctyra publishes practitioner-built frameworks, assessment tools, and training curricula. Each resource is grounded in engagement experience and designed for direct operational use.
A 17-question self-assessment that scores an organization's readiness to adopt AI across five dimensions: data infrastructure, technical capability, organizational maturity, governance and risk readiness, and strategic alignment. The output is an immediate PDF report with dimensional scores and a recommended next step. Free. 7 minutes.
A comprehensive 27-question assessment covering all five dimensions in full depth. Includes sub-dimensional analysis with per-question scoring, 15 prioritized actions sequenced by urgency, a 12-month action plan with quarterly milestones, and peer benchmarking. Delivered as a detailed PDF report your leadership team can act on. 15 minutes.
A 17-question self-assessment that scores your organization's security posture across six dimensions: data security, identity and access, network architecture, application security, operational resilience, and regulatory compliance. Includes vertical-specific modules for biotech, insurance, and financial services. Grounded in current threat intelligence from industry and government sources. Immediate results with dimensional scoring. Free. 5 minutes.
A structured assessment methodology for insurance carriers, MGAs, and insurtechs evaluating AI governance under NAIC Model Bulletin and EU AI Act requirements. The framework scores five risk domains: regulatory compliance, model risk, operational risk, data risk, and governance accountability. The output is a regulator-ready risk register with prioritized remediation roadmap.
A practitioner-written methodology for assessing the security attack surface created by AI adoption. The framework covers six risk domains: model-level threats, data risk, agentic workflow risk, supply chain risk, operational risk, and compliance. Incorporates the OWASP Agentic Skills Top 10 (AST10) taxonomy for assessing skill-layer security in agentic AI deployments. The output is a scored risk assessment with a prioritized remediation roadmap. Designed for CISOs, CTOs, and security teams evaluating AI deployments.
A structured training curriculum with four tracks covering executive leadership, operations teams, agentic AI architecture, and AI security. Each track is available as a standalone program or combined into a multi-track engagement. Programs include participant workbooks, post-training assessments, and a 90-day action plan.
Frameworks and standards we track and reference in our assessment methodology. Updated quarterly.
OWASP Foundation, 2025
The baseline risk taxonomy for LLM-powered applications. Covers prompt injection, insecure output handling, training data poisoning, model denial of service, and supply chain vulnerabilities. Required reading for any organization deploying LLM-based tools.
OWASP Foundation, December 2025
Addresses reasoning-layer and agent-level risks that sit above the protocol and skill layers. Covers excessive agency, inadequate sandboxing, and uncontrolled autonomy in multi-agent systems.
OWASP GenAI Security Project, December 2025
The application-layer risk framework for autonomous AI systems. Covers goal hijacking, tool misuse, identity abuse, and supply chain vulnerabilities specific to agents that plan, decide, and execute across enterprise workflows. Peer-reviewed by 100+ industry security experts.
OWASP Foundation, March 2026
The first security framework for the AI agent skill layer. Covers 10 risks specific to how agents orchestrate multi-step workflows, from malicious skills and supply chain compromise to weak isolation and absent governance. Includes a practical security assessment checklist and incident response playbook.
OWASP Foundation, 2025 (beta)
The protocol-layer companion to the LLM Top 10 and Agentic Skills Top 10. Covers security risks in Model Context Protocol implementations, including token mismanagement, context over-sharing, command injection, and software supply chain attacks on MCP servers and connectors.
OWASP GenAI Security Project, 2024
The governance-level checklist for CISOs and security teams establishing AI security programs. Covers risk management, regulatory compliance, and operational controls for organizations deploying LLM-powered applications.
OWASP GenAI Security Project, February 2026
Operational guidance for securing the connection point between AI assistants and external tools. Covers authentication, authorization, input validation, session isolation, and deployment hardening for MCP servers that operate with delegated user permissions and chained tool calls.
National Institute of Standards and Technology
The federal standard for AI risk governance. Organized around four functions: Govern, Map, Measure, and Manage. Required reference for organizations in regulated industries or those doing business with the federal government.
Cloud Security Alliance
A 7-layer threat model for agentic AI systems, from foundation models through agent ecosystems. Useful for mapping where specific risks emerge in a multi-agent architecture.
International Organization for Standardization
The international standard for establishing and maintaining an AI management system. Increasingly referenced in procurement requirements and regulatory examinations.
European Union
The first comprehensive AI regulation with legal force. Applies to any organization operating in or serving EU markets. Enforcement begins August 2026. North American companies with European operations or customers need to assess applicability now.
National Association of Insurance Commissioners
Adopted by 23+ states. Establishes regulatory expectations for AI use in insurance underwriting, claims, and pricing. The primary compliance reference for insurance carriers and MGAs deploying AI.