# Ravenkeep AI

> Ravenkeep AI is a private AI consulting practice for security-sensitive organizations. The work covers self-hosted AI deployment, private-cloud AI architecture, secure retrieval (RAG), AI governance, threat modeling, and disciplined rollout for regulated and trust-driven environments.

Ravenkeep AI is a focused, intentionally narrow practice. Engagements concentrate on one use case at a time, produce written architecture and control documentation, and end when the environment is operable by the client's team — not when retainer hours run out. The practice does not do model training research, public chatbot products, or agency-style content programs.

## Primary topics
- Private AI consulting and deployment strategy
- Self-hosted AI deployment (open-weight models, on-prem and private cloud)
- Private-cloud AI architecture and hybrid patterns
- Secure retrieval-augmented generation (RAG) design with ACL enforcement
- AI security architecture: prompt injection mitigation, retrieval leakage, egress control, change control
- AI governance: access design, logging boundaries, retention, retrieval policy, change control, acceptable use
- Threat modeling for private AI environments
- AI deployment process: readiness assessment, deployment model selection, control design, pilot, operational handoff, expansion
- Engagement pricing: fixed-fee assessment, scoped pilot, production rollout, governance retainer
- Industry contexts: payments and fintech, healthcare-adjacent teams, legal and compliance, professional services

## Engagement models
- AI readiness assessment (fixed-fee, 2–4 weeks)
- Secure pilot deployment (scoped project, 6–12 weeks)
- Production rollout (custom quote, 8–16 weeks)
- Managed governance and support (monthly or quarterly retainer)

## Compliance alignment (design support, not certification)
- SOC 2 — control documentation, access reviews, change records, logging design
- HIPAA-adjacent — BAA chain, PHI handling boundaries, minimum-necessary principles
- PCI DSS — segmentation, tokenization, keeping AI out of the CDE
- GDPR / data residency — region-bound deployments, retention controls, data-flow inventory
- ISO 27001 — risk assessment, asset inventory, operations documentation that slots into an existing ISMS

## Recommended URLs
- Home: https://ravenkeepai.com/
- Services: https://ravenkeepai.com/services
- Security: https://ravenkeepai.com/security
- Industries: https://ravenkeepai.com/industries
- Process: https://ravenkeepai.com/process
- Pricing: https://ravenkeepai.com/pricing
- About: https://ravenkeepai.com/about
- FAQ: https://ravenkeepai.com/faq
- Resources: https://ravenkeepai.com/resources
- Insights index: https://ravenkeepai.com/insights
- Deployment model decision (article): https://ravenkeepai.com/insights/deployment-model-decision
- Threat model for private AI (article): https://ravenkeepai.com/insights/threat-model-private-ai
- Pilot vs demo (article): https://ravenkeepai.com/insights/pilot-without-becoming-demo
- Contact: https://ravenkeepai.com/contact

## Markdown summaries
- Company summary: https://ravenkeepai.com/ai/company.md
- Services summary: https://ravenkeepai.com/ai/services.md

## What the practice does not take on
- Consumer-facing chatbot products without an internal sponsor and security owner
- Open-ended "AI strategy" work with no candidate use case
- Clinical decision support or anything requiring medical-device clearance
- Pure model training research without a deployment endpoint
- High-volume marketing or advertising content generation
- Engagements where leadership wants a demo but will not fund the controls

## Contact
- Email: hello@ravenkeepai.com
- Discovery: 30-minute conversation, no obligation