VOL. 01 / EST. 2026 ● TAKING NEW ENGAGEMENTS — Q2 ’26 DENVER — REMOTE

Security
that answers
to conscience.

— What we do

Agnethos audits the technology your organization builds, deploys, and depends on — against a rigorous standard for security, privacy, and ethical impact. Compliance is the floor. We map the ceiling.

Book a discovery call Read the framework
FIG. 01 — TOPOGRAPHIC SURVEY OF THE STANDARD N ↑   39.5°N / 104.7°W SUMMIT — THE STANDARD BASELINE — REGULATORY MINIMUM
NIST 800-53 REV 5 CMMC 2.0 RMF ISO 27001 SOC 2 ETHICAL IMPACT REVIEW PRIVACY-BY-DESIGN THREAT MODELING SUPPLY-CHAIN ATTESTATION NIST 800-53 REV 5 CMMC 2.0 RMF ISO 27001 SOC 2 ETHICAL IMPACT REVIEW PRIVACY-BY-DESIGN THREAT MODELING SUPPLY-CHAIN ATTESTATION
SECTION 01
SERVICES

Five disciplines.
One standard.

01.
Compliance Audits
End-to-end NIST 800-53, RMF, and CMMC assessments for cleared and commercial environments. Gap analysis, SSP authoring, POA&M remediation, and ATO support — delivered by practitioners who have built the controls they audit.
Engagements4–12 weeks
02.
Security Architecture Review
Threat modeling, zero-trust assessment, and detection-engineering review for cloud, hybrid, and on-prem stacks. Pragmatic findings — ranked by exploitability, not just CVSS.
DeliverablesFindings + roadmap
03.
Ethical Impact Assessment
For products that touch user data, behavior, or autonomy. We grade the system against the Agnethos framework — privacy, consent, transparency, harm-vector exposure — and produce an evidence-backed scorecard.
OutputPublic or internal grade
04.
Vendor & Supply-Chain Diligence
Pre-acquisition and pre-integration review of third-party tooling. Where does this vendor sit on the security and ethics spectrum, and what does adopting them say about your organization?
FormatPer-vendor brief
05.
Fractional vCISO & Advisory
Recurring strategic engagement for founders, GCs, and security leaders who need a senior practitioner — not a vendor — in the room when decisions are made.
CadenceMonthly retainer
SECTION 02
THE ETHICS LAB

Public scorecards.
Receipts attached.

FILE — 2026.04A-014

Productivity Suite, Cloud-Native

Sample assessment — anonymized.
PrivacyB+
ConsentC
TransparencyB
Security PostureA−
Harm VectorsB
B
OVERALL — Meets the standard with reservations
FILE — 2026.03A-009

Generative AI Vendor, Enterprise Tier

Sample assessment — anonymized.
PrivacyD+
ConsentD
TransparencyC−
Security PostureB
Harm VectorsF
D
OVERALL — Falls below the standard
FILE — 2026.02A-002

Privacy-First Messaging Platform

Sample assessment — anonymized.
PrivacyA
ConsentA−
TransparencyA
Security PostureA
Harm VectorsB+
A
OVERALL — Elevates the standard
SECTION 03
THE FRAMEWORK

Five pillars.
Weighted, defensible, public.

I.

Privacy

Data minimization, purpose limitation, retention discipline, and the existence of meaningful user control over collected information.

Weight — 25%
II.

Consent

Whether consent is informed, granular, revocable, and uncoerced — or whether it is a dark pattern dressed in checkbox clothes.

Weight — 20%
III.

Transparency

Public documentation of data flows, model behavior, third-party integrations, and incident history. What you hide is what you fear.

Weight — 15%
IV.

Security Posture

Concrete controls measured against established frameworks. The technical floor — without which the other pillars cannot stand.

Weight — 20%
V.

Harm Vectors

The downside surface — discrimination, manipulation, surveillance, autonomy erosion. The questions ethics committees should already be asking.

Weight — 20%
— A note from the founder
Most security work asks “is it compliant?” The better question — and the harder one — is “is it defensible?” Not in court. In conscience. Agnethos exists to answer the second question with the same rigor the industry brings to the first.
Founder, Agnethos  /  CISSP  /  Philosopher by training

Bring us the
system nobody else
will grade.

Discovery calls are 30 minutes, free of charge, and result in a one-page scoping memo whether or not we end up working together.

hello@agnethos.com