FT.SECPERIMETER_SCAN_v1
SCAN_INIT // AI-Era Security Posture Review

RIGHT NOW,
SOMEONE IS
SCANNING YOU.

// The scan never stops. We map your exposure before they do.

AI changed who's at the door. We map your real exposure, fix the quick wins on the spot, and hand you a 90-day hardening playbook your team can execute.

ft-sec // live.scan
> ft-sec scan --perimeter --depth=full

[■■■■■■■■■■] public_surfaces.......47 found
[■■■■■■■■■■] oauth_grants..........34 active
[■■■■■■■■■■] dependencies..........847 scanned
[■■■■■■■■■■] ai_workflows..........6 flagged

┌───────────────────────────────────────┐
│ EXPOSURE SURFACES            94 TOTAL │
├───────────────────────────────────────┤
│  critical   03   fix within 24h    │
│  high       07   fix within 1 week │
│  medium     23   quick-win queue   │
│  low        61   90-day playbook   │
└───────────────────────────────────────┘

 attack surface map ready.
SCAN_01 // Threat Environment

The threat model shifted.

We focus on the 20% of hardening that closes 80% of your real exposure — the fixes that actually move risk, not the ones that look good in a report.

DeprecatedTHEN // pre-2024
  • xVulnerability research was expensive, slow, and skill-gated
  • xAttackers scanned narrowly — specific CVEs, named targets
  • xPatch windows of weeks were tolerable
  • xYou were too small to be worth targeting at scale
  • x2FA + strong passwords was a meaningful perimeter
Active Threat Model //
LiveNOW // 2026+
  • AI tooling has collapsed the cost and skill floor of discovery
  • Attackers scan broadly — every surface, continuously
  • Patch windows have compressed from weeks to days
  • You're in scope because the cost of attacking you approaches zero
  • Identity, integration, and supply chain are the new perimeter
SIG
NOISE
SCAN_02 // Signal vs Noise

The headlines are loud. Most of them won't change how you operate.

AI security news is breaking weekly. Fear follows the news cycle. Your posture shouldn't. Here's what's actually showing up in the wire — and what each one means for an operator, translated out of the jargon.

Fortune — Anthropic acknowledges testing new AI model representing "step change" in capabilities, after accidental data leak reveals its existence.
FortuneMar 26, 2026

The capability is real. The access is already leaking. Two defender assumptions fell in one news cycle.

Read source ↗
Scientific American — What is Mythos, Anthropic's unreleased AI model, and how worried should we be?
Scientific AmericanApr 17, 2026

Experts disagree on the severity. Panic isn't the move — moving faster than the news cycle is.

Read source ↗
Infosecurity Magazine — AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure.
Infosecurity MagazineMar 18, 2026

Patch windows collapsed from weeks to hours. Your cadence was built for the old clock.

Read source ↗
Signal Extracted //

Fear doesn't make you safer. A map does.

Every headline above collapses into three questions about your stack. If you can answer them, the news cycle is noise. If you can't, it's your calendar for the next six months.

We built this review so operators without a CISO can answer all three — in three weeks, for what a week of Big 4 consulting costs.

  1. 01

    Is this surface live on our stack?

  2. 02

    Is it in our patch cadence?

  3. 03

    Can we close it before they reach it?

↳ your three options
OPT_01 // internal team

Hire a security lead.

$400K+/yr loaded. 6+ months to operational. Right answer at 500+ headcount.

OPT_02 // big 4 firm

Engage a top-tier consultancy.

$100K+ engagements. Compliance-shaped output. Right answer if the deliverable is a SOC 2 report.

OPT_03 // foxtrove

Run a 3-week posture review.

$12–18K. Fixes shipped in-engagement. Playbook your team owns. Right answer for everyone in between.

// Between “no security program” and “full CISO function” there was no good option. That's the gap this review was built for.

SCAN_03 // Fit Assessment

Who this is for.

Mid-market operators ($5M–$100M) running on SaaS, custom apps, and integrations — without a dedicated security team or CISO.

ICP_MATCH
>= 4 / 5
MATCH // engage
  • 01Run on Google Workspace or M365 plus a dozen or more SaaS tools
  • 02Have custom apps, internal automations, or AI workflows touching customer or financial data
  • 03Integrate with third parties via API keys, OAuth, or webhooks
  • 04Haven’t had a security review in 18 months — or ever
  • 05Know you have “some posture” but can’t describe your actual attack surface
NO_MATCH // refer out
  • 01Already have a full security team and formal program (SOC 2 Type II, ISO 27001 maturity)
  • 02Need compliance certification as the primary deliverable
  • 03Want a pen test only — we’re strategic and advisory, not offensive security
  • 04Operate under HIPAA with active PHI breach history, or PCI-DSS Level 1
SCAN_04 // Engagement Protocol

21 DAYS.

Three focused weeks. Runs in parallel with Audit + Playbook when bundled. Integrated deliverables at handoff.

01
WK_01DISCOVERY

Attack Surface Mapping

  • 3–5 stakeholder interviews
  • Read-only access to Workspace/M365, SaaS admin, code repos, cloud infra
  • Automated scan: public assets, DNS, certificates
  • Inventory: OAuth grants, API keys, service accounts, integrations
  • Data flow mapping
OUTPUT

Attack Surface Map

02
WK_02REMEDIATION

Assessment & Quick Wins

  • Risk prioritization (likelihood × business impact)
  • FIDO2 hardware key enrollment, up to 5 admin users
  • OAuth audit + dormant API key cleanup
  • Dependabot on up to 3 code repos
  • AI-specific risk review: prompt injection, LLM data leakage
OUTPUT

Quick Wins Report

03
WK_03HANDOFF

Playbook & Training

  • 90-day hardening playbook, sequenced by impact
  • Vendor recommendations (MDM, monitoring, specialist firms)
  • Incident response starter plan
  • 60-minute leadership training session
  • 30 / 60-day check-ins (bundle only; +$2K standalone)
OUTPUT

90-Day Playbook + Exec Summary

SCAN_05 // Engagement Vectors

Three ways in.

Snapshot to pressure-test your exposure. Full review to harden your posture. Bundle with an Audit + Playbook for the best economics.

Tier_01Light Audit

Security Snapshot

$3Kadd-on to Assessment

3–5 business days. Lightweight pressure-test of your external exposure. For operators who want a read on posture before committing to a full review.

  • Automated scan of public-facing assets, DNS, certificates
  • OAuth grant and API key inventory
  • 1-hour findings call with written summary
  • Not included: remediation, 90-day playbook
Request Snapshot
Smart Default //
Tier_02Full Audit

Full Review — Bundled

+$12Kwith Audit + Playbook

33% off standalone — shared discovery, integrated playbook

3 weeks, runs in parallel with your Audit + Playbook. One discovery pass, one combined playbook covering operations and security.

  • Attack Surface Map + Quick Wins Report
  • 90-Day Hardening Playbook, integrated with operations playbook
  • 60-minute leadership training + 2-page executive summary
  • 30- and 60-day check-ins included
Book Discovery Call
Tier_03Full Audit

Full Review — Standalone

$18K3 weeks

The full review without a broader operations engagement. For operators who specifically want to address posture now.

  • Attack Surface Map + Quick Wins Report
  • 90-Day Hardening Playbook
  • 60-minute leadership training + executive summary
  • 30/60-day check-ins optional (+$2K)
Book Discovery Call

Pricing adjusts for scope: smaller environments may price at the floor, complex stacks (>20 SaaS, multiple custom apps) at the ceiling.

SCAN_06 // Out-Of-Scope

What this isn't.

Clarity here protects the engagement and sets expectations. If any of these are what you need, we'll say so upfront and point you to the right kind of firm.

NOT_INCL_01

Penetration testing

We identify surfaces and misconfigurations. We don’t actively exploit them. Refer to specialist shops.

NOT_INCL_02

Compliance certification

We align recommendations with SOC 2 / HIPAA / PCI where relevant. We don’t deliver the certification itself.

NOT_INCL_03

Ongoing monitoring / SOC services

We recommend, we don’t operate. We’ll name the vendors worth talking to.

NOT_INCL_04

Full remediation

Light remediation is included. Heavy remediation (custom code hardening, infrastructure re-architecture) is a separate Build engagement.

NOT_INCL_05

Legal or forensic investigation

If you’re actively breached, call an IR firm first, then us.

SCAN_07 // Objection Handling

Questions worth asking.

Q_01

How is this different from a penetration test?

A pen test actively exploits weaknesses to prove they exist. We map the exposed surface, prioritize by business impact, and fix the quick wins while we’re there. If you need active exploitation, we’ll refer you to a specialist shop — often as the next step after this review.

Q_02

Do we need to be technical to work with you?

No. We interview the founder or operations lead. Where deeper technical access is needed, we work with your IT lead or MSP. Findings are written for operators, not security engineers.

Q_03

What access will you need to our systems?

Read-only where possible. Workspace/M365 admin, primary SaaS admin, code repos, cloud console. We scope access per system, document what we touch, and remove credentials at handoff.

Q_04

What if you find something critical during discovery?

We pause discovery, escalate to your leadership the same day, and either fix it in place (if in scope) or connect you with an incident response firm if it’s active. Criticals don’t wait for Week 3.

Q_05

How do you handle our data and findings during the engagement?

Findings live in an encrypted shared workspace scoped to you. Raw credentials and access tokens never leave your environment. At handoff, the working workspace is archived; you keep the deliverables.

Q_06

Will this help us with SOC 2 or other compliance?

Indirectly. We flag which findings map to common SOC 2 / HIPAA / PCI controls so your compliance partner has a head start. We don’t deliver certification.

Q_07

What happens after the 90-day playbook?

You own the playbook — execute with your team, your MSP, or anyone you choose. Optional check-ins keep momentum. Deeper remediation rolls into a Build engagement if you want us to execute.

Q_08

Can you work with our existing IT provider or MSP?

Yes. We coordinate with your MSP from Week 1. The playbook is written to be executable by a competent IT partner, not just by us.

ACQUIRING TARGET

MAP THE EXPOSURE.

30 minutes. We'll talk about your stack, where you think the gaps are, and which of the three engagements makes sense. No pitch. Just a conversation.

Book A Discovery Call