In 14 days I map the AI tools your workforce has adopted, classify the data exposure, and give you a sanctioning pathway for what is working and governance for the rest. The frame is constructive, legitimize what works, contain what does not.
Tiago Ferreira, Founder. Two Master's in cyberpsychology and digital transformation leadership. Federal government and startup background. Built for mid-market healthcare and insurance.
Over 80 percent of employees use AI tools at work that have not been formally approved, and the rate runs around 57 percent in healthcare specifically. That is not a workforce problem to be punished. It is a workforce that is solving real workflow gaps with the tools they can find, and the policy environment has not caught up to what they are doing. The AI Footprint Map honors that reality and works with it rather than against it.
The exposure is real. IBM's 2026 Cost of a Data Breach report shows organizations with unmanaged AI tool use face an average of $670,000 in excess breach costs versus peers with governed environments. When clinical or claims data is pasted into a public LLM, it can constitute a HIPAA violation or a proprietary data leak that an NAIC examiner can document during a routine market conduct review. The fix is not a punitive crackdown that drives the use further underground. It is a clear-eyed map of what is happening and a sanctioning pathway that gives your team safer ways to do the work they are already trying to do.
A consolidated artifact that combines the technical, behavioral, and regulatory pictures into one defensible deliverable, with a clear path forward for both the tools your team is already using well and the ones that need governance attention.
Kickoff session with your IT and compliance leads, network and endpoint scan setup, and behavioral survey distribution to selected workforce segments. The first phase is mostly your team's IT pulling logs and granting limited read access.
I work the data offsite, cross-referencing tool use with sensitive-data flows, classifying exposure against your specific regulatory environment, and surfacing the patterns where workforce behavior diverges from policy. Most of the labor sits here.
One 60-minute readout with leadership where I walk through the inventory, the sanctioning pathway, the containment plan, and the governance roadmap. The artifacts are yours to keep regardless of what comes after.
The AI Footprint Map is a focused entry point sized for VP and Director-level discretionary spend. If your immediate question is what AI tools your team is actually using and how to legitimize the right ones, this is the right scope. If you also need full governance frameworks, AUPs, vendor risk, ROI mapping, and regulatory checklists in the same engagement, the $7,500 AI Readiness Sprint is the better path. Your Footprint Map readout will surface whether the Sprint or a Fractional CAIO retainer makes sense afterward.
No, and that is a deliberate design choice. The framing is constructive: your team has been getting work done with the tools they could find, and the goal is to legitimize what is working and put governance around the rest. The behavioral survey is anonymous, designed to surface workflow gaps your team is solving for, and the deliverable distinguishes "sanction this" from "replace this" rather than producing a list of names. Cyberpsychology research on disclosure under organizational scrutiny informs how the entire engagement is built.
No. The discovery uses read-only log analysis on your existing telemetry, in partnership with your IT team. There is no active network probing or endpoint installation. Your IT team controls what is in scope and the scan can be paused or narrowed at any point.
No. The assessment looks at metadata about tool usage and data flows, not the underlying records. Your IT and compliance teams remain the only people with access to the actual sensitive data.
For each AI tool your team is using productively, the deliverable identifies what would need to be true for it to become a formally approved tool: data residency posture, vendor contract terms, AUP language, training requirements, and governance committee sign-off. The buyer ends the engagement with a list of tools that can be sanctioned (and the path to do it), tools that need contract or contract-clause adjustments before sanctioning, and tools that should be replaced with safer approved alternatives.
Tiago Ferreira directly. The Footprint Map is not staffed out to associates, and you work with the same person from kickoff through readout.
$4,900 · 7 to 10 days. Maps your AI controls against the NAIC AI Systems Evaluation Tool now in 12-state market conduct examinations. Red, Yellow, Green scorecard plus a sequenced remediation plan. Best fit for insurance compliance, risk, and general counsel teams.
Learn more →$4,900 · 10 days. The three foundational governance artifacts: Governance Committee Charter, AI Acceptable Use Policy, and Vendor Risk Framework. Built to survive regulatory review and shaped so your workforce will actually use them.
Learn more →Two weeks to a defensible inventory, a behavioral picture, a sanctioning pathway, and governance for the rest. $3,500 fixed price, no retainer required.