We help engineering, legal, and product teams reduce risk and unblock shipping. Our work sits at the seam between law and systems: AI governance, model and data licensing, open source strategy, and the day‑to‑day mechanics that make good processes stick.
Process Mechanics
Practical counsel for AI & Open Source
What we do
AI Governance
Organizations deploying AI systems face increasing regulatory pressure and technical complexity. We help build systematic approaches to AI risk assessment and compliance.
What we do:
- Develop AI risk assessment frameworks aligned with regulations like the EU AI Act
- Map regulatory requirements to technical controls and evidence collection
- Implement policy automation using Open Policy Agent and similar tools
- Design AI system documentation and validation workflows
- Advise on model versioning, training data governance, and deployment controls
Our CORE Framework provides a structured approach to analyzing AI systems across four dimensions: Components (what makes up the system), Operations (what it does), Resources (what it needs), and Execution (how it runs). This framework helps organizations identify risks systematically rather than ad-hoc.
We focus on making governance practical. That means integrating policy gates into existing development workflows, automating evidence collection, and building systems that scale with your organization.
Open Source
Open source powers modern software development, but it creates compliance obligations and strategic questions. We help organizations manage both.
What we do:
- Advise on open source strategy and license selection
- Build and audit Open Source Program Offices (OSPOs)
- Resolve licensing conflicts and compliance issues
- Draft contribution policies and community governance documents
- Analyze AI model licenses and data licensing questions
- Conduct supply chain risk assessments for open source dependencies
Our work through OSPOCO includes helping companies establish mature open source practices, from basic compliance scanning to strategic decisions about releasing internal projects as open source.
We've been involved in open source licensing at every level, from drafting licenses (like the Cryptographic Autonomy License) to advising on complex licensing questions around AI models and distributed systems.
Products & collaborations
Model Monster Corporate AI liability management. We use it with clients to turn system designs into risk reports and reusable evidence.
OSPOCO Open Source Program Office, as‑a‑service. We partner on policy, automation, and community strategy.