Evidence — The Receipts for AQ Score™¶
These are the receipts that ground the standard. The standard itself — the Five Laws of AI Governance and the five-property test for an independent measurement authority — is published in the Foundational Framework.
Operating evidence leadership can use.
Active policy enforcement across 10 compliance frameworks in the runtime control module.
Three NIST OLIR Concept Crosswalks cataloged: AI RMF 1.0 (Ref ID 220), CSF 2.0 (Ref ID 215), SP 800-53 Rev 5.2.0 (Ref ID 217).
Measured internally on the governed execution framework production build through governed model selection — routing tasks to the right model tier instead of defaulting to the most expensive. See methodology.
Modeled (not client-measured) for a representative mid-market enterprise operating 50+ governed agent workflows. Based on production cost data from governed model selection. See methodology.
Measured internally on the governed execution framework production build. Share of agent tasks routed to local inference models, eliminating per-call cost. See methodology.
Anonymized engagement outcomes.
Client identifiers are protected. Outcomes and scope are representative of the type of governance work the firm delivers. References available under NDA for qualified buyers — request during the readiness assessment.
HIPAA + SOC 2 Readiness
Identified 12 control gaps across a healthcare MSP’s compliance posture. Delivered a prioritized 90-day remediation roadmap. Client achieved audit-ready status within the remediation window.
PCI-DSS Endpoint Hardening
Mapped 47 controls to CIS benchmarks for a financial services SMB. Delivered complete endpoint hardening with audit-ready evidence pack in under 48 hours.
Production Infrastructure Security
Built and maintained IT security infrastructure for a production organization over 7 years. Implemented CIS Controls v8 (IG1-IG2) mapped to NIST CSF and SOC 2. Remediated 15,000+ vulnerabilities across production systems.
Patent-backed governance architecture, positioned for buyer evaluation rather than disclosure theater.
Patent-Pending Governance System
The underlying governance system is covered by U.S. Provisional Patent Application Nos. 64/029,300 (filed April 4, 2026), 64/049,300 (filed April 25, 2026), 64/067,427 (filed May 16, 2026), 64/069,200 (filed May 19, 2026), and 64/076,620 (filed May 28, 2026) — 45 patent families, 334 total claims across five provisionals.
Production Governance Posture
Supported by multi-layer policy enforcement, deny-all-default execution logic, governed model selection, and risk-tier classification for agent actions.
Compliance Translation Layer
Maps operating architecture into language risk, compliance, procurement, and executive stakeholders can actually use.
- —multi-layer policy enforcement pipeline
- —deny-all-default execution logic
- —risk-tier classification for agent actions
- —governed model selection
- —compliance mappings across 17 frameworks
- —15 active certifications
- —Career Air Force veteran
- —Former CEO of a drone logistics company
- —WGU B.S. Cybersecurity and Information Assurance completed
- —M.S. Cybersecurity in progress
Governance claims are easy to make. Evidence is harder.
If you are evaluating AI governance support, the real question is whether the advisor has named the problem clearly, built a system that addresses it, and can translate it into a defensible operating model for your environment.
AAM Cyber's proof set combines measured operating outcomes, compliance structure, and patent-backed design into a format leadership can actually use.
Review Services Browse the Framework Crosswalk Catalog Review The Methodology Contact
Methodology and Measurement Disclosure¶
The numbers presented above are derived from internal benchmarking of the governed execution framework production build and modeled projections, not from third-party-audited client deployments. Buyers evaluating this work should read these numbers in the spirit they are intended: as engineering benchmarks of the system's design, not as warranties of identical outcomes in any specific deployment.
75.3% token cost reduction — Measured on the governed execution framework MCP production build by comparing the cost of executing a representative agent workload (a) without governed model selection (every task routed to the highest-tier commercial model) against (b) with governed model selection (R1/R2/R3 risk-tier dispatch routing tasks to the appropriate model tier — C1 local inference, C2 mid-tier commercial, C3 highest-tier commercial). The 75.3% figure represents the reduction in aggregate token-billing cost across the workload under the governed-dispatch configuration. Single-build benchmark, not multi-tenant production data.
53% zero-marginal tasks — On the same governed execution framework production build benchmark, the share of agent tasks classified at R1 (low-risk, C1 dispatch eligible) and routed to local inference models that incur no per-call commercial cost. Single-build benchmark; the ratio in any given deployment depends on workload composition.
$960K projected annual savings — Modeled, not client-measured. Projection for a representative mid-market enterprise operating 50+ governed agent workflows at typical commercial-AI token-consumption rates, applying the 75.3% reduction figure above. This number is illustrative of what governed model selection can be expected to deliver at that scale — it is not a measured outcome from any specific client deployment.
95 runtime enforcement mappings — Active compliance control mappings in the governed execution framework MCP production build, across 10 of the 17 frameworks documented in the governed execution framework Reference Library. Build artifact; can be verified against the deployed module.
NIST OLIR Trifecta — Final — Three Concept Crosswalks listed in the NIST OLIR catalog: AI RMF 1.0 (Reference ID 220, Final), CSF 2.0 (Reference ID 215, Final), and SP 800-53 Rev 5.2.0 (Reference ID 217, Final). All three are Final Informative References (public review concluded 2026-06-22 with zero comments). Catalog inclusion is an informative reference, not a NIST endorsement.
Engagement outcomes (Healthcare, Financial Services, Enterprise blocks above) — Representative scope and outcome patterns from prior governance work delivered under standard consulting confidentiality. Client identifiers are protected. References available under NDA for qualified buyers.
If you need the underlying benchmark data, raw cost-trace logs, or the governed execution framework build version against which the 75.3% / 53% figures were measured, request it during a readiness assessment and it can be shared under NDA.