Sold by: Kriv AI
Kriv AI authors a production-ready GenAI incident response playbook and runs live tabletop exercises for regulated enterprises (healthcare payers, hospital systems, pharma, banks, insurers, broker-dealers). Integrated with NIST 800-61r2 + NIST AI RMF GenAI Profile Manage 4.1 + SANS PICERL + MITRE ATLAS + OWASP LLM Top 10 v2 + CISA AI IR + HITRUST CSF v11.3 AI overlay + ISO/IEC 27035. 15-scenario GenAI library (prompt injection, shadow-AI paste, vendor breach cascade, Bedrock guardrail bypass, agentic misbehavior, deepfake wire fraud, model poisoning, MCP vulnerability, A2A unauthorized action). Regulator notification timing ladder (HHS OCR 60-day, SEC Item 1.05 4-business-day, NYDFS §500.17 72-hour, FINRA 4530, EU AI Act Art 73). Three tiers: $45K Foundation (3 wks + 1 tabletop) / $75K Standard (4 wks + 2 tabletops + vendor-cascade runbook) / $125K Enterprise (5 wks + 3 tabletops + board + regulator simulation). +$20K per extra tabletop. AWS Select + CPN.
Overview
No AWS Marketplace PS listing today offers a combined GenAI IR playbook + tabletop SKU for regulated enterprises. Big 4 delivers it at $150K–$1M off-Marketplace; Mandiant / Unit 42 / CrowdStrike / Kroll deliver tabletops $50K–$400K off-Marketplace. Kriv AI is first with a Marketplace-transactable, regulated-industry-anchored, NIST AI RMF + MITRE ATLAS + OWASP LLM Top 10 v2 + CISA AI IR integrated, Anthropic CPN-certified playbook-plus-tabletop SKU.
CISOs, Deputy CISOs, Heads of IR, CCOs, CROs, CPOs, GCs, and Heads of GRC + TPRM at top-50 health payers, top-100 hospital systems / IDNs, top-25 pharma + CROs, G-SIB + regional banks, top-50 P&C + life insurers, FINRA broker-dealers, SEC RIAs, '40 Act mutual funds, PE + hedge funds, credit unions, and mutual insurers face the same obligation: existing IR playbooks predate GenAI entirely, existing tabletops have never rehearsed AI scenarios, and regulator examinations (HHS OCR, FINRA 2025–2026, NYDFS, SEC, state DOIs) now ask whether covered entities have rehearsed AI incidents. NIST SP 800-61r2 is foundational but AI-silent. NIST AI RMF GenAI Profile Manage 4.1 calls for AI incident response. MITRE ATLAS catalogs adversarial AI TTPs. OWASP LLM Top 10 v2 lists 10 vulnerability classes. SEC Item 1.05 (4 business days), NYDFS §500.17 (72-hour), HIPAA §164.400–414 (60-day), and EU AI Act Article 73 (serious incident reporting Aug 2026) extend to AI.
Engagement scope (3–5 weeks). Week 1 Current-state + scenario library (review existing IR playbook against NIST 800-61r2 PICERL; map to MITRE ATLAS; cross-reference NIST AI RMF Manage 4.1; build scenario library from N43 + vendor AI inventory). Week 2 Playbook authoring (per scenario: detection signals — CloudTrail Bedrock InvokeModel, Guardrails violations, SIEM correlation, DLP alerts; triage decision tree; containment — API key revocation, Guardrail tightening, agent kill-switch, MCP isolation; eradication — model rollback, prompt filter updates, fine-tuned model retraining; recovery; lessons learned). Week 3 Tabletop #1 (90-min facilitator-led, 3 escalating injects; CISO / CIO / Privacy / Legal / Comms / CFO / CEO observer; after-action report with CMM 1–5) — Foundation closes. Week 4 Standard — Vendor-breach cascade + Tabletop #2 (third-party AI vendor breach; TPRM cascade; Customer-facing statement). Week 5 Enterprise — Executive + Board + Regulator simulation (mock HHS OCR / SEC 8-K / NYDFS §500.17 / FINRA 4530 drill with external counsel dial-in; board-ready deliverable).
15-scenario GenAI library. Shadow-AI PHI/NPI/MNPI paste; vendor GenAI breach cascade; Bedrock Guardrails bypass; agentic AI misbehavior; prompt injection (direct + indirect RAG); model poisoning; deepfake CEO wire fraud (BEC 2.0); deepfake executive for M&A/IR; third-party AI supplier cascade; MCP server vulnerability; A2A unauthorized action; fine-tuned model weight leak; training-data PII leak (membership inference); public jailbreak.
Three tiers. Foundation $45K (3 weeks; 10-scenario playbook + 1 vertical-specific tabletop; HIPAA OR GLBA OR NYDFS OR SR 11-7; CMM 1–5 scorecard). Standard $75K (4 weeks; 15-scenario playbook + Tabletop #2 vendor-cascade + TPRM cascade + regulator notification templates HHS OCR / SEC 8-K / NYDFS / FINRA; full HIPAA + GLBA + NYDFS + SR 11-7 + SOC 2). Enterprise $125K (5 weeks; Standard + Tabletop #3 executive + board + regulator-simulation with external counsel + board-ready deliverable + 12-month review option; framework suite incl. ISO 27001 + HITRUST + EU AI Act Art. 73 + EU NIS2 + CCPA + 50-state). Additional tabletop $20K each.
Regulator notification timing ladder. HHS OCR §164.400–414 60-day; SEC Item 1.05 4 business days from materiality; NYDFS §500.17 72-hour; FINRA Rule 4530; GLBA §314.4(h); CCPA/CPRA; 50-state variations; EU NIS2 tiered 24/72-hour/1-month; EU AI Act Article 73; CISA voluntary.
Important disclosures. Kriv is NOT an IR retainer. If Customer has active incident, route to Mandiant / Unit 42 / Kroll / CrowdStrike / Arete. Kriv authors playbooks and runs tabletops — does not respond to live incidents. No legal advice (Customer counsel retains all notification + materiality determinations + privileged communications). External counsel recommended for Standard / Enterprise tabletops. Does NOT replace HHS OCR Risk Analysis, FINRA WSP, NYDFS §500.02, SOC 2 Type II audit, ISO 27001, HITRUST. Does NOT displace existing IR retainer — coordinates, not replaces. Does NOT make regulator notifications on Customer's behalf. No CMM maturity-score guarantee. No regulator-penalty-mitigation outcome guarantee. Tabletop discussions attorney-client privileged when external counsel dials in. Anthropic CPN membership (April 9, 2026) — CPN partner, not Anthropic-authorized reseller.
Highlights
- First regulated-industry GenAI IR playbook + tabletop SKU on AWS Marketplace — NIST 800-61r2 + NIST AI RMF GenAI Profile Manage 4.1 + SANS PICERL + MITRE ATLAS + OWASP LLM Top 10 v2 + CISA AI IR + HITRUST CSF v11.3 AI overlay + ISO/IEC 27035 integrated. Big 4 charges $150K–$1M; Mandiant / Unit 42 / CrowdStrike tabletops $50K–$400K off-Marketplace. Kriv is first Marketplace-transactable at $45K–$125K. 6–12 month first-mover window.
- 15-scenario GenAI library: shadow-AI PHI/NPI/MNPI paste, vendor GenAI breach cascade, Bedrock Guardrails bypass, agentic misbehavior, prompt injection (direct + indirect RAG poisoning), model poisoning, deepfake CEO voice/video wire fraud (BEC 2.0), MCP server vulnerability, A2A unauthorized action, fine-tuned model weight leak, training-data PII leak, public jailbreak. CMM 1–5 maturity scorecard. After-action report. Detection signals tied to CloudTrail + Guardrails + SIEM + DLP.
- Regulator notification timing ladder: HHS OCR 60-day (§164.400–414), SEC Item 1.05 4-business-day, NYDFS Part 500 §500.17 72-hour, FINRA Rule 4530, GLBA §314.4(h), CCPA/CPRA, 50-state variations, EU NIS2 24/72-hour/1-month tiered, EU AI Act Article 73 serious-incident reporting, CISA voluntary. $45K (3 wks / 1 TTX) / $75K (4 wks / 2 TTX / vendor-cascade) / $125K (5 wks / 3 TTX / board + regulator sim with external counsel dial-in). +$20K extra TTX.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary support contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. 2 US business days (Mon–Fri 9 am – 6 pm ET). Standard 1 business day. Enterprise 4-hour response for tabletop or active-engagement escalation. Active-incident responders: route to retained IR firm (Mandiant / Unit 42 / Kroll / CrowdStrike / Arete); Kriv is playbook + tabletop only, not IR retainer.
Engagement onboarding. First contact within 2 US business days of marketplace inquiry / private-offer acceptance. Kickoff within 2–4 weeks of SOW.
Escalation path. Engagement Lead (named in SOW) → Practice Director (info@kriv.ai ) → CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Teams channel, weekly 60-min checkpoint, Friday status note. Customer SMEs 3–5 hrs/week (CISO, Deputy CISO, Head of IR, CCO, CRO, CPO, GC, Head of GRC, Privacy Counsel, Comms, Regulatory Affairs, TPRM, BCP/DR Lead, existing IR-retainer firm — coordinate not displace).
Documentation handoff. Master GenAI IR Playbook as PDF + editable Word signed off by CISO + CCO + GC + CRO; scenario-specific runbooks; vendor-breach cascade diagram (Standard / Enterprise); regulator notification ladder with filing templates (HHS OCR, SEC 8-K, NYDFS §500.17, FINRA 4530) as Word; communications templates as Word; executive briefing + board-ready deliverable (Enterprise) as PowerPoint; CMM 1–5 scorecard as Excel; tabletop after-action report as Word + PDF.
Boundaries. NOT IR retainer — playbook + TTX only. No legal advice. Does NOT replace HHS OCR Risk Analysis, FINRA WSP, NYDFS §500.02, SOC 2, ISO 27001, or HITRUST audit. Does NOT displace existing retainer. Does NOT make regulator filings. No CMM-score or regulator-penalty-mitigation guarantee. AWS infrastructure billed separately.
Hours / holiday coverage. Mon–Fri 9 am – 6 pm ET. Closed on US federal holidays except Enterprise-tier 4-hour SLA for active-engagement escalation.