For MSPs, MSSPs, vCISOs, and CMMC/NIST consultants: Mejepa hands you the auditor-ready packet for every AI-assisted ticket, policy draft, compliance memo, and client report — without ripping out your existing security stack.
Copilot, ChatGPT, ticketing AI, AI-generated policies, AI-written compliance evidence, AI executive summaries, AI-assisted remediation notes. Your clients use them. You sign off on what comes out.
For two decades, the channel's product was liability defense. The audit landed. You handed the assessor a clean evidence packet. The client renewed. Your insurance carrier didn't call.
AI broke that. Your clients deployed Microsoft Copilot in finance. Their helpdesk runs an LLM that drafts replies and closes tickets unattended. Their compliance officer is generating SSP narratives in ChatGPT. None of it has a signed record. When the next CMMC assessor, NIST auditor, or cyber-insurance underwriter asks "how do you know the AI didn't invent, leak, or misstate something?" — most providers have nothing.
That is the burning problem. Not threats. Not malware. The absence of evidence under your signature for work that increasingly happens without you in the loop.
Mejepa is not an EDR, a SIEM, a CASB, a SASE, a DLP, or another GRC dashboard. It is the evidence service that produces signed, auditor-ready packets for AI-assisted security and compliance work — mapped to the controls your clients already care about, sitting beside the stack you already sell.
One client workflow. One signed packet. Mapped to the frameworks your assessor will name. Delivered before the next quarterly review.
Mejepa reviews one of your client's AI-assisted security or compliance workflows end-to-end. You receive an AI usage inventory, a workflow risk map, signed sample verification records on five real outputs, a list of recommended human-review gates, and a CMMC/NIST-mapped audit packet ready for assessor handoff.
Continuous evidence production for AI-assisted work across your client base. Pricing scales with client count and verification volume. Includes quarterly assessor-ready exports, framework-mapping updates as CMMC/NIST/ISO standards evolve, and Slack/Teams access to the Mejepa reviewer pool.
Pick one client workflow: ticket triage, policy drafting, SSP narrative writing, M365 anomaly review, compliance evidence summarization, vCISO advisory.
Provide 30 days of AI-assisted outputs (anonymized if needed) plus framework targets — CMMC 2.0 L1/L2, NIST SP 800-171, ISO 27001, SOC 2, HIPAA, etc.
Mejepa runs the samples through 13 frozen instruments, classifies each output's verdict, maps to controls, and stages the assessor packet.
Signed PDF + machine-verifiable JSON + control-by-control evidence file. You hand it to the client, the assessor, or the cyber-insurance underwriter.
The channel has heard enough AI pitches. Here is what Mejepa is not, in writing, before the demo — so we don't waste your half hour.
If you do not see yourself in one of these rows, this snapshot is not for you. We would rather you knew now.
Your clients use Copilot, ChatGPT, and ticketing AI without your evidence chain on top. The snapshot becomes a quarterly deliverable — and a new line item your competitors can't price-match.
Your clients ask whether they can adopt AI safely. The signed packet is the answer you can put your name on without writing it from scratch every time.
Your assessor will ask how AI-assisted SSP narratives, evidence summaries, and remediation notes were verified. The snapshot is that answer, pre-built and pre-signed for handoff.
Defense-industrial-base supplier, manufacturer with government contracts, regulated mid-market — you already pay for compliance theater. The snapshot is the part the theater is missing.
Three primitives. The math is public. The signatures are verifiable. The chain is append-only. No hand-waving.
Calibrated lenses that do not change between releases. Same AI output, same reading. The auditor's foundation.
Statistical boundary with a published coverage rate. Outside the envelope, Mejepa abstains. The abstention is signed.
Ed25519-signed, append-only. Verifiable offline in thirty seconds. No vendor lock-in to read your own evidence.
Mejepa is the commercial productization of Teleox.ai — an independent research framework on meaning compression. The 13-instrument panel and ed25519 witness chain are open research primitives (Derived Data Abundance + Teleological Constellation Training), published and citable. The assessor can read the papers.
The snapshot you book this quarter is built on shipping primitives. The vision below names where the wedge expands as MSPs, MSSPs, and CMMC consultants buy the next packet.
mejepa_promote_approval (SEC-005) maps directly to CMMC AC.L2-3.1.5 and NIST AC-5 separation-of-duties.MSPs serving DoD contractors and regulated SMBs need a defensible record of how AI-assisted work — ticket triage, policy drafting, compliance summaries, AI-assisted remediation notes — was verified before reaching the client. Mejepa reviews one client AI-assisted workflow and returns a signed audit packet mapped directly to CMMC 2.0 Level 2 controls (AC, AU, CM, IR, RA, SC) and NIST SP 800-171 requirements. Delivered in 5 business days for $1,500–$3,500.
A productized 5-business-day Mejepa engagement that produces five artifacts for one MSP/vCISO client workflow: (1) AI usage inventory, (2) workflow risk map, (3) signed sample verification records for five real outputs, (4) recommended human-review gates, and (5) CMMC/NIST-mapped audit packet ready for assessor handoff. $1,500–$3,500 per snapshot, with an optional $1,000–$5,000/month retainer for continuous evidence.
No. Mejepa is not an EDR, MDR, SIEM, CASB, SASE, ZTNA, or DLP. It is an AI evidence service that sits beside your existing security stack and answers a question those tools cannot: "how do you know the AI didn't invent, leak, or misstate something?" The Mejepa packet is what your CMMC assessor or cyber-insurance underwriter will ask for next.
The audit packet maps AI-workflow evidence to specific CMMC 2.0 controls — AC.L2-3.1.1 access control, AC.L2-3.1.5 separation of duties, AU.L2-3.3.1 audit logging, CM.L2-3.4.1 configuration management, RA.L2-3.11.1 risk assessment — and the corresponding NIST SP 800-171 r3 requirements. Mejepa's two-person rule (mejepa_promote_approval SEC-005) for catastrophic AI changes maps directly to CMMC AC.L2-3.1.5 and NIST AC-5.
$1,500–$3,500 flat per snapshot, delivered in 5 business days, covering one client AI-assisted workflow end-to-end. Optional monthly retainer: $1,000–$5,000/month, with pricing scaled by client count and verification volume. The retainer includes continuous evidence production, quarterly assessor-ready exports, framework-mapping updates as CMMC/NIST/ISO evolve, and Slack/Teams access to the Mejepa reviewer pool.
Yes. Mejepa offers an AI Risk Verification Module Pilot ($10K–$25K, 60-day) and Full OEM Licensing ($50K–$200K/year plus per-client or per-packet royalty) for vCISO and GRC platforms — Cynomi, Drata MSP, Cytracom/Tentacle, Compliance Scorecard. Includes integration spec, white-labeled API, co-branded packet format, and quarterly business review with roadmap input.
Mejepa's Gτ guard uses constellation centroids that are externally frozen — the learned predictor has no gradient path to those centroids and therefore cannot learn to fool its own guard (Goodhart's law immunity by construction). Adversarial patches and prompt-injection attacks engineered to slip past the verdict are structurally blocked, not just empirically detected. Methodology published in the Dynamic / ME-JEPA research paper (Zenodo DOI 10.5281/zenodo.19977981).
Pick a client whose AI usage worries you most. Mejepa returns a signed snapshot you can put under your own name at the next QBR — and a co-marketing plan if you want to land more snapshots after that.
CYBERSECURITY FOLIO · VOL · I · № 02 · [email protected]