Find out exactly which AI tools can access your client data, what they are sending out, and what to fix first. A 90-minute structured diagnostic. Written posture summary in 24 hours.
4 slots remaining in May — 8 sessions per month, one practitioner
Your team adopted AI tools quickly. That was the right call. But most of those tools were never configured for a firm that handles other people's information. Nobody has gone back to check.
"The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it."
Suja Viswesan, VP Security, IBM — IBM Cost of a Data Breach Report, 20252
The question is not whether AI is in your workflow. It is what it can see, where it is sending data, and whether you can answer for it when a client asks.
The Signal Session maps every AI surface in your firm and scores it against a single posture standard. No jargon. No 300-page framework. One written summary, delivered in 24 hours.
Boubacar, Catalyst Works Consulting
Composite example. Real outputs are firm-specific.
You complete a short intake that maps every AI-adjacent tool your firm uses — email, drafting, scheduling, document review, CRM. This is what makes the 90 minutes precise instead of exploratory.
Four phases. Tool mapping validation, data access interrogation across every AI surface, exposure scoring, and prioritization. You describe your workflow. I translate it into a risk picture with specific actions ranked by urgency.
A one-page posture summary. Scored. Firm-specific. It tells you exactly where you stand, which tools require immediate action, and what to do first. Yours to share or not share.
"When data is entered into a generative AI tool, you are sharing that data with the AI tool's owners and, thus, entrusting them to protect this data. A data breach can have significant financial and reputational consequences for a CPA firm, and a generative AI tool's owner may attempt to disclaim liability."
AICPA / CPAI — Generative AI and Risks to CPA Firms, 20244
"97% of organizations that experienced an AI-related security incident lacked proper AI access controls. 63% had no governance policies for managing AI or detecting unauthorized use."
IBM Cost of a Data Breach Report, 20252If the session surfaces nothing you don't already know, I refund the fee. No paperwork. No questions.
It was built from two decades of operational work inside organizations that had the same problem and could not name it yet. The 11 questions were refined across firms that varied in size, sector, and geography but shared the same blind spot about what their AI systems could reach.
Most firms that go through the session discover at least one tool they had not accounted for. Several discover four or five.
"Firms should assess whether their cybersecurity program appropriately contemplates risks associated with the firm's and its third-party vendors' use of GenAI."
FINRA — Regulatory Notice 24-09, June 20245
No. The session is a structured conversation, not a technical audit. You describe your workflow. I translate it into a posture assessment you can act on immediately.
The summary tells you what it is and what to do first. For firms where the findings require a structured remediation plan, there is a next-step engagement. The Signal Session always delivers value on its own.
Yes. Everything discussed in the session and documented in the summary stays between us. The summary is yours to share or not as you see fit.
If the session surfaces nothing you don't already know, I refund the fee. No paperwork. That has not happened yet, but the offer stands.
Most sessions are booked within 48 hours. I run 8 sessions per month. When slots are full, they're full.
90 minutes. Written summary in 24 hours. $497 flat.
Reserve My Diagnostic4 slots remaining in May — 8 per month, one practitioner
If you're not sure whether the Signal Session applies to your firm, send a message. One question, one honest answer. No pitch.
Or email directly: catalystworks.ai@gmail.com
Got it. You'll hear back within 24 hours.