AIR
AIR™ · Automated Incident Response

The incident response plan that knows your stack, your roles, and your deadlines.

AIR builds your readiness assessment, response plan, eight scenario playbooks, regulatory notification matrix, and tabletop exercise kit from a three-minute intake. One PDF, delivered to your inbox in hours.

$1,495. One time. Price stated before you click anything.

Take the free 90-second readiness check

Free, no signup, nothing leaves your browser. Or get the full plan now, $1,495.

The moment this is for
"Please send a copy of your incident response plan." Your cyber insurer at renewal · an enterprise customer's security questionnaire · an auditor's document request

Different senders, same email. And the honest answer in a lot of businesses is a template someone downloaded two jobs ago, with nobody's name in it. AIR exists so you can reply the same day, with a plan that is recognizably about your company.

The usual three options, honestly

OPTION 1

The downloaded template

Free and fast. It names nobody, matches nothing you actually run, and the people asking for it have read a hundred of them. It answers the email without answering the question.

OPTION 2

The consulting engagement

A good consultant builds a strong plan over a number of weeks, at consulting prices. The right call for complex enterprises. Slower and heavier than most businesses need for a working plan this month.

OPTION 3

Write it yourself

Entirely doable. NIST publishes the guidance free of charge. Budget several working days, and someone on staff who enjoys reading framework documents and statute text.

AIR is the fourth option: the specificity of consultant work, at a fixed price, on a same-day clock.

What lands in your inbox

One PDF, six components, built from your seventeen intake answers.

01

Readiness assessment

Every element of a 43-element catalog (NIST CSF 2.0 subcategories, organized to the NIST SP 800-61r3 incident response lifecycle) is accounted for: identified gap, or not asserted ready. No invented scores, no percentages.

02

Your incident response plan

Roles with write-in name slots, a SEV-1 to SEV-4 severity matrix, bright-line activation criteria, a communication order, and evidence rules your team can actually follow at 2 AM.

03

Eight scenario playbooks

Ransomware, business email compromise, data breach, insider misuse, lost device, vendor breach, AI-enabled fraud, machine-speed intrusion. Run AI in the business? A ninth playbook covers incidents in your own AI systems. Steps match your reality: Microsoft 365 or Google Workspace, EDR or none, and the backup posture you actually reported.

04

Notification matrix

Only the obligations your answers establish: HIPAA, SEC Form 8-K, FTC Safeguards Rule, NYDFS Part 500, state breach statutes, card brands, your insurance carrier. Each row carries its deadline and its citation.

05

Tabletop exercise kit

A 60-minute facilitated scenario with timed injects, facilitator notes, and after-action questions. Your first exercise is on the calendar before the binder gets dusty.

06

30/60/90 roadmap

Your gaps, ordered by risk and sequenced into three horizons, so the cheapest highest-leverage fixes land first.

Built for the threats of this year, not 2019

Attacks are written by machines now. Your plan should already know that.

AI-enabled fraud

The email reads perfectly. The voice on the phone sounds exactly like your CEO. The playbook answers with procedure, not intuition: out-of-band verification against numbers on file, a freeze on the payment change, and a same-day path to your bank and carrier.

Machine-speed intrusion

Automated attack tooling touches many accounts in minutes. The playbook trades investigation depth for containment speed: velocity is the signal, identity is contained first, and the machine credentials attackers target get rotated early.

Your own AI systems

Run copilots or AI agents? Tell the intake, and your plan adds a playbook for incidents inside them: prompt injection, agent compromise, poisoned content sources, with the kill-switch and inventory discipline to contain them. If you do not run AI, your plan is not padded with it.

Every step is curated, deterministic, and matched to what you actually run, the same honesty as the rest of the deliverable. Machine-speed response with a human holding authority is the posture; the plan is where it starts.

How it works

Two minutes

Check out through Stripe

Fixed price, stated up front. Your intake link arrives by email immediately after checkout.

Three minutes

Answer seventeen questions

How your business runs: who handles IT, what your email lives on, where backups stand, which rules touch your data. Plain questions, no document uploads, no connectors.

Hours, not weeks

The PDF lands in your inbox

Print it. Write two names in the roles table. Put the tabletop on the calendar. Reply to the email that asked for your plan.

How it's built

An agent with guardrails, not a template with your logo on it

Deterministic where facts matter

Your notification deadlines come from the cited rule text, selected in code from your answers. The AI cannot invent a regulator, a deadline, or a statute. Gaps stated by your own answers are computed directly and labeled "stated in your intake."

AI-drafted where judgment helps

Summaries, context, and directional findings are drafted by the engine against a closed catalog. Anything it cites outside that catalog is dropped before it can reach your document. We built the guardrail because we know exactly how these models fail.

Honest accounting, all the way down

Every element is either an identified gap or "not asserted ready." Nothing is assumed in place because you paid us. The methodology page of your PDF says which findings came from your answers and which are directional, in plain language.

Agent-as-a-Service, not software-as-a-promise

You are not buying seats, logins, or a dashboard to ignore. An agent does the work, a human-gated pipeline reviews the delivery, and you get the artifact. That is the AaaS difference.

What AIR is not

Not legal advice

The matrix cites the rules and summarizes the deadlines so your counsel starts from organized facts instead of a blank page. During a real incident, counsel confirms applicability. The deliverable says this on its face.

Not a monitoring service

AIR is the plan, the playbooks, and the readiness picture. It does not watch your network or respond on your behalf. If you want continuous coverage afterward, that is what our subscription tiers are for.

Not a certification

No document makes you "compliant," and we will not pretend otherwise. AIR makes you prepared, on paper that holds up to the people who asked.

One price, stated before you click

$1,495

One-time purchase · no subscription required · delivered by email

  • Readiness assessment, 43 elements accounted for
  • Incident response plan with roles, severity, and activation criteria
  • Eight playbooks matched to your stack
  • Notification matrix with deadlines and citations
  • Tabletop exercise kit and 30/60/90 roadmap
  • Credits in full toward your first month of any Aegis AI subscription tier within 30 days
Get your plan for $1,495

Checkout runs through Stripe. Your intake link arrives immediately. The deliverable follows within hours of your intake, and in any case within 2 business days.

Want a read before you decide? Take the free 90-second readiness check first.

Questions owners actually ask

How fast is "hours"?

The pipeline generates and reviews your deliverable after you submit intake; most arrive the same day, often much faster. Our service commitment is within 2 business days at the outside. If we miss it, the Refund Policy applies: you get your money back.

We run neither Microsoft 365 nor Google Workspace. Does this still fit?

Yes. The email-compromise playbook falls back to provider-agnostic steps that still name the moves: save sign-in history, revoke sessions, reset credentials, hunt persistence. The other five playbooks do not depend on your email platform.

What happens to our intake answers?

They are used to build your deliverable, processed on US-based infrastructure, with the subprocessors listed on our Subprocessors page. No cloud connections, no agents installed, no telemetry collected. The intake is seventeen questions about how your business runs.

Which regulations does the notification matrix cover?

The major US overlays: the HIPAA Breach Notification Rule, SEC Form 8-K Item 1.05, the FTC Safeguards Rule notification requirement, NYDFS Part 500, state breach statutes, card-brand and acquirer obligations, and your cyber insurance carrier. Rows appear only when your answers establish they apply. If few apply to you, your matrix is short and says so honestly.

Is this generated by AI? Who stands behind it?

AIR is an agent built and operated by ElasticD3M, LLC, and we say so plainly. The parts that must be exact (deadlines, citations, catalog elements, playbook steps) are deterministic, curated content selected in code. The drafted parts are grounded against a closed catalog and a delivery gate reviews every PDF before it ships. The methodology page in your deliverable explains exactly which is which.

Do the playbooks cover AI-driven attacks?

Yes. Two of the eight core playbooks are built for them: AI-enabled fraud (deepfake voice and machine-written requests) and machine-speed intrusion (automated attack tooling). The steps are deterministic and matched to your stack, like every other playbook in the deliverable.

We run AI agents and copilots. Does the plan cover incidents in those systems?

If your intake says you run generative AI or agents, your deliverable adds a ninth playbook for exactly those incidents: prompt injection, agent compromise, poisoned content sources, and model abuse, plus the register and kill-switch discipline to contain them. If you do not run AI, we do not pad your plan with it.

What if I want continuous coverage afterward?

Your $1,495 credits in full toward the first month of any Aegis AI subscription tier within 30 days. The plan stands on its own either way; the subscription is for businesses that want the readiness picture maintained continuously, with evidence behind it.