You're an agency shipping AI-built apps to clients. Their security questionnaire is your bottleneck.

Updated Apr 24, 2026

Per-client SOC 2 + DPA + AIBOM evidence at agency scale. Securie's attestation chain produces auditor-defensible artifacts per client.

This is for you if…

First client security questionnaire

200 questions per client. Ten clients per quarter. Your weekend goes.

Client asks for AIBOM

You don't know what an AIBOM is. You Google. You realize the EU AI Act Aug 2 2026 deadline applies to your clients.

Client breach traced back to your code

The contract has indemnity clauses. Your weekend goes.

Every PR ships DSSE-signed in-toto v1 attestations. Auditor verifies with cosign verify-blob. Same evidence works for SOC 2 + EU AI Act + GDPR.

Use /templates/security-questionnaire-response. 80% pre-filled per the canonical SIG-Lite + VSAQ patterns.

CycloneDX 1.6 AIBOM on every release alongside the SBOM. EU AI Act Article 11 + Annex IV machine-readable supplement.

Install Securie on every client repo
Hand the client the auditor bundle URL on contract close
Pre-fill security questionnaires from /templates/security-questionnaire-response

“Dozens of agencies use Securie for per-client security evidence at agency scale.”

Per-client pricing — does it scale?

Securie's Solo Founder ($49/mo) covers 10 repos = 10 clients. Startup ($299/mo) covers 50 repos. Scales with agency size.

Clients want to see evidence themselves

/api/auditor/bundle/<commit> serves the full DSSE-signed bundle. Hand the client the URL.

What about the indemnity clause?

Securie's prove-don't-flag invariant + auditor-defensible chain is the strongest evidence-position you can offer in indemnity disputes.