Mercury Security

Add-On Catalog — Audit & Oversight
(v1.0, 2025)

The following add-ons expand the scope of Mercury’s fixed deliverables. Each add-on is pre-priced, documented, and can be added via change request or included in initial contracting.

1. Additional Production Agent

  • Description: Expands the Sprint or Oversight Pack to cover an additional live AI agent (beyond the base 1 agent included).
  • Scope: Includes logs, evidence pack, guardrail testing, and bias/safety sampling for the additional agent.
  • Fee: $7,500 per agent

2. Regulated Data Class

  • Description: Adds structured testing and documentation for regulated data classes such as PHI (health), PCI (payment), or special category personal data (GDPR Art. 9).
  • Scope: Includes seeded prompts with sensitive data, validation of redaction/refusal, and mapping to GDPR/HIPAA/PCI DSS obligations.
  • Fee: $5,000 per data class

3. Additional Region

  • Description: Adds coverage for an additional region or hosting environment (e.g., EU + US split deployment).
  • Scope: Evidence collection for separate logging, retention, and assurance controls in each region.
  • Fee: $5,000 per region

4. Extended Red-Team Testing

  • Description: Expands the bias/safety test suite with an additional 50 targeted prompts beyond the baseline 100.
  • Scope: Includes scenario design, test execution, annotated logs, and pass/fail metrics.
  • Fee: $3,000 per batch of 50 prompts

5. Board Q&A Workshop

  • Description: 90-minute virtual session with Mercury advisors to review findings, answer questions, and guide board members through remediation priorities.
  • Scope: Includes briefing deck, Q&A log, and optional recording for internal use.
  • Fee: $2,000 per workshop

6. Subprocessor Audit

  • Description: Adds targeted due diligence review of one named subprocessor (vendor).
  • Scope: Review of DPA, certifications, hosting, and AI enablement risks.
  • Fee: $2,500 per subprocessor

7. Additional Revision Cycle

  • Description: Provides one extra revision cycle for the Audit Report or Roadmap beyond the included revision.
  • Scope: Covers structural changes or updates triggered by scope shifts.
  • Fee: $1,500 per cycle

8. On-Site Delivery

  • Description: Converts virtual delivery into an on-site workshop and board presentation.
  • Scope: Includes travel within EU/US, in-person delivery of Audit Report and Roadmap.
  • Fee: $7,500 + travel expenses

Notes

  • Add-ons are optional and priced in USD.
  • Multiple add-ons may be combined.
  • All add-ons are delivered under the same engagement terms as the Sprint or Oversight Pack.

✅ The Add-On Catalog ensures Mercury’s fixed products remain stable while still giving clients flexibility for expansion.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram