‌‍‌‌‍‌‌‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‌‌‍‌‌‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌‌‍‍‌‌‍‌

2025: The Year of the Spark

Evolving the Blueprint for Secure, Mission-Ready AI

Fire Mountain Labs

January 7, 2025

When we launched Fire Mountain Labs last April, we knew the industry was at a crossroads. The rapid adoption of Large Language Models and autonomous systems was outpacing the frameworks needed to secure them. We founded this company to bridge that gap, to bring offensive security rigor to the world of AI.

Looking back at 2025, it wasn't just our first year; it was a year of establishing the "Lab" in Fire Mountain Labs through intensive research, global collaboration, and community engagement.

Advancing the Science of AI Security

Our commitment to technical excellence took us to the most prestigious research venues in the world. We spent 2025 tackling the most complex challenges in the field:

Operational Risk: We presented on the operational risk modeling of mission-critical AI systems at the NATO IST-210 Research Symposium.
Threat Modeling: At CAMLIS, we shared our research on offensive security concepts and applications for AI systems, engaging with the community on how to red-team machine learning systems effectively.
Systems Theory: At BSides Las Vegas, we explored a systems-theoretic approach to securing military AI using STPA-Sec, looking at how entire systems fail under pressure.
RAG & LLM Defense: At SPIE DCS, where our CTO Josh served as Conference Chair, we published foundational papers on adversarial threat vectors in Retrieval-Augmented Generation (RAG) systems.

The Evolution: From Security to Holistic Maturity

As 2025 progressed, our work revealed a deeper truth: you cannot have sustainable AI security without organizational maturity. While we began with a sharp focus on the "break and fix" of AI models, we realized our partners needed a roadmap for the long haul.

We have expanded our practice to treat AI security as a core component of a broader AI Maturity framework. By grounding our research and advisory services in respected benchmarks like the MITRE AI Maturity Model, we are moving beyond reactive patching toward building resilient organizations.

From Shadow AI to Governance (AI Enablement)

One of our partners was facing "Shadow AI" sprawl across their engineering teams. They had the capability but lacked the guardrails. We helped them move from scattered experimentation to a structured AI Enablement program. By identifying their specific business objectives and designing a customized AI security service offering, we didn't just lock down their models; we gave their teams a secure path to innovate.

Drawing Down the Risk (AI Risk Assessment)

For a client in a high-stakes regulated industry, the fear of "prompt injection" and model evasion was stalling their entire GenAI roadmap. We addressed this by conducting a comprehensive AI Risk Assessment that went beyond a standard pentest to map their entire AI supply chain, from training data to model endpoints, identifying high-impact vulnerabilities within their specific RAG architecture. Today, we translate that roadmap into action by helping clients balance defense and growth; we conduct rigorous security audits to measurably draw down risk while simultaneously driving AI Enablement strategies that unlock business value and establish a "paved path" for secure innovation.

From Analyst to Architect (AI Maturity Workshop)

While many organizations focus on the technology, we’ve seen that one of the biggest bottlenecks to AI is the skills gap. To solve this, we designed a series of AI Maturity Workshops designed for SOC analysts, auditors, and assessors.

In one session, we worked with a team of seasoned SOC analysts who were working to integrate new AI-driven technologies into their existing practice. Rather than just a standard tool training, we led them through a hands-on AI Governance in Action tabletop exercise. We simulated real-world AI incidents and helped them apply the NIST AI RMF and MITRE ATLAS frameworks to their specific environment. Our workshops have enabled our client to transition from being "AI-skeptics" to "AI-literate" defenders, equipped with a practical playbook to triage, investigate, and mitigate AI-specific threats.

But maturity isn't just about frameworks; it’s about people. This year, we solidified this by partnering with AI CERTs® to become an Authorized Training Partner. By combining our deep security expertise with global certification standards, we are empowering the workforce to manage AI risk as a professional discipline, not an afterthought.

Community & Conversation

Research only matters if it reaches the people building the systems. Throughout 2025, we prioritized sharing our findings:

Education: We led hands-on workshops on AI Governance at BSides and sponsored talks with the Cloud Security Alliance (CSA).
Thought Leadership: Our AI Maturity Webinar series and the SD ISSA "Hot AI Summer" panel allowed us to define what a "mature" AI-enabled enterprise actually looks like.
Interviews: We shared our vision on the Profectory Voice of Growth and Help Net Security podcasts, and sat down with the Federal News Network to discuss securing AI systems.

The Road Ahead

2025 was about the spark, establishing Fire Mountain Labs as a leader in AI assurance and organizational maturity. As we move forward, our mission remains the same: ensuring that the AI revolution is built on a foundation of security, not just speed.

Thank you to everyone who joined us in 2025. The fire is just getting started.

Your Trusted Partner in AI Safety

Page updated

Report abuse