Before the deep technical work begins, and often before a full service contract is executed, the engagement letter serves as the foundational agreement. It is a formal, yet concise, document that confirms the mutual understanding between the red team (the Assessor) and the organization (the Client). Its primary purpose is to outline the high-level terms, scope, and objectives, ensuring both parties are aligned before investing further resources.
Why Not Just a Contract? The engagement letter is a preliminary step. It’s less legally dense than a Master Service Agreement (MSA) or a Statement of Work (SOW). Think of it as a formal handshake that solidifies verbal discussions into a written commitment to proceed, paving the way for more detailed legal and technical planning.
The Role of the Engagement Letter
This document is your first and most important tool for managing expectations and establishing professional boundaries. For an AI Red Team engagement, where the testing targets can be novel and the potential impact ambiguous, this initial alignment is critical. It sets the stage for a successful and legally protected operation.
Key Components of the Letter
A robust engagement letter should contain several non-negotiable sections. While the sample below provides a template, you must tailor it to the specific context of each engagement.
- Identification of Parties: Clearly state the full legal names of the client organization and the assessing entity. No ambiguity.
- Purpose & Objectives: A high-level summary of what the engagement aims to achieve. For example, “To assess the susceptibility of the ‘Project Sentinel’ predictive model to adversarial evasion attacks.”
- Scope Summary: Define the boundaries. What specific models, APIs, datasets, or infrastructure components are in scope? What is explicitly out of scope? This prevents scope creep and protects both parties.
- Authorization: The “Get Out of Jail Free” clause. This is an explicit statement from the client authorizing the red team to perform security testing activities as defined in the scope. It is your primary legal protection.
- Confidentiality: A statement acknowledging that the assessor will be exposed to sensitive information and agrees to maintain confidentiality, often referencing a separate Non-Disclosure Agreement (NDA).
- Timeline & Fees: An estimated timeframe for the engagement and a summary of the fee structure (e.g., fixed fee, time and materials).
- Next Steps: Clarifies that this letter precedes a more detailed contract and Statement of Work (SOW).
AI Red Team Engagement Letter
Date: [Date]
To:
[Client Contact Name]
[Client Contact Title]
[Client Company Name]
[Client Company Address]
From:
[Assessor Contact Name]
[Assessor Company Name]
[Assessor Company Address]
Subject: Confirmation of AI Red Team Engagement
Dear [Client Contact Name],
This letter confirms the mutual understanding between [Client Company Name] (“Client”) and [Assessor Company Name] (“Assessor”) regarding a proposed security assessment engagement. This document outlines the preliminary terms and serves as the basis for a formal Service Agreement and Statement of Work (SOW).
1. Purpose and Objectives
The primary objective of this engagement is to conduct a Red Team assessment against the Client’s specified AI systems. The goal is to identify and document vulnerabilities, weaknesses, and potential misuse scenarios related to the model’s security, integrity, and ethical alignment. Key objectives include:
- Assess susceptibility to prompt injection and jailbreaking attacks.
- Evaluate defenses against model inversion and data extraction.
- Test for adversarial machine learning vulnerabilities (e.g., evasion, poisoning).
- Identify potential for harmful, biased, or unintended outputs.
2. Scope of Services
The assessment will be strictly limited to the following systems and assets:
- In-Scope AI Model(s): “Project Nova” Customer Service LLM (Version 2.1)
- In-Scope Infrastructure: API Endpoint: api.client.com/nova/v2; Staging Environment Only
- Explicitly Out-of-Scope: All production systems, corporate networks, other AI models, and physical premises. Social engineering of Client employees is not authorized.
3. Authorization for Testing
The Client explicitly authorizes the Assessor to perform security testing activities directed at the in-scope systems defined above. The Assessor is authorized to employ techniques necessary to meet the engagement objectives, including but not limited to, sending malicious inputs, attempting to bypass security filters, and probing for system weaknesses. All activities will be conducted in a professional manner intended to minimize disruption to the in-scope systems.
4. Confidentiality
All information provided by the Client and all findings discovered by the Assessor during this engagement will be treated as strictly confidential. This understanding is governed by the Mutual Non-Disclosure Agreement executed between the parties on [Date of NDA].
5. Engagement Timeline
The engagement is estimated to commence on or around [Start Date] and conclude on or around [End Date]. A detailed project plan will be provided in the SOW.
6. Fees and Payment
The estimated professional fee for this engagement is [$XX,XXX USD], payable as per the schedule to be detailed in the Service Agreement. This estimate is based on the scope defined herein.
7. Next Steps
Upon acceptance of the terms outlined in this letter, the Assessor will prepare a comprehensive Service Agreement and Statement of Work (SOW) for your review and signature. No testing activities will commence until these documents are fully executed.
Please indicate your acceptance of these terms by signing below and returning a copy to us. We look forward to partnering with you on this important initiative.
Sincerely,
_________________________
[Assessor Contact Name]
[Assessor Contact Title]
[Assessor Company Name]
ACCEPTED AND AGREED:
[Client Company Name]
_________________________
Signature
Name: [_________________________]
Title: [_________________________]
Date: [_________________________]
Customizing the Template
The provided sample is a general-purpose starting point. You must adapt it for every engagement. Pay close attention to the Scope section—this is where most disputes arise. Be hyper-specific. Instead of “the company’s AI,” write “the ‘X’ model, version Y, accessible via Z endpoint in the staging environment.” The more precise your language, the lower the risk of misunderstanding and legal exposure for your team.
Finally, always have your legal counsel review any engagement letter or contract before it is sent to a client. This document, while preliminary, establishes a legal basis for your actions and must be sound.