FAQ

Questions before the detection review

Clear answers about how our Toronto AI security studio engages, what we charge, how we handle your data, and what we deliberately do not offer. If your question is not here, contact us.

Is Cyber Synth AI a hacking service, a security course, or a general chatbot company?

No. We are a defensive AI cybersecurity studio that designs and delivers AI-driven detection, SOC automation, and model security for client organizations, always with a human analyst in the loop. We do NOT perform offensive hacking, unauthorised intrusion, or account access; we do NOT sell exploits, malware, or spyware; we do NOT sell courses; and we are NOT a general LLM or automation consultancy. "Cyber" means cybersecurity; "Synth" means synthesising AI-driven security systems. We do not guarantee that any system is unhackable, or promise breach prevention or specific business outcomes.

How do you engage — project or retainer?

Both. Most new client organizations start with a fixed-scope discovery and threat-modelling project (typically two to four weeks), followed by a production delivery sprint for ML threat detection, SOC automation, or model security work. Ongoing retainers cover detection QA, SIEM tuning, MLSecOps, and incident response enablement. We define project scope and measurable outcomes in a statement of work before any engineering begins.

What are typical budgets in CAD?

Discovery engagements run C$18,000–C$28,000. Detection-engineering sprints range from C$45,000 to C$120,000 depending on complexity. Phishing detection and fraud detection system builds typically fall between C$38,000 and C$85,000. Retainers for ongoing SOC automation and guardrails support start at C$7,500–C$8,500 per month. We provide detailed estimates after understanding your environment — no hidden fees, no guaranteed ROI promises.

How long does a typical project take?

Discovery: two to four weeks. ML anomaly analytics prototype: four to eight weeks. Full SOC automation rebuild: eight to fourteen weeks. LLM security and MLSecOps reviews: three to six weeks. Timelines depend on data access, stakeholder availability, and integration complexity. We publish a roadmap with milestones at project kickoff.

Which platforms and tools do you work with?

We integrate with common SIEM platforms (Splunk, Microsoft Sentinel, Elastic, Google Chronicle), SOAR tooling, cloud-native logging (AWS, Azure, GCP), and custom log pipelines. ML threat detection models are built with frameworks appropriate to your stack — we are not tied to a single vendor. Behavioural analytics and phishing detection models are designed for your environment, not imported from a generic library.

How do you handle client data, logs, and intellectual property?

Client data is processed under contractual confidentiality terms and PIPEDA-aligned data governance practices. Security logs and telemetry used for model training remain your property. We do not reuse client detection rules, models, or log data across engagements without explicit written consent. Data is stored on encrypted systems with access limited to assigned senior security engineers. Retention periods are defined in the statement of work and our privacy policy.

Cyber Synth AI team standup reviewing detection engineering priorities

What is your authorised-testing policy?

We perform security engineering and adversarial testing only on systems our clients own or are explicitly authorised to test. Written scope-of-work documentation defines boundaries before any testing begins. We do not probe third-party systems, perform unauthorised intrusion, or offer account-access or surveillance services under any description.

How do you handle false positives and detection QA?

False-positive reduction is built into every engagement — not treated as an afterthought. We measure alert fidelity before and after deployment, run structured detection QA with analyst walkthroughs, and tune ML models using feedback from your SOC team. Guardrails prevent automation from taking irreversible action without human approval. AI threat detection produces false positives and false negatives; our job is to minimise both while keeping analysts in the loop.

What do you NOT do?

We do not guarantee breach prevention, compliance, or specific business outcomes. We do not offer offensive hacking, unauthorised intrusion, or account recovery. We do not sell exploits, malware, spyware, or surveillance tools. We do not sell security courses, bootcamps, or certifications. We do not offer get-rich-quick schemes, crypto trading advice, or MLM programmes. We are not a general AI consultancy without a security focus, not an antivirus or VPN product, and not legal or investment advice.

Who owns the detection rules and models you build?

Upon final payment, deliverables specified in the statement of work — detection rules, playbooks, model artefacts, documentation — belong to the client unless otherwise agreed. We retain the right to use generalised methodologies and non-client-specific techniques. Client-specific intellectual property is never shared with other organizations.

Do you work with organizations outside Canada?

Yes. While our studio is based in Toronto and focused on the Canadian market, we serve client organizations across North America. Engagements for international clients follow the same defensive scope, human-in-the-loop standards, and data governance requirements. Time zone coordination is handled during project planning.

Still have questions?

Book a detection review and we will walk through your specific environment, SIEM posture, and project scope.

Book a detection review