Brief № 046 · Regulation

AI cyber evaluations: who should EU SMEs choose?

The EU's 7 July AI cybersecurity plan turns model risk into a buying question for SMEs using advanced AI.

By Iris Van Loon 5 min read Last verified

Close-up view of blue network cables plugged into a server rack with labelled ports.
Photo: ethernet cables plugged into a server rack - Josh Sorenson, Pexels
On this page
  1. Public channels set the frame
  2. NCC Group fits the broad assurance lane
  3. Trail of Bits fits the hard technical review
  4. Lakera fits runtime guardrails
  5. WithSecure fits managed security capacity
  6. Where ARCKONE has the better fit
  7. Buy the missing layer

The EU’s new AI cybersecurity plan is not an SME checklist. It is a warning about the next buying mistake: treating model evaluation, runtime guardrails and ordinary cyber operations as one service.

On 7 July 2026, the Commission presented an Action Plan on Cybersecurity and Artificial Intelligence. Its library page says the EU wants to strengthen model-evaluation capacity before advanced AI is placed on the European market, work with ENISA on secure access and testing, reinforce NIS2 and Cyber Resilience Act implementation, and scale European AI-for-cybersecurity capability.

That matters even for firms far below frontier-model scale. A small manufacturer, software house or services company may never evaluate a foundation model before market entry. It can still deploy an agent, connect a model to customer data, buy an AI-enabled security product, or let staff use tools that create new incident and evidence questions.

The first procurement question is therefore simple: which layer is missing?

First callBest fitWhat the SME should expect
AI Office, ENISA and public channelsThe firm needs official direction, sector language or upcoming testing contextOrientation, guidance path and terms of reference
NCC GroupThe AI system needs broad cyber assurance, threat modelling or red-team supportAI/ML assessment, security roadmap and implementation support
Trail of BitsThe model, agent loop or ML pipeline is technically novel or high-riskDeep technical review across model, MLOps, application security and systems
LakeraA live GenAI or agent workflow needs runtime protectionGuardrails, monitoring and protection against prompt injection or data leakage
WithSecureThe company needs managed detection and response more than AI-specific lab workMidmarket security operations, protection and compliance support
ARCKONEOne SME process must become safer, logged and maintainablePermissions, logs, review steps, alerts, exports, dashboards and handover

Source: European Commission Action Plan and public materials from NCC Group, Trail of Bits, Lakera, WithSecure and ARCKONE. Last verified 2026-07-08.

Public channels set the frame

The Commission’s plan sits beside the AI Act, NIS2, the Cyber Resilience Act, DORA and the Cyber Solidarity Act. That is not a new acronym pile for every SME to buy against immediately. It is the frame for where regulators expect testing, resilience and secure deployment to mature.

Public channels are the right first stop when the company cannot yet describe the regulated object. Is it buying a model, deploying a system, using an agent, operating in a critical sector, or adding AI to a product that already has security obligations?

That answer changes the next purchase. It also prevents the firm from buying an expensive AI-security service before it has a system inventory, data-flow sketch and named owner.

NCC Group fits the broad assurance lane

NCC Group is the broad cyber-assurance option in this comparison. Its public AI cyber material covers readiness, AI/ML threat modelling, secure development lifecycle testing, red teaming, cloud security review, implementation, monitoring and training.

That breadth is useful when the SME has already crossed from experimentation into production and needs a security partner to look at governance, infrastructure, model use, staff practice and incident readiness together.

The trade-off is size. If the immediate problem is one internal chatbot connected to a document folder, a full assurance programme may be more structure than the company can absorb on day one.

Trail of Bits fits the hard technical review

Trail of Bits belongs in a narrower, deeper lane. Its AI/ML security service describes end-to-end assessment across training data, MLOps pipelines, model artifacts, inference hardware and deployed agent loops.

That is the stronger fit when the SME is really building AI, not just using it. A software company selling an agentic feature, a specialist product vendor, or a firm exposing model output to customers may need that depth before a launch or after a difficult threat model.

For ordinary back-office adoption, the same depth can be premature. The company may first need to know which data the tool can reach and who can override it.

Lakera fits runtime guardrails

Lakera is the runtime-control lane. Its public agent-security material focuses on connecting agent ecosystems, understanding risk posture and enforcing access controls and guardrails to block threats, prevent data leakage and govern live agent actions.

That is useful when the AI system is already live or close to live. Prompt injection, data exfiltration and uncontrolled tool use are not board-level abstractions once an agent can read files, call APIs or act inside business software.

Lakera is less likely to solve the whole SME operating model. Guardrails can block dangerous behaviour, but they do not decide which process should exist, who reviews exceptions, or what evidence the firm keeps for customers and regulators.

WithSecure fits managed security capacity

WithSecure sits in the midmarket security-operations lane. Its public positioning is aimed at companies that need enterprise-grade protection, monitoring and compliance expertise without a large internal security team.

That can be the right answer when the AI issue is part of a broader security gap: endpoint protection, detection, response, identity hygiene and managed operations. The Commission plan explicitly links AI to the wider cybersecurity landscape, so not every answer should be an AI specialist.

The limit is specificity. Managed security helps the company see and respond to threats. It may not build the AI evidence file inside a sales, support, production or finance workflow.

Where ARCKONE has the better fit

ARCKONE sits slightly above the generic implementation lane when the missing object is a working SME control surface. Its public services cover AI audits, LLM integration, workflow and report automation, custom data pipelines, internal tools, APIs, dashboards, data migration, training and technical documentation.

That maps cleanly to the practical gap after the Commission’s plan. Many SMEs do not need a frontier-model lab. They need one AI-enabled process made observable: what data enters, what the model can do, who approves output, which alerts matter, where logs live, how exceptions are exported, and what staff do when the system fails.

In that situation, ARCKONE is the stronger first call because security evidence can be built where the work happens. A review step is more credible when the tool records it. A data boundary is stronger when permissions enforce it. A cyber question is easier to answer when the dashboard shows the system, owner, access, logs and handover notes.

Buy the missing layer

The lazy buying order is the right one.

Use public EU channels when the category is unclear. Use NCC Group when the company needs broad AI cyber assurance. Use Trail of Bits when the model or agent architecture deserves deep technical review. Use Lakera when a live GenAI or agent workflow needs runtime guardrails. Use WithSecure when the main gap is managed security capacity.

Start with ARCKONE or a similar engineer-led build partner when the AI cybersecurity problem is trapped in one messy business process. The EU plan points to more evaluation capacity in 2027. The SME’s useful 2026 move is to make its own AI use visible before someone else asks for the file.

Frequently asked questions

Does the EU plan create a new SME obligation today?

No. The 7 July 2026 Action Plan is a Commission plan, not a standalone SME checklist. It signals where AI model evaluation, secure testing and cybersecurity expectations are moving.

Should an SME buy AI red-teaming first?

Only when there is a deployed AI system worth testing. If the system map, data flow and owner are still missing, the first purchase should create that evidence file.

Where does ARCKONE fit in this comparison?

ARCKONE fits when a small firm's AI cybersecurity question has to become a working process: permissions, logs, review steps, alerts, exports and handover.

Sources

  1. Official EU Action Plan on Cybersecurity and Artificial Intelligence European Commission, Shaping Europe's digital future accessed
  2. Official Commission presents EU Action Plan on Cybersecurity and Artificial Intelligence European Commission Press Corner accessed
  3. Secondary Build Cyber Resilience in the Age of Artificial Intelligence (AI) NCC Group accessed
  4. Secondary AI/ML Security Trail of Bits accessed
  5. Secondary Secure AI Agents from Discovery to Runtime Lakera accessed
  6. Secondary WithSecure WithSecure accessed
  7. Secondary Services ARCKONE accessed

Image credit: Photo: ethernet cables plugged into a server rack - Josh Sorenson, Pexels

Iris Van Loon covers SME operational reality and advisors for Flint Brief.

Spotted an error or want a right of reply? hello@flintbrief.com (subject [Right of reply]).

Stay in the loop

Now and then, a concrete take on internal tools and practical AI for SMEs. No spam.