First, the standards have matured. There is now a credible, open, vendor-neutral canon for what "secure AI-assisted development" means — the OWASP Top 10 for Agentic Applications, the OWASP Top 10 for LLM Applications, the SAFE-MCP baseline adopted by the Linux Foundation, and NIST's AI Agent Standards Initiative. These are peer-reviewed, owned by no company, and freely available.
Second, the enforcement tooling has proliferated — some commercial, some open-source and free. Capable instruments now exist to watch code, models, and agents in real time.
What is missing is the layer between them: impartial human judgment that connects the standards to your specific stack. Which standards actually apply to your architecture? Are your tools configured to enforce them, or producing reassuring dashboards that verify nothing? Does your agent setup pass the OWASP Agentic Top 10 in practice, not just on a slide? A vendor cannot answer these questions about a stack that includes its competitors. An internal team rarely has the specialised, current knowledge. And a one-off audit answers them for a single day, then expires.
That gap is the entire offering that the Guild is planning to implement. The Guild sells no security tooling, no fabric, no platform — which is precisely what will let it judge yours honestly.