Service
AI Security & LLM Risk Review
Adversarial review for the AI features you are about to ship
Threat modeling and red-team testing for AI-powered apps — prompt injection, jailbreak, data leakage, and model supply chain risk.
Where AI risk is already on the roadmap
Teams shipping LLM-powered features into regulated, customer-facing, or revenue-critical paths.
Banking & Financial Services
Customer copilots, KYC assistants, and underwriting agents — under prudential and securities regulator scrutiny.
Healthcare
Clinical summarization and triage assistants where hallucination and PHI leakage carry direct patient risk.
Retail & E-Commerce
Shopping copilots and pricing agents exposed to prompt injection from product reviews and external content.
Public Sector
Citizen-service chatbots and regulatory drafting assistants under PDPA and procurement audit.
Enterprise SaaS
AI features rolled across multi-tenant data — where one prompt-injection blast radius spans every customer.
Internal Productivity
Agent platforms with tool access, SaaS connectors, and email — modern phishing surface in disguise.
How we run an AI security review
Four phases mapped to OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF — finished in 3–6 weeks.
- 01
Map
Inventory the AI surface: models, prompts, retrieval sources, tool/function calls, and trust boundaries.
- 02
Threat-model
Walk OWASP LLM Top 10 + MITRE ATLAS against the architecture; rank by blast radius and likelihood.
- 03
Adversarial test
Hands-on red-team with Garak, PyRIT, Promptfoo, and bespoke harnesses; capture reproducible payloads.
- 04
Harden
Concrete fixes — input/output guardrails, retrieval scoping, tool-call allowlists, eval CI — then re-test.
Frameworks and tools we use
Industry-standard references combined with the open-source red-team kit we use across engagements.
Frameworks
- OWASP LLM Top 10
- MITRE ATLAS
- NIST AI RMF
- ISO/IEC 42001
- EU AI Act mapping
Red-team Tooling
- Garak
- PyRIT
- Promptfoo
- Giskard
- Bespoke test harness per engagement
Guardrails & Eval
- NeMo Guardrails
- Llama Guard
- Lakera
- Pydantic AI
- Ragas
- TruLens
Model & Platform Coverage
- Claude
- GPT
- Gemini
- Llama
- Bedrock
- Vertex AI
- Azure OpenAI
Every team shipping a generative-AI feature is now operating at the boundary of an unfamiliar threat model. Prompt injection bypasses controls that look correct on paper. Retrieval pipelines exfiltrate data that engineers thought was scoped. Function-calling agents wire untrusted text directly into privileged tools. The classical security checklist does not cover any of this — and most teams discover the gaps only after a journalist or auditor demonstrates them publicly.
What does an AI security review actually cover?
We work the OWASP LLM Top 10 and MITRE ATLAS as a structured checklist against your specific architecture: prompt injection (direct and indirect via retrieved content), training-data and embedding poisoning, sensitive-information disclosure through model output, insecure plugin and tool design, excessive agency in tool-using agents, and supply-chain risk on the model and runtime layer. Each item gets a written assessment grounded in your code and infrastructure — not generic boilerplate.
What does the red-team phase produce?
Reproducible adversarial payloads against your live application, captured as eval cases your team can re-run on every prompt or model change. We use Garak and PyRIT for breadth, Promptfoo for regression discipline, and bespoke test harnesses for application-specific scenarios — multi-turn social engineering, retrieval-pipeline poisoning, and tool-call escalation. The deliverable is not a static PDF; it is a CI-runnable test suite that keeps the application honest as it evolves. Engagements run under our ISO 27001 ISMS, so all evidence is collected under audited controls.
Compliance angles we cover
- ISO/IEC 42001 — AI management system controls, mapped to the evidence we collect during the engagement
- EU AI Act — risk-tier assessment for systems serving European users, even when hosted outside the EU
- PDPA and BoT/SEC — data-handling boundaries for retrieval, logging, and memory components in regulated workloads
- NIST AI RMF — governance and lifecycle controls suitable for security committee and audit reporting
What we hand back
Deliverables clients use with security committees, regulators, and their own engineering leads.
OWASP LLM threats validated for and against your application
reproducible adversarial test suite running on every model or prompt change
sign-off package mapped to ISO/IEC 42001 and EU AI Act controls
engagement run under our certified ISMS — defensible evidence trail for regulators
About to launch an AI feature into a regulated workflow?
Start with a 30-minute scoping call. If there is a fit, we run a 2-hour AI risk triage on your architecture, return a written assessment with the top 5 issues ranked, and scope a full red-team engagement only if warranted. Evidence is collected under our ISO 27001 ISMS for use with your security committee.