Back to Services

AI Security & LLM Risk Review

Adversarial review for the AI features you are about to ship

Threat modeling and red-team testing for AI-powered apps — prompt injection, jailbreak, data leakage, and model supply chain risk.

Abstract composition of a neural lattice intersecting a shield, evoking AI red-teaming in HarmonyX blue and gold

Teams shipping LLM-powered features into regulated, customer-facing, or revenue-critical paths.

01

Banking & Financial Services

Customer copilots, KYC assistants, and underwriting agents — under prudential and securities regulator scrutiny.

02

Healthcare

Clinical summarization and triage assistants where hallucination and PHI leakage carry direct patient risk.

03

Retail & E-Commerce

Shopping copilots and pricing agents exposed to prompt injection from product reviews and external content.

04

Public Sector

Citizen-service chatbots and regulatory drafting assistants under PDPA and procurement audit.

05

Enterprise SaaS

AI features rolled across multi-tenant data — where one prompt-injection blast radius spans every customer.

06

Internal Productivity

Agent platforms with tool access, SaaS connectors, and email — modern phishing surface in disguise.

Four phases mapped to OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF — finished in 3–6 weeks.

  1. 01

    Map

    Inventory the AI surface: models, prompts, retrieval sources, tool/function calls, and trust boundaries.

  2. 02

    Threat-model

    Walk OWASP LLM Top 10 + MITRE ATLAS against the architecture; rank by blast radius and likelihood.

  3. 03

    Adversarial test

    Hands-on red-team with Garak, PyRIT, Promptfoo, and bespoke harnesses; capture reproducible payloads.

  4. 04

    Harden

    Concrete fixes — input/output guardrails, retrieval scoping, tool-call allowlists, eval CI — then re-test.

Industry-standard references combined with the open-source red-team kit we use across engagements.

Frameworks

  • OWASP LLM Top 10
  • MITRE ATLAS
  • NIST AI RMF
  • ISO/IEC 42001
  • EU AI Act mapping

Red-team Tooling

  • Garak
  • PyRIT
  • Promptfoo
  • Giskard
  • Bespoke test harness per engagement

Guardrails & Eval

  • NeMo Guardrails
  • Llama Guard
  • Lakera
  • Pydantic AI
  • Ragas
  • TruLens

Model & Platform Coverage

  • Claude
  • GPT
  • Gemini
  • Llama
  • Bedrock
  • Vertex AI
  • Azure OpenAI

Every team shipping a generative-AI feature is now operating at the boundary of an unfamiliar threat model. Prompt injection bypasses controls that look correct on paper. Retrieval pipelines exfiltrate data that engineers thought was scoped. Function-calling agents wire untrusted text directly into privileged tools. The classical security checklist does not cover any of this — and most teams discover the gaps only after a journalist or auditor demonstrates them publicly.

What does an AI security review actually cover?

We work the OWASP LLM Top 10 and MITRE ATLAS as a structured checklist against your specific architecture: prompt injection (direct and indirect via retrieved content), training-data and embedding poisoning, sensitive-information disclosure through model output, insecure plugin and tool design, excessive agency in tool-using agents, and supply-chain risk on the model and runtime layer. Each item gets a written assessment grounded in your code and infrastructure — not generic boilerplate.

What does the red-team phase produce?

Reproducible adversarial payloads against your live application, captured as eval cases your team can re-run on every prompt or model change. We use Garak and PyRIT for breadth, Promptfoo for regression discipline, and bespoke test harnesses for application-specific scenarios — multi-turn social engineering, retrieval-pipeline poisoning, and tool-call escalation. The deliverable is not a static PDF; it is a CI-runnable test suite that keeps the application honest as it evolves. Engagements run under our ISO 27001 ISMS, so all evidence is collected under audited controls.

Compliance angles we cover

  • ISO/IEC 42001 — AI management system controls, mapped to the evidence we collect during the engagement
  • EU AI Act — risk-tier assessment for systems serving European users, even when hosted outside the EU
  • PDPA and BoT/SEC — data-handling boundaries for retrieval, logging, and memory components in regulated workloads
  • NIST AI RMF — governance and lifecycle controls suitable for security committee and audit reporting

Deliverables clients use with security committees, regulators, and their own engineering leads.

Top-10

OWASP LLM threats validated for and against your application

Eval-in-CI

reproducible adversarial test suite running on every model or prompt change

Pre-launch

sign-off package mapped to ISO/IEC 42001 and EU AI Act controls

ISO 27001

engagement run under our certified ISMS — defensible evidence trail for regulators

About to launch an AI feature into a regulated workflow?

Start with a 30-minute scoping call. If there is a fit, we run a 2-hour AI risk triage on your architecture, return a written assessment with the top 5 issues ranked, and scope a full red-team engagement only if warranted. Evidence is collected under our ISO 27001 ISMS for use with your security committee.

Start a conversation