Service

AI Security Testing.

Manual testing of AI features in production. OWASP LLM Top 10, prompt injection, agent guardrail bypass, RAG leakage, data exfiltration. Engineer-led, no scan-tool substitution.

Who this is for

  • SMEs with a customer-facing chatbot, copilot, or agentic feature in production.
  • Product teams about to ship an AI-integrated feature and want it audited before launch.
  • Buyers whose auditor or insurer has asked for OWASP LLM Top 10 alignment evidence.

What we test

  • Prompt injection (direct, indirect, multi-step).
  • Agent tool-use exploitation and authorisation gaps.
  • RAG leakage and retrieval misuse.
  • Output handling: code execution, file write, network egress, downstream data sinks.
  • Guardrail bypass: refusal pattern coverage, escalation gate enforcement.
  • Identity and session handling around AI features.

Frameworks we test against

  • OWASP LLM Top 10. The named class.
  • MITRE ATLAS. Adversarial tactics for AI systems.
  • NIST AI RMF. Risk management overlay.

How we deliver

Manual testing throughout. Scoping call first, then a fixed-scope engagement. Written report with severity-rated findings and remediation guidance. Same reporting discipline our sister brand Cyber Node applies to manual penetration tests.

Book a scoping call

Frequently asked

Manual security testing of AI features running in production. Engineer-led, not scanner-led. We test against the OWASP LLM Top 10 attack classes and the MITRE ATLAS adversarial-tactics catalogue, with a written report of severity-rated findings and remediation guidance.

Prompt injection, jailbreak, agent guardrail bypass, RAG leakage, indirect prompt injection, data exfiltration through tool use, and excessive agency. Scope is named per engagement against the OWASP LLM Top 10 and the parts of MITRE ATLAS relevant to the system under test.

Different surface. Penetration testing covers the cyber estate. AI security testing covers the AI surface: prompts, tool definitions, retrieval pipelines, agent loops, model providers. Both can apply to the same system. We work with our sister practice Cyber Node where the engagement covers both surfaces.

A written report with severity-rated findings, reproduction steps, and remediation guidance. A verbal debrief. Re-test of remediated findings on request. Same reporting discipline Cyber Node applies to manual penetration tests.