HomeAI OfferingsAuditCase studiesAboutContact
AI SECURITY AUDIT

Your AI has attack surfaces no one tested.

Prompt injection. RAG leakage. Agentic tool misuse. Broken authorisation. Standard penetration tests don't cover these. We do — using OWASP LLM Top 10, MITRE ATLAS, and a custom testing harness built for production AI systems.

testingprompt_injectionrag_cross_tenant_leakageexcessive_agencyinsecure_output_handlingsupply_chain_driftindirect_injection_via_docsbroken_rlssystem_prompt_extraction
Jump to the three tiers ↓

Standard security testing was built before AI.

01 /

SAST scanners miss it

They find known CVEs and hardcoded secrets. They don't find the system prompt your user can extract in three messages, or the RAG pipeline that surfaces another tenant's documents.

02 /

Pen testers don't know LLMs

Traditional web app pen testers test HTTP surfaces. They don't test prompt injection vectors, indirect injection via retrieved content, or an agent that will delete your database if you construct the right tool call.

03 /

Enterprise teams will find it

Your customer's security team will ask about AI in the procurement questionnaire. If you haven't tested it, that question stalls your deal. We give you the attestation letter that answers it.

THREE TIERS

Pick the depth your situation requires.

QUICK SCAN · 5 DAYS

Your AI feature is live. Let's find the obvious holes before someone else does.

₹50,000/ $1,500 international
BEST FOR

Non-technical founders who built with Lovable, Cursor, Bolt, or v0. SaaS MVPs with LLM features not yet through a security review. Teams preparing for a first enterprise conversation.

WHAT WE TEST
  • Authentication and authorisation logic — inverted-auth, broken RLS
  • Supabase / Firebase row-level security rules
  • Exposed secrets and hardcoded credentials in client-side code
  • Environment variable handling and secret management
  • Basic prompt injection surface — system prompt extraction, direct injection
  • Dependency review — hallucinated packages, known vulnerable deps
  • API endpoint authorisation gaps
  • Error messages that leak system internals
WHAT YOU GET
  • Executive summary with overall risk rating (Critical / High / Medium / Low)
  • Findings catalog — severity, affected component, evidence, plain-English impact
  • Remediation checklist ordered by priority
  • 60-minute findings walkthrough call

Not a comprehensive penetration test. Not a compliance certification.

DEEP AUDIT · 5 WEEKS

You're in fintech, you're scaling, or your AI is making decisions that affect real people. This is the audit that holds up in a boardroom.

Quoted after scoping call
BEST FOR

Fintech on RBI-regulated rails. Series A+ SaaS with enterprise contracts. Companies building multi-agent or agentic AI systems. Any business with DPDP Act exposure.

WHAT WE TEST
  • Everything in Production Audit
  • Agentic pipeline (OWASP Agentic AG01–AG10) — multi-agent trust boundaries
  • Excessive agency review — what can the agent do without human confirmation
  • Kill-switch and emergency stop latency testing
  • Long-term memory and persistence — what survives session boundaries
  • Agent identity spoofing
  • Model provenance verification
  • Fine-tuning data poisoning risk (if applicable)
  • LLM SDK and package dependency audit
  • Third-party AI tool security posture
  • DPDP Act — Data Fiduciary obligations, consent adequacy, right-to-erasure feasibility, ₹250 cr exposure assessment
  • RBI FREE-AI — Annex V/VI gap analysis, Phase 1/2 readiness
  • RBI Digital Lending — duty of explanation, model risk lifecycle, disparate impact testing
  • ISO/IEC 42001 — AI management system gap analysis
  • AI decision audit trail — model/prompt version, input/output logging
  • Human oversight mechanisms — override controls, escalation paths
WHAT YOU GET
  • Everything in Production Audit
  • Agentic pipeline threat model diagram
  • Compliance gap register — framework-mapped, owner-assigned, SLA-dated
  • Regulatory evidence pack — pre-formatted for DPDP Data Protection Board and RBI FREE-AI Annex V/VI
  • Board-ready executive summary
  • Tabletop exercise — 90-minute facilitated AI incident simulation
  • Two free retests within 90 days
THE PROCESS

What happens after you book the call.

  1. 01

    SCOPING CALL

    30 minutes. We confirm scope, tier, and timeline. Sign the agreement.

  2. 02

    KICKOFF

    Read-only codebase access + test environment. Deep Audit: threat-modelling session.

  3. 03

    TESTING

    We run the audit. Critical findings flagged immediately — not at report time.

  4. 04

    DRAFT REPORT

    Shared for factual review — not to soften findings. Findings walkthrough call included.

  5. 05

    CLOSE + RETEST

    Attestation letter issued. Retest after remediation. Updated report on resolved issues.

CRITICAL FINDINGS POLICY

We flag Critical findings immediately. If we find your production database is publicly readable, you hear about it within the hour — not at the end-of-week report.

We name the failure mode. Not the category.

  • WE SAY

    Your Stripe webhook doesn't verify signatures. Anyone can POST a fake invoice.paid event and flip their own account to paid.

    NOT

    Insufficient input validation.

  • WE SAY

    Your RAG retrieves documents using a tenant_id from the user-supplied JWT — but the JWT signature is unverified, so any tenant can read any other tenant's documents.

    NOT

    Broken access control.

  • WE SAY

    The agent has a delete_user tool. There's no confirmation gate. A crafted user message triggers it on the wrong user_id with no human review.

    NOT

    Excessive agency.

We don't outsource the test.

The engineers who run the audit explain the findings. No account manager relay.

The attestation letter closes deals.

Enterprise procurement teams accept it. It answers the AI section of the security questionnaire.

Retest is included.

We don't charge separately to confirm you fixed what we found.

We cover what SAST scanners miss.

Automated scanners catch known CVEs. They don't catch inverted auth logic, cross-tenant RAG leakage, or an agent that will delete your database on a crafted input.

METHODOLOGY

Every finding maps to a published framework.

FrameworkWhat it coversTiers
OWASP LLM Top 10 (2025)Prompt injection, insecure output, training data poisoning, supply chain, sensitive data disclosure, excessive agency, model theftAll tiers
MITRE ATLASAI-specific adversarial tactics, threat modellingProduction + Deep
OWASP Agentic AG01–AG10Tool misuse, memory poisoning, identity spoofing, excessive permissions, observability bypassDeep only
NIST AI RMFGovern, Map, Measure, Manage — AI risk lifecycleDeep only
DPDP Act 2023Data Fiduciary obligations, consent, breach notification, right to erasureDeep only (India)
RBI FREE-AI7 Sutras, Annex V/VI templates, 4-phase rolloutDeep only (fintech)
ISO/IEC 42001AI management systemDeep only

The audit is the start, not the end.

Quick ScanVibe-to-Production

We found the holes. We can fix them and harden the full codebase to production standard. Scoped and priced after the audit.

Explore
Production AuditManaged AI Ops

You passed. Now stay passing as you keep shipping. Quarterly red team, continuous monitoring, on-demand engineering support.

Explore
Deep AuditAI & Data Compliance

Your DPDP gap register needs remediation and ongoing monitoring. We build the documentation layer and maintain it.

Explore

Answered in plain English.

  1. OWASP LLM Top 10 (2025), MITRE ATLAS, OWASP Agentic AG01–AG10, NIST AI RMF, plus DPDP Act 2023, RBI FREE-AI Annex V/VI, and ISO/IEC 42001 mapping on Deep Audit engagements.

BOOK A DISCOVERY CALL

30 minutes. No pitch.