AI testing
Security testing
for the AI era
AI is changing how applications are built, integrated, and operated. It is also changing the attack surface, and the tools and techniques required to test it thoroughly.
We have been tracking and testing AI-related risks from the start, and we know what to look for.
Where AI meets
your attack surface
There are many ways AI can be involved in your organisation, and each introduces a different risk profile, and each warrants a different testing approach.
Wherever AI touches your stack, we can help you understand what that means for your security posture and how to address it.
AI-integrated applications
Security testing of applications that incorporate AI features, model calls, or inference pipelines, with a focus on the attack surface those integrations introduce
INCLUDES
- Prompt injection and indirect prompt injection
- Insecure output handling and content injection
- Training data and system prompt exposure
- Model abuse and resource exhaustion
- Trust boundary failures at AI integration points
- Integrated into standards-based or Essentials testing engagements
Agent architecture review
A structured review of your agentic system design, assessing trust relationships, privilege boundaries, and the risk profile of agent-to-agent and agent-to-tool interactions
INCLUDES
- Orchestrator and sub-agent trust model assessment
- Tool access and permission boundary review
- Memory persistence and context leakage risks
- Chain-of-thought and instruction hierarchy vulnerabilities
- MCP server and tool-call trust review
- Alignment with current AI security best practice
- Delivered as a consulting engagement with written findings
Data and RAG pipeline review
Security review of the data layer in your AI stack: RAG pipelines, vector stores, embeddings, memory, and the flow of sensitive and personal information through prompts and outputs
INCLUDES
- RAG architecture and retrieval boundary review
- Vector store isolation and multi-tenant separation
- Sensitive and personal data leakage through prompts, outputs, and embeddings
- Memory and context persistence risks
- Suitable as a standalone review or paired with application pen testing
AI-generated code
Penetration testing of applications where AI tooling has contributed meaningfully to the codebase, with test cases shaped by known patterns of weakness in AI-generated code
INCLUDES
- Authorisation logic and access control flaws common in generated code
- Input validation gaps and insecure defaults
- Security-relevant logic errors that appear structurally correct
- Repeated patterns introduced across the codebase by model behaviour
- Available as a standalone engagement or as part of a broader pen test
Automated tooling review
An independent expert assessment of your existing automated security tooling outputs, focused on separating real risk from noise and identifying coverage gaps
INCLUDES
- Triage and validation of SAST, DAST, and AI-assisted review findings
- Identification of false positives and de-prioritisation of low-signal findings
- Assessment of vulnerability classes your tooling is unlikely to surface
- Clear guidance on what warrants remediation and in what order
- Suitable as a one-off review or periodic quality assurance exercise
Aligned with current
AI security guidance
We design our engagements to address current AI security frameworks and regulations
Industry guidance
OWASP, MITRE
We reference the OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, and MITRE ATLAS
Regulatory compliance
Privacy laws
We draw on the NZ Privacy Act 2020, Australian Privacy Principles, ASIC and APRA expectations on AI risk
Government guidance
NCSC, ASD
We reference the National AI Centre’s Guidance for AI Adoption, and joint ASD-NCSC guidance on AI and agentic AI services
Framework compliance
ISO 27001, SOC 2, PCI DSS
Our engagements are ideal for satisfying the requirements of compliance audits for organisations with AI assets
AI testing
AI is moving fast, and so is the threat landscape around it
Talk to us about what you are building and we will tell you honestly what needs to be tested and how
