AI & LLM penetration testing.
We test LLM applications, agents, and RAG pipelines the way attackers do — manually, against your real deployment, not a checklist.
We secure the Czech tech companies that made it globally.
AI & LLM penetration testing
AI and LLM are advancing fast — and with them, new avenues of attack. An LLM wired into your product exposes what your existing web and network testing never covered: the prompts a user can reach, the tools the model can call, and the data it can retrieve on their behalf. That layer has to be tested in its own right — by hand, against your real deployment, because no checklist keeps up with an attacker's creativity. Findings are scored to CVSSv3, with concrete remediation guidance.
What we test
Prompt injection & jailbreaks
Direct and indirect injection through user input, retrieved documents, and tool outputs; system-prompt extraction; guardrail bypass.
Data exfiltration
Leakage of training data, system prompts, other users' context, and RAG source documents across trust boundaries.
Tool & agent abuse
Escalation through function calling: SSRF via fetch tools, unauthorized actions, and privilege boundaries between the model and your APIs.
RAG pipeline security
Poisoning of ingested content, access-control gaps between the vector store and your authorization model, and cross-tenant retrieval.
The application and infrastructure beneath the AI
The APIs, auth, and infrastructure your AI feature sits on. An LLM finding is usually just an entry point — the real impact tends to surface in the layer beneath it.
How we test
Our testing follows the OWASP Top 10 for LLM Applications, and the web application your users reach the model through is covered by our standard methodology (OWASP OTG / ASVS). Senior specialists test by hand against a UAT or production-like environment, because automated scanners simply don't find indirect prompt injection. We prefer to work grey-box: we start with an architecture walkthrough to understand how the system is wired together, then move on to adversarial testing of the deployed system itself.
What you get
A report with findings ranked by severity (CVSSv3), reproduction steps, and remediation guidance your engineers can act on — spanning the prompt, pipeline, and infrastructure levels. Once your team has applied the changes, a retest of those findings is included.
Every test is run by certified senior specialists — no junior hands learning on your systems.
Want to see what our report looks like? We'll send you a sample.
Pricing
Scoped by the number of AI entry points and the tools exposed to the model — typically 5–10 tester-days. We'll confirm scope and price on a short call.
Frequently asked, always answered.
Do you test the model or the application?
The application and its integration. Model-weight attacks (extraction, membership inference) are in scope on request, but most real-world risk lives in how the model is wired into your product.
Which stacks?
OpenAI / Anthropic / Azure APIs, self-hosted models (vLLM, Ollama), LangChain / LlamaIndex-style pipelines, and custom agents.
How long does it take?
Typically 5–10 tester-days depending on the number of AI entry points and the tools exposed to the model.
Let's talk it through.
Tell us what you need tested — we'll set up a no-obligation call and propose a scope.
Book a free consultation ›