Attack surface mapping
We identify which model you use, which tools and data the agent can touch, and who can talk to it.
We put your LLM or your agents through controlled attacks —prompt injection, jailbreak, data leakage, tool manipulation— before someone with worse intentions does. That way you know where your system fails and in what order it makes sense to fix it.
A chatbot or an agent wired into your data and your tools doesn't break the way a traditional application does. It breaks with language: a user tells it to "ignore the previous instructions", makes it believe it is a different system, or walks it step by step until it gives up information it shouldn't. An infrastructure pentest won't catch these failures because it isn't looking in the right place. Our red teaming attacks exactly there: direct and indirect prompt injection (through a document, a web page or an email), jailbreak, extraction of context or training data, and manipulation of agents into performing unauthorised actions on your connected systems.
This has stopped being merely technical prudence. Regulation (EU) 2024/1689 on Artificial Intelligence (the AI Act) requires providers of general-purpose models with systemic risk to perform and document adversarial testing of the model in order to identify and mitigate systemic risks (Article 55(1)(a)). It also requires high-risk systems to be resilient against attempts by unauthorised third parties to alter their use, outputs or performance by exploiting vulnerabilities, with measures against "data poisoning", "model poisoning", "adversarial examples" and confidentiality attacks (Article 15, on accuracy, robustness and cybersecurity, paragraph 5).
The General-Purpose AI Code of Practice, driven by the European AI Office, turns that adversarial evaluation into red-teaming exercises before deployment, at every significant update and on a periodic basis.
We work in four steps. First, we map the real attack surface: which model you use, which tools and data the agent can touch, and who can talk to it (end user, external document, another system). Second, we run tests aimed at that surface —not a generic battery— and document every attempt, successful or not, with reproducible evidence. Third, we deliver a report with findings prioritised by severity and real impact on your business, not just by abstract technical severity. Fourth, we support the remediation of what matters most and, where appropriate, we re-run the tests that were left open.
This service does not replace a legal compliance consultancy and certifies nothing: it is the laboratory part, the one that produces real technical evidence of how your system behaves under attack. We help reduce the risk of an incident —a data leak, an unauthorised action by an agent, reputational damage from a viral jailbreak— and we give you something tangible to show if anyone asks how you assess the security of your AI.
We identify which model you use, which tools and data the agent can touch, and who can talk to it.
We run the attacks aimed at that specific surface —not a generic battery— and document every attempt with reproducible evidence.
We deliver the findings ranked by severity and real impact on your business, not just abstract technical severity.
We support the fix of what matters most and re-run the tests that were left open.
The operational detail: what we deliver as part of the work and what we keep alive afterwards.
Attack surface map
Inventory of the model, tools, data and entry channels of the system being assessed.
Prompt injection testing
Direct and indirect attacks —via document, web page or email— to force unintended behaviour.
Jailbreak and conversational manipulation testing
Attempts to bypass the system's established instructions or limits.
Data extraction testing
Checking whether the system leaks context, training or other users' data.
Agent manipulation testing
Verification of whether the agent can be induced to perform unauthorised actions on connected systems.
Technical evidence report
Reproducible document with every attempt, its outcome and assigned severity, useful as adversarial-evaluation evidence.
No. We help you generate the technical adversarial-evaluation evidence the Regulation asks for in certain systems, but full regulatory compliance includes governance and documentation pieces that a red teaming exercise alone does not cover.
It depends on what you build on top. If you use the interface as-is, much of the risk is handled by the provider. If you connect the model to your data, your emails or your systems through your own agent, that new layer is what needs auditing.
A pentest attacks infrastructure, networks and applications. AI red teaming attacks the model itself and its reasoning: instructions hidden in a document, conversational manipulation, context extraction or abuse of the tools the agent is allowed to run.
Before putting an agent or chatbot with access to sensitive data or tools into production, after any significant change of model or permissions, and periodically if the system keeps evolving.
We prioritise it immediately, explain the real business impact and support you through the fix. We don't halt the project: the goal is to reduce risk with the system running, not to block it.