Prompt injection
Direct and indirect (second-order) injection via repos, PRs, docs, tickets, and web content the agent reads. We map where untrusted input reaches a decision.
AI-agent security · assessments & hardening
Secure your AI agents before they become your attack surface.
AI coding agents, MCP servers, RAG bots, and autonomous workflows can read files, call tools, reach credentials, and act on untrusted content. We assess and harden these systems before they expose source code, secrets, customer data, or production.
Built for teams using Claude Code, Codex, Cursor, GitHub Copilot agents, MCP servers, RAG systems, and internal AI automation.
The shift
AI agents changed the security model.
Traditional apps wait for user input. AI agents read, decide, call tools, write files, run commands, remember context, and communicate externally. That means a malicious repo, PR, PDF, web page, support ticket, MCP server, or memory entry can become part of the execution path.
- Prompt injection can turn into tool abuse
- MCP servers can become a supply-chain risk
- Repo files can poison agent behavior
- Memory can persist bad instructions
- Secrets can leak through over-broad access
- Long-running agents need logs and kill switches
Coverage
What we assess
Tool abuse & excessive agency
What an agent can actually do once influenced — shell, deploys, writes, network calls. We scope agency down to what each workflow needs (OWASP LLM06).
MCP configuration
Your .mcp.json and connected servers are a supply chain. We review server provenance, tool descriptions (treated as untrusted), and pinning.
Repo & instruction poisoning
CLAUDE.md, AGENTS.md, .cursorrules, hooks, and skill files steer agents. We check how poisoned instructions could redirect behavior.
Secret & credential exposure
The lethal trifecta — private data + untrusted content + an exfiltration path. We find where all three meet and break the chain.
Memory safety
Persistent memory can carry bad instructions across sessions. We review what is stored, for how long, and with what source attribution.
Sandboxing & isolation
Containers, devcontainers, VMs, and default-deny egress with allowlisting. We assess how well untrusted work is contained from privileged context.
Approval boundaries
Risk-tiered, informed human-in-the-loop for shell, egress, deployment, and off-repo writes — without approval fatigue that defeats the point.
Logging & auditability
Whether tool calls and approvals are logged (with secrets redacted) so you can answer "what did the agent actually do?" after the fact.
Incident readiness
Kill switches and independent budget/time/action caps for long-running agents, plus a tested path to stop and roll back a bad run.
The engagement
AI Agent Security Readiness Assessment
We map your AI-agent workflows, identify risky access paths, and deliver a prioritized hardening plan your team can actually implement.
- 01
Map your AI-agent workflows
Inventory the agents, tools, MCP servers, and data each one can reach.
- 02
Identify high-risk access paths
Trace where untrusted content meets private data and an exit path.
- 03
Deliver a prioritized hardening plan
Rank fixes by blast-radius reduction, with concrete configuration guidance.
What you receive
- AI-agent asset inventory
- Risk scoring
- MCP / config review
- Permission & secret-exposure review
- Sandboxing recommendations
- Approval-boundary recommendations
- Prioritized remediation plan
- 30–60 minute review call
Engagements
Engagements
Scoped to how far along your agent adoption is. Pricing is quoted per engagement after a short discovery call — no two agent stacks are alike.
Starter Assessment
Small teams exploring agent security.
Contact for quote
- Intake questionnaire
- 30-minute call
- High-level risk report
- Recommended next steps
Most popular
Team Assessment
Teams actively using coding agents or MCP servers.
Contact for quote
- Repo / config review
- MCP / config review
- Workflow mapping & risk scoring
- Detailed report + 60-minute review call
Secure Setup
Teams that want implementation help.
Contact for quote
- Sandbox / devcontainer setup
- Permission policy baseline
- Logging & kill-switch pattern
- Team usage guide + follow-up support
Prefer to talk first? Book a discovery call.
Coming soon: continuous AI-agent config scanning.
Join the waitlist for automated scanning of MCP configs, agent instruction files, hooks, permissions, workflow files, hidden prompt-injection patterns, risky environment variables, and unsafe agent runtime settings.
Questions
FAQ
Is this a penetration test?
No. This is an advisory assessment of your own approved systems, configurations, workflows, and agent usage. It is not unauthorized testing or exploit development.
Do you need access to our code?
Often a read-only or scoped, temporary view is enough — and frequently we can work from configs and a walkthrough. Access is handled case-by-case and you control removal.
What tools do you support?
Claude Code, OpenAI Codex, Cursor, GitHub Copilot agents, local agents, MCP servers, RAG/chatbots, and custom internal AI workflows.
Do you test production systems?
We focus on configuration, workflow, and access review. We do not run intrusive tests against production unless you explicitly scope and authorize it.
How long does an assessment take?
A Starter Assessment is typically a few days; a Team Assessment usually runs one to two weeks depending on the size of your agent footprint.
Do you store customer data?
We store the contact details you submit so we can follow up. Please do not send secrets, credentials, or sensitive code through forms or email. Reports can be deleted on request.
Can you help us implement fixes?
Yes. The Secure Setup engagement is done-for-you implementation: sandboxing, permission baselines, logging, and kill-switch patterns.
Is this only for software companies?
No. Any team connecting AI to Slack, email, docs, GitHub, databases, or customer data has agent-security exposure worth reviewing.
What is MCP security?
MCP (Model Context Protocol) servers give agents tools and data. Each connected server is part of your supply chain — its provenance, permissions, and tool descriptions all affect what an agent can be tricked into doing.
What happens after the assessment?
You get a prioritized remediation plan and a review call. From there you can implement fixes yourself, engage us for Secure Setup, or join the scanner waitlist for ongoing monitoring.
Find out what your agents can actually reach.
Start with an assessment, or book a 30-minute discovery call to talk through your setup. No code or secrets required to get started.