No. This is an advisory assessment of your own approved systems, configurations, workflows, and agent usage. It is not unauthorized testing or exploit development.

Often a read-only or scoped, temporary view is enough — and frequently we can work from configs and a walkthrough. Access is handled case-by-case and you control removal.

Claude Code, OpenAI Codex, Cursor, GitHub Copilot agents, local agents, MCP servers, RAG/chatbots, and custom internal AI workflows.

We focus on configuration, workflow, and access review. We do not run intrusive tests against production unless you explicitly scope and authorize it.

A Starter Assessment is typically a few days; a Team Assessment usually runs one to two weeks depending on the size of your agent footprint.

We store the contact details you submit so we can follow up. Please do not send secrets, credentials, or sensitive code through forms or email. Reports can be deleted on request.

Yes. The Secure Setup engagement is done-for-you implementation: sandboxing, permission baselines, logging, and kill-switch patterns.

No. Any team connecting AI to Slack, email, docs, GitHub, databases, or customer data has agent-security exposure worth reviewing.

MCP (Model Context Protocol) servers give agents tools and data. Each connected server is part of your supply chain — its provenance, permissions, and tool descriptions all affect what an agent can be tricked into doing.

You get a prioritized remediation plan and a review call. From there you can implement fixes yourself, engage us for Secure Setup, or join the scanner waitlist for ongoing monitoring.