AI/LLM Security

We test AI systems so they can't be exploited, manipulated, or run amok

Our team has been testing the world's top AI and LLM platforms behind the scenes - giving us a deep understanding of this technology's security challenges that others are only beginning to face.

What we test

From models to plugins to infrastructure

We examine the entire product ecosystem - AI models, LLM programs, plugins, and supporting cloud infrastructure - through penetration testing, vulnerability assessments, and compliance reviews.

Prompt Injection

Direct injection, indirect manipulation, and cross-boundary prompt injection attacks that exploit how your LLM processes inputs.

Jailbreaking

Testing output security controls to prevent your product from sharing sensitive or prohibited information when manipulated.

Responsible AI

Evaluating AI behavior against responsible AI standards to ensure your product acts in a safe, trustworthy, and ethical way.

Security Controls

Finding design flaws, weaknesses, and lax guardrails through testing that puts your LLM through real-world stress scenarios.

Training Data

Auditing the data at the heart of your model to ensure it's sound, safe, and accurate.

Plugin Risks

Checking the integrity of your LLM against flawed or risky plugins and interactions between separate components.

Our approach

Black box, gray box, and white box testing

Our penetration testing incorporates the latest research - from universal jailbreaking techniques to gradient-based attacks - providing thorough analysis of LLM vulnerabilities. We continuously update our methods as new research emerges.

Black Box

Simulated real-world attacks with no internal knowledge. We probe and stress-test every element of the LLM from the attacker's perspective, including LLM-vs-LLM testing where we use other models to attack your product.

Gray Box

Working with your development team to understand system prompts and input integration. This enables us to identify hotspots for prompt injection and find vulnerabilities like resource overconsumption and unsafe credential handling.

White Box

Full access to model weights for deep analysis. We use techniques like Greedy Coordinate Gradient, GBDA, and HotFlip to test adversarial robustness at the most fundamental level.

Resources

Agentic AI Security & Responsible Deployment Guide

Our guide for engineering and security teams building autonomous AI systems. Covers architecture patterns, identity management, data security, guardrails, and infrastructure recommendations.

Read the full guide

How we work

Our process

Step 1

Scoping

We assess the attack surface and define security objectives for your specific needs. We identify the most important features for testing and present a detailed proposal with fixed pricing.

Step 2

Kickoff

We dive into the architecture and code with your team, develop a prioritized test plan, set up communication channels, and establish a weekly status meeting.

Step 3

Execution

Targeted code review, surgical runtime testing, and infrastructure analysis. We're looking for meaningful issues that matter to you.

Step 4

Reporting

Detailed findings on vulnerabilities including successful prompt engineering and jailbreaking, along with thematic and design issues, followed by an in-person or remote presentation.

Proof point

Microsoft chooses Casaba to test M365 Copilot

Since January 2024, Microsoft has selected Casaba to perform a multi-month security analysis of Copilot AI assistants across the M365 product suite. Our assessments covered AI/LLM security risks aligned with the OWASP Top Ten for LLMs.

Read the full report

Need your AI tested?

We've been doing this longer than most. Let's talk about what your system needs.

Get in touch