OfferP_IA

Securing your AI systems before they go live.

An offer dedicated to applications using LLMs, agents or RAG systems. We test the model, the data sealing, the tool chain, and governance. Approach based on OWASP Top 10 LLM and MITRE ATLAS.

↳ Duration

5 to 15 days

↳ Format

Custom

↳ Target

Vendors · IT depts

↳ Methodology

OWASP LLM · MITRE ATLAS

Three axes

From the user prompt to the training pipeline.

Model security

Prompt injection tests, guardrail bypass, model-mediated exfiltration, targeted jailbreak.

↳Prompt injection (direct & indirect)
↳Jailbreak & guardrail bypass
↳Exfiltration via outputs
↳Targeted hallucination

Data & RAG

RAG sealing, leakage of private documents, index poisoning, source-level access control.

↳RAG sealing
↳Document leakage
↳Poisoning
↳Access control

Architecture & supply chain

Architecture audit (orchestrators, agents, MCP), supply-chain security — models, datasets, dependencies.

↳Orchestrators & agents
↳MCP / external tools
↳Models & weights
↳Datasets & licences

Process

A clear process, from scoping to debrief.

Scoping

Use-case mapping, models used, accessible data.

Kickoff

Alignment on scope, access, constraints.

Testing

Prompt injection, exfiltration, RAG audit, supply-chain.

Debrief

Technical report, action plan, AI Act / NIST alignment.

Next step

Audit your AI perimeter.

Scope a mission

↳ Also see

Technical audits

Configuration · architecture

Penetration testing

Web · Infra · Mobile · IoT