security · services · ai and llm security
06 / AI
The AI you're shipping can be attacked in ways your firewall never imagined.
Prompt injection, jailbreaks, data leakage through a model, an agent tricked into acting, these are real failures, and traditional security testing does not look for them. We do, drawing on a team that builds AI products as well as secures them.
WHAT THIS IS
AI introduces a new attack surface. Most security has not caught up.
An LLM does not fail like ordinary software. It can be talked into ignoring its instructions, leaking what it was trained on or given, or taking actions on behalf of an attacker. The input is language, and language is harder to lock down than a form field.
Securing AI takes people who understand how these systems actually work, not just how to scan a web app. We build with these models across the Nimblechapps group, which is exactly the perspective it takes to find where they break.
WHAT WE TEST
Where AI systems actually break.
Prompt injection & jailbreaks
Getting the model to ignore its instructions, bypass its guardrails, or do what it was explicitly told not to. The most common and most underestimated AI risk.
Data & model security
Leakage of training data, system prompts, or context, and the exposure of sensitive information through what the model says back.
AI application security
The system around the model, the APIs, the integrations, the data flows, where classic vulnerabilities meet AI-specific ones.
Agent & action safety
When an AI can take actions, the question becomes what an attacker can make it do. We test the boundaries of what your agents are allowed to act on.
WHAT YOU RECEIVE
A clear read on how your AI fails, and how to harden it.
Findings report
The specific ways we got your AI to misbehave, with the prompts and paths that did it, ranked by real-world impact.
Remediation guidance
Concrete defences for each issue, guardrails, input handling, scoping, written by people who build these systems, not theorise about them.
Risk context
What each finding actually means for your product and your users, so non-technical stakeholders understand the exposure.
A practical hardening path
How to make your AI more resistant without crippling what makes it useful, the balance most generic advice misses.
WHO THIS IS FOR
You probably need this if...
- You are shipping a product built on an LLM and have not had it tested for AI-specific attacks.
- Your AI can access data or take actions, and you need to know the boundaries hold.
- A customer or investor is asking how you secure your AI, and you want a real answer.
- You are building with AI faster than your security thinking has kept up, which is most teams right now.
COMMON QUESTIONS
Before you ask on the call.
Why can't a normal penetration test cover this?
A standard pen test looks for known vulnerability classes in conventional software. AI failures, prompt injection, model leakage, agent abuse, are a different category that standard testing does not probe. You need both, the conventional test and the AI-specific one.
Our model is from a big provider. Isn't it already safe?
The provider secures the model. How you prompt it, what data you give it, what you let it access, and what you let it do are yours, and that is where most AI risk lives. A capable model in a careless setup is still exposed.
This field is new. Why you?
Because we build with these systems, not just read about them. The same team ships AI products across our group, which is the perspective it takes to know where they break. We would rather be honest that this is an emerging field than pretend it is decades old, no one's is.
What do you need from us to test?
Access to the AI system in scope and an understanding of what it is meant to do and not do. We define the rules of engagement together, the same as any test.
Can you help fix what you find?
Yes. Because we build AI, we can implement the guardrails and the hardening, not just point at the gap.
START HERE
Find out how your AI can be turned against you.
One call. Tell us what you are building with AI, and we will scope the right test.