Yes. We test your application layer, prompts, retrieval, tools, and agents around those providers, and we respect their rate limits and terms.

We prefer a staging or sandbox environment. Production testing is possible with written rules of engagement, allow-listed IPs, and non-destructive methods.

Test accounts, test data, API endpoints, and any documentation on prompts, tools, RAG, and agents. Optional but helpful: read-only code or config access, and a diagram of your architecture.

Typical scope is 2 - 4 weeks depending on complexity: number of apps, tools, data sources, tenants, and whether code access is provided.

• AI & LLM pentest report with impact and clear repro steps

• Threat model tailored to your system

• Completed checklists: OWASP LLM Top 10, WSTG, MASTG

• Evidence: prompts, payloads, transcripts, and screenshots

• Retest results and, when Critical/High issues are fixed, a Letter of Attestation

Yes. We retest once after you implement fixes to confirm closure of Critical and High issues.

We minimize test data, use sanitized artifacts, and delete on request under an agreed policy. If regulated data is involved, we align with your controls.

Yes, in addition to manual testing and optional code review. We run autonomous pentest agents (e.g., CAI) under strict boundaries to extend coverage without risking unsafe actions.

Only with explicit consent and agreed rate limits. Many clients choose to exclude it; when included, we run it safely and document the approach.

We validate metadata and namespace isolation, attempt cross-tenant retrieval under controlled conditions, and verify application-layer filters.

By scope and complexity: number of applications, tools, connectors, tenants, and environments; whether code review is included; and any optional modules (e.g., model extraction).

Yes. We align on rules of engagement up front, provide regular updates, and map results to your internal processes to speed remediation.