PHIXE AI Assurance Book an assessment
AI security · evaluation · production engineering

Your AI works in the demo. We find where it breaks first.

Phixe is an independent AI assurance team. We red-team your AI, evaluate it, and harden it for production — then, if you want, we make it production-real. We ship production AI every day. That's exactly why we know where yours fails.

phixe · assessment — sample findings
01

Why buyers started asking who checked yours

AI shipped faster than anyone could test it. These are the numbers behind the question in your enterprise deal's security review.

CRITICALAI-generated code routinely fails basic security tests — logical flaws that pass code review and only surface under adversarial conditions.industry research · 2026
CRITICALAudited AI-built apps keep shipping with row-level security disabled — customer data one query away.published app audits · 2026
HIGHEnterprise procurement now ships mandatory AI-security questionnaires. No independent evidence, no signature.2026 procurement flows
HIGHCyber-insurers now ask for red-team records on AI-facing systems at underwriting.underwriting requirements
REGULATORYEU AI Act — GPAI enforcement began Aug 2, 2026. Selling into Europe means evidence, not intentions.artificialintelligenceact.eu
02

Three ways in. One direction.

Start where it hurts. Most teams enter with an assessment — and the report becomes the plan for everything after it.

01 · ASSESS

Find what breaks

A fixed-scope assessment measured in days, not months — because your deal has a date on it.

  • AI red-team: prompt injection, jailbreaks, data leakage, tool-use abuse
  • Evaluation suite: correctness, hallucination, regression baseline
  • Production-readiness audit: auth, tenancy, infra, monitoring
  • Mapped to OWASP LLM Top 10 & MITRE ATLAS
You leave with an evidence-backed report your buyer's security team accepts. Details →
02 · PRODUCTIONIZE

Make it real

Take a working prototype or MVP — often AI-built — to fully production-grade.

  • Security hardening & failure testing
  • Test coverage, evaluation harness, CI
  • Infrastructure, monitoring, performance, error handling
  • Handover documentation your next engineer can run
For products that work in the demo — and aren't ready for real customers yet. Details →
03 · BUILD & RUN

Build it right

Full SaaS and AI products, end to end — then kept sharp as models and threats move.

  • Product engineering from spec to shipped
  • Continuous evaluation & monitoring
  • Scheduled re-assessment as the threat surface shifts
  • Your stack, your repo, your ownership — always
Proof: production systems shipped for paying clients across payments, data, and real users. Details →
03

Shipped, not claimed

Real systems carrying auth, payments, tenant data, and AI — each badged exactly as it runs today. Client engagements are anonymized — details and references available under NDA. Full case studies →

● LIVE IN PRODUCTION

Subscription investment-analytics platform

Client build. A consumer fintech product graduated from prototype to a revenue-capable production SaaS: bilingual analytics, an AI analyst on a multi-model LLM pipeline with task-aware routing and per-user AI cost budgets, and end-to-end subscription billing on self-hosted AWS.

Then we assessed our own build: a written threat model, a 36-finding security audit — every finding remediated. Secrets encrypted at rest, fail-closed. Payments idempotent, token-scrubbed, server-verified. Daily backups that alert when they fail.

Next.jsTypeScriptPostgres · 64 modelsRedisAWS BedrockDocker → ECR → EC28 CI/CD pipelines
WHAT THIS PROVESWe design, ship, secure, and operate real AI-enabled production systems — and we red-team what we run.
● LIVE IN PRODUCTION

Field-first procurement & profitability platform

Client build — construction contracting. The prototype we inherited was ~30% built with no authentication, publicly reachable routes, unprotected mutations, and credentials in source. Not shippable.

We took it live as a hardened multi-tenant SaaS: an auth boundary that strips forged identity headers, role-gated mutations (6 roles), 6 P0 cross-tenant holes closed and locked in with 17 regression tests, a reversible feature-flagged tenant migration, a productionized OCR document-intake pipeline, and an offline-capable PWA for the field.

Next.jsPrisma · PostgresFirebase AuthS3Cloud Vision OCRVercelTerraform / ECS
WHAT THIS PROVESThe Productionize offer, delivered: insecure prototype in, hardened production SaaS out — with the audit trail to show it.
● BACKEND LIVEiOS BETAOUR OWN PRODUCT · FABEN

faben — an AI decision engine we run ourselves

A travel-decision app whose core is a conversational AI agent — intent extraction, elimination, ranking — on a provider-abstracted LLM layer (Anthropic ↔ AWS Bedrock), an evidence-first RAG research pipeline, and semantic search over pgvector.

Around it: a full AI evaluation & release-certification platform — live benchmarks, model comparison, drift and judge-calibration gates, replay tests, and release gates where a FAIL is never waived. Per-user and global LLM cost budgets. 1,400+ backend tests.

TypeScript · HonoZod / OpenAPIPostgres + pgvectorAnthropic + BedrockSwiftUI iOSVercel + Neon
WHAT THIS PROVESWe run our own AI product under the same assurance rigor we sell — evals, gates, and cost control in code, not slides.
● PROTOTYPE + BUILD PLAN

Multi-tenant building-management SaaS

Client build — property services. To displace an entrenched incumbent, the client needed to see and trust the product before committing to a full build.

We shipped a high-fidelity clickable product in days, not weeks — dashboard, collections, ticketing, resident communications — with the full production architecture scoped before a line of production code: multi-tenant Postgres with row-level security, per-customer subdomains with wildcard TLS, idempotent verified payment webhooks with daily reconciliation, official-API-only messaging.

Next.js · ReactTailwinddesigned: Postgres RLSdesigned: verified webhooksWhatsApp Cloud API
WHAT THIS PROVESWe scope the hard production concerns — tenancy, money, compliance — up front, and prototype at production fidelity, fast.

Client names are shared only with the client's written permission. Every claim above is verifiable under NDA.

04

We build. And we break.

Pure consultants can't build the fix. Product vendors won't do bespoke. The edge is doing both — credibly. Full methodology →

THE BUILDERS

We ship production SaaS and AI systems for paying clients — payments, monitoring, real users, real uptime — agent-driven, Claude & Codex native. When our report says "fix this," we know the fix compiles, deploys, and holds. That's the difference between a finding and a lecture.

THE BREAKERS

We red-team AI the way an attacker actually approaches it: injection chains through tool calls, tenancy bleed through RAG, evals that catch what code review can't. Findings map to OWASP LLM Top 10 and MITRE ATLAS — written so your CTO and your buyer's security team both accept them.

The independence rule. We never issue an "independent" verdict on something we built for the same client. Build for one, assess for another. If we harden your product, a third party re-verifies it. That rule is exactly why our reports are worth signing against.
OWASP LLM Top 10 OWASP Agentic Top 10 MITRE ATLAS NIST AI RMF prompt injection & jailbreaks tool-call abuse RAG poisoning & tenancy bleed data leakage auth & multi-tenancy evaluation harnesses monitoring & drift retest after fixes
05

Ten working days, scope to report

Tight scope, fast clock — the assessment is built to move at the speed of your deal.

DAY 0

Scope

60-minute technical call. System map, threat model, access setup. NDA first, always.

DAYS 1–6

Test

Red-team & evals against your staging environment. You see findings as they land — not at the end.

DAYS 7–9

Report

Evidence-backed findings, severity-ranked, with a concrete fix plan your team can run — or we can.

DAY 10

Walkthrough

Findings review with your team. One retest pass after fixes is part of the engagement.

06

We publish how AI breaks

Public red-team write-ups on authorized targets — real attack chains, real fixes, mapped to the frameworks your security team already reads. The first is in the works now. Research →

NEXT WRITE-UP · IN PROGRESS

Red-teaming a production AI system — where it broke first

An authorized, end-to-end assessment of a live AI workflow: injection chains, tool-call abuse, RAG tenancy, and the fixes that held — mapped to OWASP LLM Top 10. Published here when it lands.

Get it when it lands →
07

How your code and data are handled

You're hiring a security assessor. Our own posture is the first thing we prove. Full trust practices →

ACCESS

Staging over production. Least privilege, time-boxed credentials, revoked at engagement end. Testing runs from isolated environments; nothing leaves your infrastructure without written scope.

EVIDENCE

Every finding carries reproducible evidence — request traces, not screenshots of a vibe. Reports are written to be handed to your enterprise buyer's security team as-is.

PAPER

NDA before scope. Mutual DPA wherever personal data is in play. Insured. A clear statement of work with fixed scope — no meter running, no surprises.

08

The company behind the reports

Phixe is an independent, engineer-owned AI assurance & production engineering company — founded 2026, built on years of shipping and securing production systems for paying clients. About the company →

WHO DOES THE WORK

A small senior team by design — no junior bench, no outsourced assessment layer. The engineers who test your system are the engineers who sign the report, and the ones on the call.

HOW WE ENGAGE

Few engagements at a time, one technical point of contact, fixed scope. The same firm can assess, harden, and build — governed by the independence rule above: we never audit our own build for the same client.

WHO WE WORK WITH

Founder-CTOs of AI-native startups — seed to Series B — and product teams whose AI feature has to survive its first enterprise security review. If you sell AI to businesses, you're who we built this for.

THINKING IN PUBLIC

Our research is the company résumé: authorized red-team write-ups, eval methodology, production teardowns. No logo walls — evidence.

Evidence over theater

Every finding reproduces from the report, or it doesn't ship. No screenshots of a vibe, no severity inflation to justify the invoice.

Production over demo

The bar is real customers, adversarial traffic, and the 3 a.m. failure — not the happy path a demo walks.

Honest limits

We reduce risk and prove exactly what we tested. We will never sell you a certificate that your AI is "safe" — no one can.

There's a security review between you and your next deal.

Send us your AI product. Within ten working days you'll know exactly what breaks, what passes, and what to fix — in a report your buyer will accept.

Prefer proof first? See what we've shipped and what we publish.