These are the field guides we use ourselves — the checklists, failure-mode tables, and runnable test plans behind our assessments, written down so your team can run them without us. They are free and ungated. If they save you a finding, they did their job; if you want the same discipline applied to your actual system, that is what our assessment is. Each guide leans on named frameworks — OWASP LLM Top 10, the OWASP Agentic Security Initiative, MITRE ATLAS, NIST AI RMF — so you can trace every recommendation to a source, not a vibe.
The guides, by pillar
Readiness
AI Production Readiness Checklist — the gate between “works in the demo” and “ready to put in front of users and an enterprise buyer.” A concrete pass/fail checklist covering trust boundaries, input handling, output constraints, logging, and rollback.
Red-teaming
LLM Red Teaming — how to attack your own model before someone else does. Test plans mapped to the OWASP LLM Top 10, with reproducible request traces so a finding survives the “can you show me?” question.
RAG
RAG Security — where retrieval pipelines leak. Covers indirect prompt injection through retrieved documents (LLM01), sensitive information disclosure (LLM02), and the access-control gaps that let one tenant read another’s context.
Agents
AI Agent Security — tool-calling agents fail differently than chatbots. Grounded in the OWASP Agentic Security Initiative and MITRE ATLAS: excessive agency, unsafe tool invocation, and how to bound what an agent can actually do.
Injection
Prompt Injection Testing — a hands-on plan for LLM01, direct and indirect. Payloads, expected-vs-actual behavior, and how to tell a real bypass from a model that just sounded compliant.
Evals
LLM Evals — you cannot prove a fix held without a test that fails first. How to build an eval set that catches regressions, measures what you actually shipped, and turns “it feels better” into evidence.
How the guides relate to our services
The guides are the discipline; the services are us running it against your system under a deadline. An AI Product Readiness Assessment is Phixe executing the red-teaming, RAG, agent, injection, and eval work above on your real code, then handing you findings with reproducible evidence. Prototype-to-Production Hardening takes a working prototype — often AI-built — and closes the gaps these checklists expose. AI SaaS Build and Run folds the same testing into continuous assurance so it does not rot after launch.
Read how we work in the methodology, or see the shape of what we deliver in our work.