PHIXE AI Assurance Book a call
GUIDE

AI Security Field Guides for Teams Shipping AI

The checklists, failure-mode tables, and test plans Phixe uses to find where AI systems break — written for founder-CTOs. Free, no gate.

3 min read OWASP LLM Top 10LLM red teamingRAG securityAI agentsprompt injectionLLM evals

These are the field guides we use ourselves — the checklists, failure-mode tables, and runnable test plans behind our assessments, written down so your team can run them without us. They are free and ungated. If they save you a finding, they did their job; if you want the same discipline applied to your actual system, that is what our assessment is. Each guide leans on named frameworks — OWASP LLM Top 10, the OWASP Agentic Security Initiative, MITRE ATLAS, NIST AI RMF — so you can trace every recommendation to a source, not a vibe.

The guides, by pillar

Readiness

AI Production Readiness Checklist — the gate between “works in the demo” and “ready to put in front of users and an enterprise buyer.” A concrete pass/fail checklist covering trust boundaries, input handling, output constraints, logging, and rollback.

Red-teaming

LLM Red Teaming — how to attack your own model before someone else does. Test plans mapped to the OWASP LLM Top 10, with reproducible request traces so a finding survives the “can you show me?” question.

RAG

RAG Security — where retrieval pipelines leak. Covers indirect prompt injection through retrieved documents (LLM01), sensitive information disclosure (LLM02), and the access-control gaps that let one tenant read another’s context.

Agents

AI Agent Security — tool-calling agents fail differently than chatbots. Grounded in the OWASP Agentic Security Initiative and MITRE ATLAS: excessive agency, unsafe tool invocation, and how to bound what an agent can actually do.

Injection

Prompt Injection Testing — a hands-on plan for LLM01, direct and indirect. Payloads, expected-vs-actual behavior, and how to tell a real bypass from a model that just sounded compliant.

Evals

LLM Evals — you cannot prove a fix held without a test that fails first. How to build an eval set that catches regressions, measures what you actually shipped, and turns “it feels better” into evidence.

How the guides relate to our services

The guides are the discipline; the services are us running it against your system under a deadline. An AI Product Readiness Assessment is Phixe executing the red-teaming, RAG, agent, injection, and eval work above on your real code, then handing you findings with reproducible evidence. Prototype-to-Production Hardening takes a working prototype — often AI-built — and closes the gaps these checklists expose. AI SaaS Build and Run folds the same testing into continuous assurance so it does not rot after launch.

Read how we work in the methodology, or see the shape of what we deliver in our work.

There's a security review between you and your next deal.

Talk to us about an assessment