Your AI works in the demo. This assessment is where we find where it breaks first — under adversarial input, at the trust boundary, and in the parts of the stack a functional test never touches. It is the entry point to working with Phixe: a fixed-scope engagement that produces evidence a founder-CTO can hand straight to a customer’s security team.
Who it’s for
You are a founder or CTO at a funded startup with an AI product at its core, and something concrete is on the line — an enterprise deal contingent on a security review, a procurement questionnaire you can’t yet answer honestly, or a launch you don’t want to regret. Your AI feature works. What you don’t have is proof of how it behaves when someone tries to make it misbehave, and a ranked list of what to fix before that becomes someone else’s finding. That is exactly what this engagement delivers.
What we test
Three tracks run against your actual system, not a slide about it.
LLM red-team
We attack the model layer the way an adversary would: prompt injection, direct and indirect — including content pulled in from documents, tools, and retrieval; jailbreaks that bypass your system prompt and guardrails; sensitive data leakage across users and tenants; and tool or function abuse, where an agent can be steered into actions it should refuse. Every attempt is logged; every success is reproducible.
Evals baseline
Security is only half the readiness question. We establish a measured baseline for correctness, hallucination rate on your domain, and regression — so you can tell whether a prompt change or model upgrade quietly made things worse. You leave with an eval set tied to your use case, not a generic benchmark.
Production readiness
We audit the surface around the model: authentication and authorization on AI endpoints, tenant isolation, secrets and infrastructure exposure, rate and cost controls, logging, and whether you would even detect an incident in progress. An injection that leaks data matters more when nothing is watching.
What you get
- An evidence-backed report, severity-ranked, where each finding carries a reproducible trace — the request, the input, the output — not a screenshot of a vibe.
- A prioritized fix plan that says what to remediate first and why, written for the engineers who have to act on it.
- One retest pass after you fix, so the report closes with verified-resolved status instead of an open list.
- A live walkthrough with your team, to work through the findings and the reasoning behind each severity.
The process: 10 working days
Fixed scope, agreed before we start — no open-ended meter running.
- Day 0 — Scope. We agree the system boundary, the environment, the access we need, and what “in scope” means, in writing.
- Days 1-6 — Test. The red-team, evals, and production-readiness tracks run against the agreed target. Critical findings are flagged as we confirm them, not held to the end.
- Days 7-9 — Report. We write up every finding with evidence, severity, and remediation, and assemble the fix plan.
- Day 10 — Walkthrough. We walk your team through the report live and align on priorities. The one retest pass follows once you have shipped fixes.
Frameworks we map to
Findings are mapped to named, current standards so they translate directly into your customer’s security review:
- OWASP LLM Top 10 — for example LLM01 Prompt Injection and LLM02 Sensitive Information Disclosure.
- OWASP Agentic Security Initiative / Agentic Top 10 — for tool-using and multi-step agents.
- MITRE ATLAS — adversary tactics and techniques against AI systems.
- NIST AI RMF — to place findings in a governance framework a board or auditor recognizes.
See our methodology for how we run each track, and our work for the shape of engagements we take on.
The independence rule
We are independent on purpose. We reduce risk and prove exactly what we tested — and we will never sell you a certificate that your AI is “safe,” because no one can. The report states what we tested, what we found, and what we did not cover, so you can make your own call with real information. If the assessment surfaces work worth doing, we will tell you; you are never obligated to continue up the ladder.
Deepen your preparation with the LLM red-teaming guide and the AI production readiness checklist.