Trust in an AI security engagement is not a promise — it is a set of concrete controls you can inspect before anyone touches your systems. This page describes exactly how we handle access, your code, and your data, what we put in writing first, and the work we will refuse. If any of it does not fit your constraints, tell us before scope is signed and we will adjust it or decline the engagement.
Access
We default to the least access that can still produce a real finding.
- Staging over production. We test against staging or an isolated test environment, not your live system. Production access is a documented exception, not the starting point, and it is agreed in writing before it happens.
- Least privilege. We ask for the narrowest set of credentials and scopes the work requires — read-only where read-only is enough, a single service account rather than shared admin.
- Time-boxed credentials. Access is granted for the engagement window and revoked at the end. We prefer credentials you can rotate and expire on your own schedule.
- Isolated environments. Where the test could affect other tenants, other users, or shared data, we run it in an environment isolated from all of them.
- Written scope before anything runs. No system is touched before the scope, the environments, and the rules of engagement are written down and signed. If a target is not named in scope, we do not test it.
Your data
Minimal handling is the rule, not an aspiration.
- No client code or data in third-party AI tools without written approval. We do not paste your source, prompts, or data into external AI services by default. Any tooling that would is named in the statement of work and used only within the bounds you approve.
- Minimal data handling. We collect and retain only what a finding requires as evidence. We do not pull down full datasets when a representative sample proves the issue.
- NDA before scope. A mutual NDA is in place before we discuss anything specific about your systems.
- DPA where personal data is in play. When the work involves personal data, a mutual data processing agreement governs how it is handled, stored, and deleted.
Evidence and reporting
Every finding carries reproducible evidence — request traces, exact inputs, and the steps to reproduce, not a screenshot of a vibe. Findings are mapped to the frameworks your reviewers already recognize (OWASP LLM Top 10, the OWASP Agentic Security Initiative work, MITRE ATLAS, NIST AI RMF) so they translate cleanly. Reports are written to be handed directly to your buyer’s or your own security team: severity, impact, reproduction, and a concrete remediation for each item. See a redacted example in the sample assessment report, and how findings are produced in the methodology.
The paper
We keep the paperwork boring and clear on purpose.
- NDA-first, before any detail of your systems is shared.
- A clear SOW with fixed scope — the targets, the environments, the rules of engagement, and the deliverables named up front, so there are no surprises about what we will and will not do.
- Insured. We carry professional liability cover appropriate to security consulting work.
Responsible disclosure
If our testing surfaces something that affects a third party — a vendor, an upstream model provider, an open-source dependency — we practice coordinated disclosure. We report it responsibly to the affected party and give them reasonable time to remediate before anything is made public, and we keep you informed throughout.
What we will not do
Some lines we do not cross, because crossing them would make the work dishonest or unsafe:
- We will not test systems we lack authorization for. No target outside the signed scope, ever.
- We will not certify that your AI is “safe.” We reduce risk and prove exactly what we tested. No one can honestly sell a certificate that an AI system is safe, and we will not pretend otherwise.
- We will not audit our own build for the same client. If we built it under Build and Run, the assurance sign-off belongs to independent eyes — ours reviewing ours is not an independent review.
If you want to see how this maps onto a specific engagement, tell us your constraints and we will describe exactly how we would scope it — or read more about who we are.