AI and LLM Penetration Testing
Testing the AI features you are putting in front of users, such as chatbots, copilots and RAG systems, for the new risks that large language models introduce.
What is an AI and LLM penetration test?
As businesses add AI features like chatbots, copilots and retrieval-augmented generation (RAG) systems, they introduce a new class of risk that traditional testing does not cover. An AI and LLM penetration test assesses these features the way an attacker would, looking for ways to manipulate the model, extract data it should not reveal, or abuse the actions it can take.
What we test
- Prompt injection and jailbreaks: getting the model to ignore its instructions, reveal its system prompt, or behave outside its intended guardrails.
- Data leakage: extracting sensitive data from connected databases, documents, logs or the model’s context.
- Authentication and access control: whether users can reach data or actions that should be restricted to others.
- Tool and plugin abuse: misusing the tools, plugins or functions the model can call to take unintended actions.
- Supply chain and configuration risks: insecure defaults, exposed keys, and weaknesses in the components around the model.
- Model endpoint security: how the underlying API and endpoints are exposed and protected.
- Poisoning vectors: whether training data, knowledge bases or retrieval sources can be tampered with.
- PII and compliance exposure: whether personal information is handled and stored appropriately.
Who needs an AI and LLM penetration test?
Any organisation deploying an AI assistant, copilot or RAG feature to staff or customers, particularly where it connects to internal data or can take actions on a user’s behalf.
What the process looks like
We start with a scoping conversation about the feature, the model and tools behind it, and the data it can reach. Testing combines manual techniques with tooling, and the report explains each issue in plain language with specific remediation guidance for your team.