Three automated capabilities — vulnerability discovery, penetration testing, and code audit. Finds what generic scanners miss in AI gateways, agents, and LLM applications.
What we do
Each capability targets a different attack surface — run independently or combined. All findings feed the same cryptographic evidence chain.
Corpus-driven fuzzing and probing across API surfaces, configuration boundaries, and trust edges. Finds privilege isolation failures, key exposure paths, and multi-tenant boundary violations that generic scanners don't model. Every finding generates an adversarial regression fixture automatically.
Continuous · adversarial fixtures · regression CI
An autonomous agent that explores your system's attack surface end-to-end — crafting adversarial inputs, chaining tool calls, and probing authorization boundaries the way a real attacker would. Delivers a signed findings report with reproduction steps and fixture tests.
Autonomous · end-to-end attack chains · signed report
A fine-tuned code-audit LLM that reviews implementation-level flaws: unsafe deserialization, unvalidated inputs, secret leakage into logs, and authorization logic errors — trained on AI system codebases and real-world gateway vulnerability patterns.
LoRA · Qwen2.5-Coder 7B–32B · NVD CVE + OWASP GenAI
Audit case study
LLM gateways are one of our proven audit targets. Multi-tenant key management, routing logic, and plugin surfaces create vulnerability classes that only AI-aware tooling reliably catches.
Privilege isolation failures — tenant A accessing tenant B's model keys or usage data.
Key exposure paths — provider API keys reachable via crafted requests or error responses.
Tool-call authorization bypass — skipping permission checks via prompt crafting or parameter manipulation.
Secrets in model context — credentials injected into retrieved context and returned in completions.
# Scan report excerpt target: ai-gateway:4000 corpus: v2.9 · 2,900 entries scanned: 2026-06-04T09:12:00Z FINDING [HIGH] CVE-class · Privilege Isolation Path: /key/generate · param: team_id Tenant A can generate keys scoped to Tenant B via unsanitized team_id in request body Fixture: fixtures/priv-isolation-001.json FINDING [MED] Key Exposure · Error Response Path: /chat/completions · malformed model Stack trace leaks provider API key prefix Fixture: fixtures/key-exposure-007.json Summary: 2 findings · 2 fixtures generated proof_hash sha256:7c3d2a… (Evidence-AIDR)
From findings to proof
Every finding is converted into a signed entry in the shared
audit.jsonl
protocol. Your security team gets a proof_hash
that any auditor can reproduce locally with the open-source verifier —
turning a "scan report" into an independently verifiable record.
Point our audit agent at your environment — gateway, agent, or codebase. We deliver a findings report with cryptographic evidence your team can verify offline.