Service
AI Agent Security Review
I help AI startups and security teams identify risks in tool-calling agents, MCP tools, prompt-injection exposure, excessive permissions, data leakage, missing audit logs, and weak human-approval controls.
Who it's for
Who this is for
- AI startups shipping tool-calling agents into production.
- Security teams piloting AI agents on real telemetry.
- Platform teams exposing internal tools to agents via MCP or HTTP.
Problems
Problems solved
- Agents with a flat, over-permissioned tool surface.
- No deterministic policy layer between the agent and its tools.
- Prompt-injection exposure through untrusted content (emails, tickets, web fetches).
- Data leakage through tool arguments and unredacted outputs.
- Consequential actions with no human-approval gate.
- No tamper-evident audit of what the agent attempted.
Scope
What I review / build
- Map the agent's full tool surface and argument schemas.
- Model the threat paths: injection, scope escalation, exfiltration, confused-deputy.
- Evaluate policy enforcement, approval modes, and audit completeness.
- Run a focused set of prompt-injection and tool-abuse scenarios.
- Score findings by severity and reversibility.
Deliverables
Deliverables
- Written security review report (executive summary + technical detail).
- Tool access map and argument-schema inventory.
- Prompt-injection test results with reproductions.
- Risk matrix by severity and likelihood.
- Prioritized 30-day fix plan with recommended controls.
Process
Sample workflow
01
Scope & access
Read-only walkthrough of the agent, its tools, and its data sources. No production access without written approval.
02
Threat model
Document the realistic abuse paths for this specific agent and its tool surface.
03
Testing
Run prompt-injection, scope-escalation, and exfiltration scenarios against a non-production instance.
04
Report & readout
Deliver the written report and walk the team through findings, severities, and the fix plan.
Controls
Security controls included
Typical effort
1–2 weeksfocused effort
Scoped around availability. Async-friendly.
How to start
Get in touchno sales call
This is work I do and write about in the open — reach out to compare notes or ask a question.
FAQ
Frequently asked questions.
Do you need production access?
No. The review runs against a non-production instance or a walkthrough. I do not request production access without written approval, and never perform unauthorized testing.
What do I get at the end?
A written report with an executive summary, a tool access map, prompt-injection test results, a risk matrix, and a prioritized 30-day fix plan.
Is this a compliance audit?
No. This is a technical security review focused on secure architecture and audit-ready agent execution — not legal or regulatory compliance.
Related Topics
Related Projects
Let's talk
Want to talk it through?
Building or securing something similar? Tell me about your agent, stack, or SOC workflow — I'm happy to compare notes.