Who it's for

Who this is for

  • AI startups shipping tool-calling agents into production.
  • Security teams piloting AI agents on real telemetry.
  • Platform teams exposing internal tools to agents via MCP or HTTP.
Problems

Problems solved

  • Agents with a flat, over-permissioned tool surface.
  • No deterministic policy layer between the agent and its tools.
  • Prompt-injection exposure through untrusted content (emails, tickets, web fetches).
  • Data leakage through tool arguments and unredacted outputs.
  • Consequential actions with no human-approval gate.
  • No tamper-evident audit of what the agent attempted.
Scope

What I review / build

  • Map the agent's full tool surface and argument schemas.
  • Model the threat paths: injection, scope escalation, exfiltration, confused-deputy.
  • Evaluate policy enforcement, approval modes, and audit completeness.
  • Run a focused set of prompt-injection and tool-abuse scenarios.
  • Score findings by severity and reversibility.
Deliverables

Deliverables

  • Written security review report (executive summary + technical detail).
  • Tool access map and argument-schema inventory.
  • Prompt-injection test results with reproductions.
  • Risk matrix by severity and likelihood.
  • Prioritized 30-day fix plan with recommended controls.
Process

Sample workflow

01

Scope & access

Read-only walkthrough of the agent, its tools, and its data sources. No production access without written approval.

02

Threat model

Document the realistic abuse paths for this specific agent and its tool surface.

03

Testing

Run prompt-injection, scope-escalation, and exfiltration scenarios against a non-production instance.

04

Report & readout

Deliver the written report and walk the team through findings, severities, and the fix plan.

Controls

Security controls included

Scoped tool surface per agent personaJSON-schema argument validationDeterministic policy engine at the call boundaryApproval modes for consequential toolsField-level redactionTamper-evident, replayable audit log
Typical effort
1–2 weeksfocused effort
Scoped around availability. Async-friendly.
How to start
Get in touchno sales call
This is work I do and write about in the open — reach out to compare notes or ask a question.
FAQ

Frequently asked questions.

Do you need production access?
No. The review runs against a non-production instance or a walkthrough. I do not request production access without written approval, and never perform unauthorized testing.
What do I get at the end?
A written report with an executive summary, a tool access map, prompt-injection test results, a risk matrix, and a prioritized 30-day fix plan.
Is this a compliance audit?
No. This is a technical security review focused on secure architecture and audit-ready agent execution — not legal or regulatory compliance.
Let's talk

Want to talk it through?

Building or securing something similar? Tell me about your agent, stack, or SOC workflow — I'm happy to compare notes.