Who it's for

Who this is for

  • Teams shipping agents that process untrusted content.
  • Security teams validating an agent before launch.
  • Engineering teams that want a repeatable injection eval suite.
Problems

Problems solved

  • Agents that follow instructions embedded in untrusted input.
  • Single-filter defenses that miss output- or argument-level attacks.
  • No repeatable eval suite tied to releases.
  • Unknown exposure to exfiltration through tool arguments.
Scope

What I review / build

  • Assemble an attack pack tailored to the agent's tools and inputs.
  • Run injection, tool-abuse, and exfiltration scenarios.
  • Test input, output, and tool-argument boundaries separately.
  • Measure detection and blocking per category.
  • Hand over the eval suite so the team can re-run it.
Deliverables

Deliverables

  • Tailored prompt-injection attack pack.
  • Test results with reproductions and severities.
  • Category-level detection/blocking metrics.
  • A re-runnable eval suite for CI.
  • Recommended layered-defense controls.
Process

Sample workflow

01

Attack design

Build scenarios specific to this agent — its tools, its untrusted inputs, its data.

02

Execution

Run the pack against a non-production instance across all three boundaries.

03

Scoring

Score by category; flag any successful unauthorized action or leak.

04

Handover

Deliver results plus a re-runnable suite the team owns.

Controls

Security controls included

Input-boundary detectionOutput-boundary filtersTool-argument validationBlock-or-review escalationContinuous red-team eval in CI
Typical effort
1 weekfocused effort
Scoped around availability. Async-friendly.
How to start
Get in touchno sales call
This is work I do and write about in the open — reach out to compare notes or ask a question.
FAQ

Frequently asked questions.

Is one classifier enough to stop injection?
No. The testing assumes defense in depth and probes input, output, and tool-argument boundaries separately, because no single filter catches every case.
Do I keep the test suite?
Yes. The deliverable includes a re-runnable eval suite tied to releases so your team can keep testing as the agent changes.
Is this authorized testing only?
Always. Testing runs against non-production instances with written scope. I do not perform unauthorized testing.
Let's talk

Want to talk it through?

Building or securing something similar? Tell me about your agent, stack, or SOC workflow — I'm happy to compare notes.