Service
Prompt Injection Testing
I test tool-calling AI agents against prompt-injection, tool abuse, data leakage, and unauthorized action scenarios.
Who it's for
Who this is for
- Teams shipping agents that process untrusted content.
- Security teams validating an agent before launch.
- Engineering teams that want a repeatable injection eval suite.
Problems
Problems solved
- Agents that follow instructions embedded in untrusted input.
- Single-filter defenses that miss output- or argument-level attacks.
- No repeatable eval suite tied to releases.
- Unknown exposure to exfiltration through tool arguments.
Scope
What I review / build
- Assemble an attack pack tailored to the agent's tools and inputs.
- Run injection, tool-abuse, and exfiltration scenarios.
- Test input, output, and tool-argument boundaries separately.
- Measure detection and blocking per category.
- Hand over the eval suite so the team can re-run it.
Deliverables
Deliverables
- Tailored prompt-injection attack pack.
- Test results with reproductions and severities.
- Category-level detection/blocking metrics.
- A re-runnable eval suite for CI.
- Recommended layered-defense controls.
Process
Sample workflow
01
Attack design
Build scenarios specific to this agent — its tools, its untrusted inputs, its data.
02
Execution
Run the pack against a non-production instance across all three boundaries.
03
Scoring
Score by category; flag any successful unauthorized action or leak.
04
Handover
Deliver results plus a re-runnable suite the team owns.
Controls
Security controls included
Typical effort
1 weekfocused effort
Scoped around availability. Async-friendly.
How to start
Get in touchno sales call
This is work I do and write about in the open — reach out to compare notes or ask a question.
FAQ
Frequently asked questions.
Is one classifier enough to stop injection?
No. The testing assumes defense in depth and probes input, output, and tool-argument boundaries separately, because no single filter catches every case.
Do I keep the test suite?
Yes. The deliverable includes a re-runnable eval suite tied to releases so your team can keep testing as the agent changes.
Is this authorized testing only?
Always. Testing runs against non-production instances with written scope. I do not perform unauthorized testing.
Related Topics
Related Projects
Let's talk
Want to talk it through?
Building or securing something similar? Tell me about your agent, stack, or SOC workflow — I'm happy to compare notes.