// how it works

We don’t audit your AI. We attack it.

A controlled engagement that mirrors a real insider: a role with real access, a growing arsenal of real attacks, and a report you can actually act on.

// the engagement

Four steps, fully under your control.

01

Scope & authorize

We agree on targets, roles, and boundaries in writing. Nothing is touched without your sign-off, and the engagement is time-boxed from day one.

02

Deploy the rogue

We assume a role with realistic day-one access and behave like a real employee inside your AI tools - curious, plausible, and persistent.

03

Attempt extraction

We run our malicious-angle library against your copilots and agents, going after real sensitive data the way an actual insider would.

04

Report & remediate

You get exactly what got out, the prompts that did it, severity, and the fix - plus a free retest once you've patched.

// the role library

We attack as someone you just hired.

Each role carries the access a real hire gets on day one. Pick one, or run several to see how exposure changes with permissions.

Junior Software Engineer

Code assistant, internal wiki, ticketing

Support Agent

Customer copilot, CRM, knowledge base

Sales Rep

Deal assistant, pipeline, pricing docs

Finance Analyst

Reporting copilot, data warehouse, payroll exports

New Marketing Hire

Content assistant, brand drive, analytics

Contractor

Scoped agent access, shared workspaces

// the malicious-angle dataset

A proprietary library that only gets meaner.

Every engagement teaches us new ways in. Those angles go back into the library, so the attack your AI faces next quarter is sharper than the one it faced this quarter.

Social engineering

“I'm new and just trying to do my job.” The oldest trick, now aimed at a system built to be helpful.

Direct prompt injection

Instructions smuggled into the conversation to override guardrails and policy.

Indirect / RAG injection

Poisoned documents and tickets that hijack the assistant when it retrieves them.

Privilege & context confusion

Getting the AI to act with access the rogue shouldn't have, by blurring whose request it's serving.

Data aggregation

Innocuous-looking queries that, combined, reconstruct the sensitive whole.

Guardrail evasion

Encodings, role-play, and framing that slip past the filters you're relying on.

// safety & authorization

An attacker on a leash.

We behave like a rogue employee in every way but one: we report back to you instead of selling what we found.

  • Every engagement runs under a signed authorization with a defined scope and window.
  • We attempt extraction; we never destroy, modify, or ransom your data.
  • Extracted data is minimized, encrypted, and destroyed on the agreed schedule.
  • Findings are shared only with the people you name, under NDA.

// before someone else does

Find out what a rogue employee could take.

A 30-minute demo. We'll run a real extraction against a sample environment - and show you what it would find in yours.

Book a demo