security offer / agents, tools, data
LLM / Agent Security Audit
A practical security review for LLM apps, tool-using agents, MCP/A2A integrations, RAG systems, and AI workflows that may touch sensitive data or production actions.
Best fit
Your agent can call tools, read internal data, or trigger external actions.
You are worried about prompt injection, data leakage, over-broad permissions, or unsafe tool use.
Security, legal, product, or leadership teams need a clear risk picture before launch.
You need a remediation backlog, not abstract AI safety advice.
What I check
Prompt injection paths through documents, tickets, emails, web pages, chats, and tool outputs.
Tool permissions, identity model, side effects, confirmations, and auditability.
RAG and context boundaries: sensitive data, access control, memory, and retrieval filtering.
MCP/A2A integration risk: tool manifests, schemas, untrusted outputs, and supply-chain exposure.
Evals, tracing, guardrails, human review, and incident reproduction paths.
Deliverables
Threat model for the LLM / agent workflow.
Attack surface map and risk register.
Prompt injection and tool misuse test cases.
Guardrails, approval, observability, and access-control recommendations.
Prioritized remediation backlog for product, engineering, and security teams.
process
How it runs
- Scope the system, data classes, tools, and production risks.
- Review prompts, retrieval, tool schemas, permissions, traces, and deployment assumptions.
- Run adversarial scenarios and map likely failure modes.
- Deliver a security review with concrete fixes and next-step architecture.
Relevant background: AI security publication on LLM injection, production AI platform work in banking, MCP/A2A and tool-integration experience, evals, tracing, guardrails, and agent architecture.