Penetration tests (pentests) assess and evaluate the security of IT systems. This involves using techniques also employed by real attackers. This makes it possible to uncover vulnerabilities in IT systems and prevent potential attacks.
Due to the increasing integration of LLMs into software applications, the vulnerabilities of these systems have become increasingly important. Specialized pentests designed for these systems can identify and eliminate security gaps. Penetration testing is a critical component of software development, enhancing security and building trust in applications. This is particularly vital for generative AI applications due to the unpredictability of generated content. It is crucial to assess how the application behaves when confronted with unexpected or potentially harmful inputs.
We have developed a penetration test tailored to the unique vulnerabilities of application-integrated LLMs. This involves using penetration testing and scanning tools to achieve comprehensive coverage. However, most tools rely on pre-defined prompts, which are often recognized by existing defense mechanisms due to their familiarity. Moreover, the standard approach adopted by many tools is insufficient for addressing all vulnerabilities. To overcome the limitations of available tools and enable an in-depth analysis of AI applications, we have created custom manual tests. At the conclusion of our assessment, we provide a detailed report highlighting all identified vulnerabilities so they can be addressed effectively.
We are pioneers in AI security. We discovered the Indirect Prompt Injection vulnerability and analyzed and published our findings in collaboration with the Helmholtz Center for Information Security (CISPA).
Additionally, we are the initiators of the AI Security Expert Group within the Cybersecurity Alliance of Germany’s Federal Office for Information Security (BSI) and partners of the Cybersecurity Alliance.
Our extensive experience in IT security, combined with innovative solutions for application-integrated LLM security, sets us apart. We offer tailored, high-quality penetration tests to safeguard your application and enhance your credibility.
Whether you want to secure your IT system with a customized solution, train your employees, or are unsure where to start, our team of security experts is here to support you.