AI Red Teaming , New Zealand, Wellington, Auckland, Christchurch, Penetration testing, Pentest, Pen Testing, Pen Test, Red Teaming, Red Team, Purple Teaming, Purple Team, Secure Development Training, Active Directory Security Training, Security Training, Security Services
Comprehensive security evaluation of AI-integrated solutions, examining AI-specific vulnerabilities and their impact on surrounding infrastructure.
At Tier Zero Security, our consultants are actively engaged in Artificial Intelligence (AI) related research and are involved in the AI community in New Zealand. Our AI Red Teaming services evaluate your AI-integrated solutions holistically, examining not only AI-specific vulnerabilities such as prompt injection, insecure outputs, hallucinations, and sensitive information leakage, but also how these vulnerabilities may affect or be leveraged to exploit other system components like APIs, databases, and access controls.
We assess the full attack surface of your AI solution from an offensive security perspective, analysing how AI interacts with surrounding infrastructure such as APIs and databases. This includes evaluating the effectiveness of custom guardrails to ensure they align with intended use and are resilient to bypass attempts. Our approach evaluates the business impact, providing context for vulnerabilities in your solution. Engagements can be structured as one-off assessments or ongoing support embedded into your AI development lifecycle, enabling secure and responsible AI deployment from design to production.
Example Use Case Scenarios
M365 Copilot Integration Review
Ensuring appropriate access controls are in place within your M365 environment to prevent unauthorised access and data leakage.
Chatbot Integration
Verifying that your chatbot or conversational AI cannot be misused to cause harm to your business, such as through data leakage or model hallucinations.
Agentic AI Integration
Assessing the security of tools and plugins available to the AI, ensuring they cannot be exploited or abused.
AI Development Environment Security
Evaluating the security of your AI development environment. A compromised model during training (e.g. through data poisoning) may retain malicious behaviours that are difficult to detect or reverse.
LLM Integration with MCP and A2A
Conducting implementation and code security reviews to ensure MCP and A2A components are securely configured and free from exploitable weaknesses.
AI-Specific Vulnerabilities We Test For
Prompt Injection
A vulnerability that occurs when prompts alter the LLM's behaviour, causing them to violate guidelines, generate harmful content, enable unauthorised access, or influence critical decisions.
Sensitive Information Disclosure
Determine if it is possible to trick the LLM into returning sensitive information, also in cases where vectors and embeddings for Retrieval Augmented Generation (RAG) are utilised by the solution.
Improper Output Handling
Verify if the solution suffers from insufficient validation, sanitisation, and handling of the outputs generated before they are passed downstream to other components and systems.
Excessive Agency
Determine if the model has been provided with excessive permissions for plugins (tools) that might be used by the solution, which could lead to unintended actions or access to sensitive data.
System Prompt Leakage
Verify it is not possible to retrieve the original system prompt, which could include sensitive information or could allow to construct specific prompts that might result in unintended actions.
At Tier Zero Security, we use Open Source Security Testing Methodology Manual (OSSTMM) and Open Web Application Security Project (OWASP) Testing Guide methodologies.
For a full list of Tier Zero Security's penetration testing services, please visit our Tier Zero Security penetration testing services page.
Discover all of our services at this link.
Secure your AI solutions
Our AI Red Teaming services provide comprehensive security assessment for your AI-integrated systems.
Get StartedContact
Get in touch