How we work
Structured process, no surprises
Here's exactly what happens from your first call to your final report.
What to expect
- Clear scope before we start testing.
- Regular updates during active testing.
- Immediate notification of critical findings.
- Final report within a week of testing completion.
Step by step
The engagement process
1
Scoping call (30 min)
You explain your AI system. We identify attack surfaces, agree on testing boundaries, and give you a quote. No charge for this call.
2
Access setup (1-2 days)
You provide test credentials and any necessary access. We confirm we can reach your system and testing can begin.
3
Active testing (1-4 weeks)
We run attacks against your live system. Critical findings reported immediately. Regular status updates throughout.
4
Draft report (3-5 days)
You receive a draft with all findings, severity ratings, and remediation guidance. Call to walk through results.
5
Remediation + retest (if included)
For full engagements: we help fix issues and verify the fixes work with a retest.
Requirements
What we need from you
- Test account: Credentials to access your AI features like a normal user.
- Testing permission: Written authorization to run security tests.
- Point of contact: Someone we can reach if we hit blockers.
- Architecture overview: Basic understanding of your AI stack (helpful but not required).
What we don't need
- Source code access (optional, not required)
- Production database access
- Admin credentials
- Lengthy onboarding
We test from the outside like a real attacker would.
Communication during testing
- Kickoff call before testing starts
- Daily or weekly status updates (your choice)
- Same-day notification for critical findings
- Slack/Teams channel for quick questions (optional)
Questions about the process?
Happy to walk through exactly how an engagement would work for your team.