Applications
AI/LLM Applications
Large Language Models (LLMs) enable building applications of the future, from intelligent document processing and chatbots to custom AI agents. Test your LLM-based application for vulnerabilities.
Scope of the pentest
In this penetration test, our ethical hackers examine your LLM application for security vulnerabilities and configuration errors.
The test can be conducted on premises or remotely.
Exemplary test objects:
LLM-Chatbot
Typical AI-based chatbot systems with knowledge base via RAG pipeline
Document Analysis
AI applications with OCR and document processing
AI Content Creation
AI systems for dynamic content creation (e.g., images, text, etc.)
Custom App
You have developed your own custom AI application?
8.5%
8,5% of all prompts contain sensitive data ¹
45.77%
45,77% of these prompts contain customer data ¹
Penetration test of AI/LLM-Applications
Our approach
The AI penetration test presented here includes a comprehensive security analysis of your AI applications, particularly systems based on large language models (LLMs). The focus is on identifying risks arising from the interaction between the model, user input, connected data sources, and integrated systems. The scope of the test can be specifically limited to an application, API, or infrastructure component of your choosing.
We test the AI system both at the infrastructure level (all accessible interfaces of the target application) and at the application level using AI red teaming. In doing so, we specifically simulate malicious prompts and manipulated inputs to uncover potential vulnerabilities in the model’s behavior as well as in the processing and transmission of information.
All tests include a structured analysis of potential vulnerabilities along the entire processing chain – from input interfaces and APIs to connected systems and services. In addition, an in-depth analysis of the model’s behavior is conducted at the application level under realistic attack conditions. This includes prompt injection, data exfiltration, model manipulation, output filtering bypass, and the verification of access controls and system boundaries. The testing is conducted in accordance with established security guidelines such as the OWASP Top 10 for LLM applications and the current penetration testing guidelines for large-language models from the German Expertenkreis KI-Sicherheit.
Especially in the context of today's increasingly AI-driven, networked systems, security plays a crucial role. At the same time, many users and managers are not yet fully aware of the specific risks and novel vulnerabilities associated with the use of large-language models and similar AI systems. Contact us for an expert analysis and gain a clear understanding of your risks.
Standards and qualifications
We follow recognized international standards for our pentest procedure.
Our penetration testers are highly qualified and certified with several recognized hacking certificates.
