Architecture & threat modelling
We map your system boundaries, data flows, and trust zones. Common findings include over-privileged services, implicit internal trust, and missing network segmentation.
Security Audit · Supporting work
Security audit for AI systems and regulated platforms.
Architecture-level review, not a penetration test. We find the structural risks in your system design, data handling, and AI integrations before your customers or regulators do.
Audit scope
Six areas, architecture first.
We focus on structural risk: the things penetration tests miss because they test behaviour, not design.
Authentication & authorisation
Review of auth schemes, token lifetimes, role models, and privilege escalation paths. Includes third-party OAuth/OIDC integrations.
AI & LLM safety controls
Prompt injection surface, output filtering, system prompt leakage, model access controls, and data retention in inference pipelines.
Data handling & encryption
Encryption at rest and in transit, key management, secret sprawl, logging hygiene, and data retention policies.
Dependency & supply chain
Dependency audit against CVE databases, license compliance, build pipeline integrity, and third-party SDK data sharing behaviour.
Infrastructure & access controls
Cloud IAM posture, least-privilege review, exposed management ports, CI/CD secrets hygiene, and production access audit trail.
What you receive
A ranked findings report and a remediation backlog.
Findings report
Severity-ranked, with reproduction steps and remediation guidance.
Architecture diagram
Annotated threat model with trust zones and risk boundaries.
Remediation backlog
Prioritised Jira/Linear-ready tickets for your engineering team.
Executive summary
One-page overview for non-technical stakeholders.
Ready to understand your security posture?
Book a technical call. We'll confirm fit, disclosure requirements, and the audit scope.