← Back to services // Offensive

AI Pentest

Prompt injection, model manipulation and AI supply chain risks

€175 /hour

AI systems introduce new attack vectors. We test your LLM integrations, AI agents and machine learning pipelines for prompt injection, data exfiltration, model manipulation and unintended information leaks. From chatbots to automated decision systems.

What is an AI pentest?

An AI pentest is a security investigation focused on the AI and machine learning components in your applications. More and more organisations are integrating LLMs, AI agents and ML pipelines into their products. With that come attack vectors that traditional pentests do not cover: prompt injection, model manipulation, data exfiltration via the AI, unintended information leaks.

We test your AI implementations against the OWASP Top 10 for LLM Applications and go further. We investigate the full chain: user input to model output, including system prompts, tools/function calling, RAG pipelines and the data the model can access.

Common AI vulnerabilities

  • Prompt injection - direct and indirect prompt injection to make the AI ignore instructions or execute malicious actions.
  • System prompt extraction - reverse engineering the system prompt, including secret instructions and internal logic.
  • Data exfiltration - manipulating the AI to leak sensitive data from the knowledge base or database.
  • Jailbreaking - bypassing safety measures to generate undesired content.
  • Tool/function abuse - manipulating AI agents that call tools to perform unauthorised actions.
  • Training data poisoning - for custom models: can the training data be manipulated?

Why should you get an AI pentest?

AI security risks are structurally underestimated:

  • AI has access to sensitive data: many implementations access customer data, internal documents or business systems via RAG or function calling.
  • AI attacks are new: most developers have no experience with prompt injection.
  • Reputational risk: an AI chatbot can leak sensitive data.

Our approach

We combine AI knowledge with offensive security experience. We are researchers who like to play with new technology:

  1. Scoping - which model, which data, which tools, which threat model? Direct conversation with the researcher.
  2. System prompt analysis - we try to extract the system prompt. This often reveals the internal logic and security measures.
  3. Prompt injection testing - direct and indirect injection, multi-turn attacks, encoding bypasses. Systematic and creative.
  4. Data access testing - getting access via the AI to data the user should not see. Other users, internal documents, system configuration.
  5. Tool/function abuse - if the AI can call tools, we test whether we can abuse them. APIs, databases, file systems.
  6. Output analysis - PII leaks, hallucinations with confidential data, undesired content.
  7. Reporting - findings with example prompts, outputs and concrete hardening recommendations. Retest available on request.

What does an AI pentest cost?

Our hourly rate for AI pentesting is €175 per hour. Costs depend on complexity, number of AI components and data sensitivity. Fixed quote after scoping call.

Methodology

1

Scoping

Inventory of AI components, models, data flows and integration points.

2

Prompt Analysis

Testing for prompt injection, jailbreaks and system prompt extraction.

3

Data Flow Testing

Investigation of data exfiltration, PII leaks and unintended information sharing.

4

Reporting

Report with findings, risk classification and concrete mitigations.

Frequently asked questions

Which AI models can you test?

GPT-4, Claude, Gemini, Llama, Mistral. The model does not matter. The vulnerabilities sit in the implementation: system prompts, tooling, RAG configuration. Not in the model itself.

Is an AI pentest different from a regular web application pentest?

Does your application contain AI components in addition to normal functionality? Then we combine the tests.

Can you also test internal AI tools?

Yes. Internal AI tools for HR, finance or operations often have more access to sensitive data than a public chatbot. They are particularly interesting to test.

How new is the field of AI pentesting?

Young but growing. We follow developments actively, take training (OSAI), do our own research and publish on it. The OWASP Top 10 for LLM Applications forms the basis of our methodology, but we go beyond the checklist.

Related services

// Offensive

Web Application Pentest

OWASP, business logic, auth bypass - from login to back-end

 // Research

Security Research

Applied research

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch