AI products carry the usual web, API, and cloud attack surface plus a model layer that takes instructions from attacker-controlled text. We test both, in one engagement.
More context on this sector on our AI/ML industry page.
Tailored to AI/ML, delivered by a Toronto security and compliance team led by a published CVE researcher, with our offensive-security partner where offensive testing is involved.
See the full Penetration Testing service page, or productized pricing for fixed-scope engagements.
They overlap. This pentest starts from your application, API, and cloud surface and adds the model layer on top. The AI security assessment starts at the model, RAG, and agent layer and goes deeper there. If AI is the whole product, most teams want the assessment. We tell you which one your situation calls for.
Yes. The risks live in how your application wires up prompts, data, and tools around the model, not just in the model itself, so the surface we test is yours regardless of who trained the model.
traztech scopes the engagement against your threat model; testing is co-delivered with our offensive-security partner, and critical findings get a free retest.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.