RED_CORE

Human-in-the-Loop Red Teaming

We combine human expertise with AI-assisted tools to uncover context-aware attacks, social engineering vectors, and novel exploitation techniques that automated scanning misses.

AI Agents Are Vulnerable to Attacks

We find them so real attackers can't.

AI agent exfiltrating customer PII via poisoned hotel review

Real attack from our competition win: AI agent tricked into exfiltrating full customer PII (passport, bank account, credit card) via a poisoned hotel review. The agent called send_email without the user's knowledge.

AI Security Assessment

We find vulnerabilities in LLM agents before attackers have the chance. Whether you're pre-deployment, mid-launch, recovering from an incident, or just want to verify your defenses.

What We Test

  • Prompt injection and jailbreak resistance
  • Data exfiltration and PII leakage
  • Authorization bypass and privilege escalation
  • Tool misuse and unintended behaviors
  • Social engineering susceptibility

What You Get

  • Custom testing scope based on your specific risks
  • Custom automation pipelines for your AI deployment
  • Vulnerability report with remediation recommendations
  • Optional follow-up test after fixes have been implemented

The Team

We formed to compete in Hack-a-Prompt (TRAILS x MATS), an NSF-funded competition focused on indirect prompt injection attacks against AI agents. We're an international team from diverse backgrounds: offensive security, QA engineering, bug bounty programs, security research, social engineering, and prompt engineering.

We think creatively. We're obsessive and relentless.

We placed 1st in the competition by demonstrating real-world attacks that made production-grade AI agents leak customer data, bypass authorization, execute unauthorized commands, and ignore security constraints.

We've spent years finding vulnerabilities in complex systems. Now we focus that expertise on AI agents, where human creativity still beats automated scanners.

Get Your AI Security Assessment

We'll discuss your AI agent risks, scope the engagement, and work with your budget. Response within 24 hours.

Or email directly: connect@cassius.red