Home Penetration Testing Services LLM Penetration Testing

LLM Penetration Testing

Assess and Secure Your AI Apps, Agents, RAG, MCP

What is LLM Penetration Testing?

An LLM penetration test involves analysing the security of an application that incorporates language models (LLMs), autonomous agents or generative AI pipelines, by simulating targeted attacks. Our auditors analyse not only vulnerabilities specific to the models themselves but also application flaws, third-party integrations (APIs, RAG, MCP servers) and the security configuration of the AI environment. The hosting infrastructure is also included within the scope of the analysis, whether it is based on a cloud-based model provider, a self-hosted model or a hybrid architecture.

At the end of the testing phase, our auditors provide a detailed report. This report includes a description of the vulnerabilities identified, exploitation scenarios and recommendations for remediation. A revalidation phase can then be carried out to verify that the fixes have been implemented correctly and thus ensure the security of your AI system.

LLM Penetration Testing

Our Technical Expertise in LLM Penetration Testing

Our auditors carry out penetration tests on AI systems built using all types of models, frameworks and architectures — proprietary models (OpenAI, Anthropic, Google) or open-source models, RAG applications, autonomous agents, multi-agent systems and business co-pilots. Whether it’s an internal chatbot, a customer assistant, a development co-pilot or an agent orchestration platform, we tailor our approach to your technical stack and your use case.

Tests Performed During an LLM Penetration Test

Analysis of the model’s defence mechanisms

  • Resistance to direct and indirect prompt injections
  • Bypassing filters using fake markup and mimicked system tags
  • Bypassing via the injection of fake dialogue turns (fake user/assistant responses)
  • Bypassing safeguards (system prompts, guardrails, content filters)
  • Jailbreaking and misuse of the model
  • Extraction of system prompts and safeguard instructions
  • Extraction of training data via sentence completion and reminder-based prompting
  • Model inversion and membership inference tests

Access controls and isolation checks

  • Assessment of user role and privilege management
  • Detection of information leaks between sessions or between tenants
  • Identification of missing or misconfigured access controls within the model
  • Privilege escalation tests using tools exposed within the model

RAG integration and data source security

  • Analysis of retrieval pipelines (vector database, embeddings, re-ranking)
  • Data poisoning and indirect injection tests via indexed documents
  • Verification of the validation and sanitisation of returned content
  • Exposure of sensitive data in the context passed to the model

AI-specific business logic testing

  • Detection of exploitable inconsistencies in agent workflows
  • Misuse of the model’s intended use case
  • Excessive agency: unauthorised actions triggered via the model
  • Circumvention of critical validations through natural language manipulation
  • Triggering malicious actions against other users or systems via the model (application-level CSRF, unsolicited API calls, sending unauthorised messages)

API and associated application security

  • Audit of APIs exposed by or around the LLM
  • Server-side controls (rate limiting, quotas, cost control)
  • Conventional injection testing of exposed parameters and functions
  • Leaks of sensitive data in model responses

Model output processing security

  • Injection of malicious payloads into model responses (stored XSS, un sanitised HTML tags)
  • Remote code execution via LLM outputs consumed without validation (shell commands, SQL queries, file paths)
  • CSRF tests triggered by model-generated responses or actions
  • Audit of front-end post-processing and rendering pipelines
Méthodologie pentest web
sécurité agents et serveurs mcp

Security Analysis of Agents and the Model Context Protocol (MCP)

Audit of MCP servers and exposed tools

  • Inventory of connected MCP servers and tools exposed to agents
  • Detection of tool poisoning and malicious tool descriptions
  • Analysis of authentication and authorisation flows (OAuth, tokens, scopes)

Tests for tool abuse by agents

  • Unauthorised execution or misuse of tools by agents
  • Circumvention of permission policies and intent detection
  • Unauthorised action chains exploiting multiple tools

Security of agent/tool interactions

  • Indirect injection via third-party tool responses
  • Exfiltration of sensitive data via call arguments
  • Fuzzing of exposed parameters and JSON schemas

Audit of agent-based pipelines

  • Excessive agency and privilege escalation via the model
  • Tests for adversarial behaviour in multi-stage workflows
  • Detection of anomalous behaviour in multi-agent orchestration

Tests Performed on the AI and MLOps Infrastructure

Fine-tuning and MLOps pipelines

  • Audit of training and validation datasets
  • Data poisoning tests on ingestion pipelines
  • Management of secrets and API keys (LLM providers, vector stores)
  • Audit of model-related CI/CD workflows

Cloud environments and vector databases

  • Audit of cloud configurations (LLM providers, vector stores, orchestrators)
  • Analysis of identity and access management for AI services
  • Audit of security groups and network rules relating to the model
  • Isolation of environments (development, testing, production)
Pentest infra hébergement

Types of LLM Penetration Tests

An LLM penetration test can be carried out using three approaches, each offering a unique perspective on the security of your AI system.

Black box LLM penetration testing

Our auditors adopt the perspective of an external attacker, with no prior knowledge of the application, model or exposed tools.

Grey box LLM penetration testing

Our auditors have access to partial information: user accounts, functional documentation, a description of the model’s capabilities, and an inventory of MCP tools.

White box LLM penetration testing

Our auditors assess the security of your system with full access: system prompts, source code, model configuration, exposed tools and RAG datasets.

LLM Penetration Testing Methodology

AI Attack Surface Discovery and Mapping

Our auditors map your AI attack surface by identifying the models in use, exposed tools and functions, agents, RAG sources and MCP servers. They also look for leaks of sensitive information (disclosed system prompts, exposed API keys, accessible training data).

Modelling AI-Specific Threats

The analysis draws on industry benchmark frameworks: OWASP LLM Top 10, OWASP Top 10 for Agentic Applications, MITRE ATLAS, NIST AI RMF and PortSwigger Web LLM Attacks. This stage enables us to identify attack scenarios relevant to your use case.

Identification and analysis of vulnerabilities

Our auditors detect and validate vulnerabilities through in-depth manual testing, supplemented by specialised tools. Each vulnerability is analysed according to its severity and its actual impact on your application and business.

Exploitation and impact assessment

The identified vulnerabilities are exploited in a controlled manner to measure their actual impact — data exfiltration, model sabotage, tool abuse, uncontrolled costs — and to identify any potential attack chains involving multiple components.

Penetration test report, debriefing and follow-up audit

A detailed report sets out the vulnerabilities identified, their severity level, proof-of-concept exploits and prioritised remediation recommendations. A debriefing with your AI and development teams allows us to explain the findings and support the remediation process, followed by a follow-up audit to validate the effectiveness of the measures implemented.

Méthodologie pentest web
CUSTOMER TESTIMONIALS

"Intersport has been working with Vaadata for over seven years. We particularly value their technical expertise, professionalism and the quality of their customer service. Their ability to understand our challenges and propose tailored solutions has enabled us to strengthen the security of our systems, particularly through their penetration tests and cybersecurity advice. Vaadata is now a trusted partner whom we highly recommend."

Michaël A.
Head of Organisation and Information Systems, INTERSPORT

"On the recommendation of a fellow CIO, I commissioned Vaadata to carry out an initial penetration test in 2020, and from 2021 onwards, I decided to extend this collaboration to cover each of our solutions on an annual basis. What particularly impressed me, beyond their expertise, was the flexibility of their teams and how easily they communicated, particularly with our development teams. This has really facilitated our collaboration and enabled us to achieve even more effective results. The sharing of information is outstanding."

Jean-Philippe F.
Head of Information Systems, ITESOFT

"We have been working with Vaadata since 2018. I appreciate their approachability, their commitment to providing advice and the quality of their technical expertise. With every project, their teams help us take our security maturity to the next level. Their support was particularly crucial in helping us achieve our SOC 2 certification. Vaadata is now a trusted partner we can rely on to address our security and compliance challenges."

Thomas L.
Head of IT, Security and Compliance, DATAGALAXY

"We have no hesitation in recommending Vaadata to other businesses. Their technical expertise, methodological rigour, ability to identify complex vulnerabilities and, above all, the quality of their remediation recommendations make them a trusted partner."

Ouadia L.
CEO, RANDOM TEAM

“What I really appreciated were the technical discussions. We were able to challenge each other’s views, discuss the severity levels and compare our interpretations. Nothing was set in stone. It was a truly collaborative effort, which I found very enjoyable.”

Ayoub H.
Senior Security Engineer, VESTIAIRE COLLECTIVE
About vaadata

LLM Penetration Testing with Vaadata, a Trusted Offensive Security Partner

Carrying out an LLM penetration test with Vaadata means choosing a company certified to the industry’s most stringent standards.

Our company is PASSI, CREST, ISO 27001 and ISO 27701 certified, which attests to the quality of our services and our compliance with international standards for cybersecurity and personal data protection. These certifications bolster our clients’ confidence by guaranteeing a high standard of methodological and organisational rigour.

Our LLM penetration tests are carried out by certified auditors who are proficient in both traditional application attack techniques and the specific characteristics of language models, agents and the Model Context Protocol. This dual expertise (AppSec and offensive AI) enables them to accurately identify, exploit and document the vulnerabilities specific to each AI environment.

PASSIISO 27701Certification iso 27001certificatio crest
Réaliser un pentest web avec Vaadata
Tell us about your offensive security challenges and needs
Contact us to discuss your offensive security needs and get information about our services and processes. Our team will get back to you as soon as possible.