SCBE-AETHERMOORE
AI Red Team as a Service

We break your AI before the adversaries do.

91 red team prompts · 0 false positives. Branded PDF report. Remediation roadmap. Quarterly re-tests. $5K-50K per engagement.

Book an engagement See what we test for
91 red team prompts · 0 false positives 4-week delivery Branded PDF report Mid-market focus

Lakera, Robust Intelligence, and HiddenLayer target Fortune 500 budgets at $150K-$1M per engagement. Mid-market is wide open. If you have deployed an LLM product -- a chatbot, an agent, a RAG system -- you need to know how it breaks before an attacker or a reporter does.

SCBE-AETHERMOORE ships with 91 red team prompts, 0 false positives across 6 adversarial tiers (L1 basic through L6 full adversarial). We run those tests against your LLM application, deliver a branded PDF report mapped to your threat model, and hand you a prioritized remediation roadmap. Quick engagements. Real findings. No vaporware.

Attack Surface

What we test for

Four categories, dozens of sub-vectors each. Every finding reproducible, every vector mapped to your application.

Injection
🛡

Prompt injection

Direct prompt injection, indirect injection via retrieved documents, multi-turn drift attacks, and context poisoning through memory or session state.

Jailbreak
🔓

Jailbreaks

Persona hijacks, instruction-override attacks, role confusion, safety classifier bypass, and encoding-based evasion techniques.

Exfil
📤

Data exfiltration

System prompt extraction, training data leakage, PII recovery via inference attacks, and confidential context bleed across sessions.

Agent
🤖

Agent abuse

Tool misuse, privilege escalation through chained calls, infinite loops, cost bombs, and unauthorized lateral movement across connected systems.

Timeline

The process

From kickoff to delivery in four weeks. No drawn-out consulting cycles.

1Week 1

Scoping

Kickoff call, threat model review, test suite selection. We learn what matters to you and which attack surfaces your architecture exposes.

2Week 2

Execution

91 red team prompts · 0 false positives, run against your endpoint. Results captured as structured JSONL with full request, response, and judge output for every attempt.

3Week 3

Analysis

Findings triaged and severity ranked. Remediation drafted against your stack. We filter the noise so you get the signal that matters.

4Week 4

Delivery

Branded PDF report, live walkthrough call with your engineering and security stakeholders, prioritized remediation roadmap delivered as markdown.

Pricing

Three tiers. Pick one.

Fixed-price engagements, no scope creep, no hidden fees. Start where you are.

Quick Scan
$5,000
one-time engagement
  • 4-week delivery
  • 91 red team prompts · 0 false positives against one endpoint
  • Standard branded PDF report
  • Raw JSONL test output
  • Remediation roadmap
  • For startups and single-product validation
Book Quick Scan
Most popular
Deep Engagement
$25,000
one-time engagement
  • Everything in Quick Scan
  • Custom threat model tailored to your architecture
  • Multiple endpoints and agent surfaces
  • Executive briefing deck for leadership
  • Remediation support during fix cycle
  • For scaling companies with multiple AI surfaces
Book Deep Engagement
Quarterly Retainer
$50,000
four engagements per year
  • Everything in Deep Engagement, quarterly
  • Drift monitoring between scheduled runs
  • Priority response to new attack patterns
  • Dedicated Slack channel
  • Named point of contact on our side
  • For enterprises with ongoing risk
Start Retainer
Deliverables

What you get

Every engagement ships with artifacts your engineering, security, and compliance teams can actually use.

Branded PDF report

Your logo, your threat model, your priorities. Written to be read by engineering leadership, not just security specialists.

Severity-ranked findings

Every finding gets a reproduction recipe: exact prompt, exact response, exact conditions. If we found it, you can reproduce it.

Remediation roadmap

Prioritized fix list with code snippets where applicable. Patches, policy middleware, prompt hardening, output filters.

Raw test output (JSONL)

Full structured output for your GRC and audit teams. Feed it to your SIEM, your compliance tooling, or your own dashboards.

Live walkthrough call

Screen-share session with your engineering and security stakeholders. We walk every critical finding and answer questions live.

30 days of follow-up

Email and async support while you implement fixes. We validate your patches against the original attack vectors at no extra charge.

Case Studies

Example findings from real engagements

Anonymized, but representative. This is what a typical report looks like in practice.

91/91 blocked, 0 false positives — vs ProtectAI 62/91 and Meta Prompt Guard 15/91. See the comparator table →

Retail chatbot

31 prompt injection vectors, 4 critical

Customer-facing assistant leaked coupon logic and allowed arbitrary refund approvals through indirect injection via product reviews.

policy middleware with strict input/output separation

Code assistant

System prompt extractable via encoding trick

Base64-wrapped payload bypassed the model's refusal training and surfaced the full system prompt including vendor-specific guardrail instructions.

output filter with regex and semantic leakage detection

RAG system

Training data exfiltration via follow-up questions

Multi-turn questioning reconstructed verbatim chunks from the indexed corpus, including one document marked confidential in metadata.

query classifier + retrieval-time ACL enforcement

Under the hood

The technology underneath

SCBE-AETHERMOORE is the adversarial framework powering every engagement. Open-source core, patent-pending architecture.

91/91
Red team blocked (0 FP)
L1-L6
Adversarial tiers
14
Pipeline layers
Patent
USPTO #63/961,403

The test suite is organized in six tiers: L1 basic through L6 full adversarial. L1 covers the trivial attacks every LLM should refuse. L6 is our full adversarial fleet -- multi-turn, multi-modal, cross-session, chained agents. Every test is reproducible, every test is versioned, every test is mapped to a specific failure layer in the 14-layer pipeline.

The core is open source. Inspect it, run it yourself, fork it. What we sell is the expertise, the curation, the reporting, and the remediation follow-through.

View the repo on GitHub See the real numbers (honest evidence ledger) →
FAQ

Common questions

What LLMs do you test?
Any. OpenAI, Anthropic, local open-weights (Llama, Mistral, Qwen), custom fine-tunes, and agent frameworks including LangChain, LlamaIndex, CrewAI, and bespoke orchestration. If it takes a prompt and returns a response, we can attack it.
How do we get you access?
API key plus endpoint URL, or sandbox credentials you provision. An NDA is signed before any keys are exchanged. Keys are rotated at the end of the engagement and we document every call we made during testing.
Is this disruptive to production?
No. We run against a staging endpoint you provision specifically for the engagement. Zero impact on production. If you can't stand up a staging environment we can work against a replica, but we never touch live traffic.
Can we get the raw test data?
Yes. JSONL output is included at every tier -- Quick Scan, Deep Engagement, and Retainer. You own the data. Feed it to your GRC tooling, your SIEM, or your own audit process.
Do you find vulnerabilities in the LLM itself?
We find vulnerabilities in your application's use of the LLM. LLM vendor issues -- model weights, tokenizer bugs, training data contamination at the vendor level -- are out of scope. If we happen to find one we will flag it, but the engagement targets your deployment.

Book a scoping call

Thirty minutes. We walk your architecture, map the likely attack surface, and tell you honestly which tier fits. No hard sell, no obligation.

Book a scoping call Compare tiers