Injection Surface Inventory
Complete map of every input surface in your AI deployment, including ones your team may not have catalogued. Useful beyond this engagement as an ongoing reference.
10–15 pages · MarkdownSERVICES · OFFENSIVE← BACK TO SERVICES
Injection Vector Mapping
A focused, repeatable scan of every place an attacker can inject instructions into your AI.
Injection Vector Mapping is a narrower, faster engagement than full Adversarial Probing. We map every input surface where an attacker can plant instructions — user inputs, retrieved documents, tool outputs, system-prompt boundaries — and test each one with category-appropriate payloads. The result is a complete inventory of injection attack surface in your stack, with severity ratings and remediation priorities.
// THE PROBLEM
What we're solving when you hire us for thisPrompt injection is the single most common AI vulnerability class in 2026, and the one most likely to be undertested. Generic security audits look for SQL injection and XSS but stop short of prompt injection because it doesn't fit traditional vulnerability taxonomies. Meanwhile, every AI deployment has multiple injection surfaces — and attackers only need one to work.
Injection Vector Mapping closes that gap with a single focused engagement. We don't test every possible AI vulnerability — we test every possible injection point. Less depth than Adversarial Probing, but full breadth across the injection surface specifically.
// HOW WE RUN IT
The five phases of an Injection Vector Mapping engagement01
Surface Inventory
We document every input that reaches your model: user-facing fields, ingested documents, retrieved context, tool outputs, system-prompt segments, and any other channel where text crosses into the model's context window. Read-only; no testing yet.
Duration 2–3 days · Output: written surface inventory02
Payload Categorization
For each surface, we identify which injection categories are applicable — direct override, role-confusion, smuggled instructions, indirect injection via retrieved content, and others. The output is a test matrix: surfaces × applicable categories.
Duration 1–2 days · Output: test matrix03
Vector Testing
We execute payloads against each cell of the test matrix systematically. This is wider but shallower than Adversarial Probing — we confirm whether each vector is exploitable, but don't pursue full exploitation chains.
Duration 4–7 days · Output: per-vector test results04
Severity Mapping
Each working injection is rated by reachability (how easy to trigger), impact (what an attacker accomplishes), and prevalence (how often the surface receives untrusted input).
Duration 2 days · Output: severity-mapped findings05
Reporting
Findings document organized by injection surface, with reproduction steps and remediation guidance for each working vector. Briefer than Adversarial Probing reports because the engagement is narrower — but every finding is reproducible and actionable.
Duration 2–3 days · Output: report + walkthrough// WHAT YOU RECEIVE
Deliverables, named and specificFindings Document
Each working injection documented: surface, payload category, reproduction steps, impact, and remediation guidance.
20–30 pages · Markdown + PDFExecutive Summary
Sanitized one-page summary suitable for compliance documentation or executive briefings. Names injection classes and risk levels without exposing exploitation details.
1–2 pages · Markdown + PDFRemediation Priority List
Findings ordered by reachability and impact, with concrete mitigation steps for each. Not generic guidance — tied to specific surfaces in your deployment.
Prioritized list + tracking templateReproduction Bundle
Each finding includes reproduction steps and environmental conditions so your team can verify fixes and confirm regression hasn't reintroduced the vector.
Per-finding documentationRemediation Walkthrough
Working session with your engineering team to walk through findings, prioritize fixes, and answer questions during the remediation window.
60-minute session + recording// ENGAGEMENT SHAPE
Specific numbers, not approximations2–3 weeks
Total engagement window2 practitioners
Minimum, both seniorDaily async updates
By 18:00 client timezone< 4 hours
Notification, not remediationWritten, in SOW
Surface inventory drives scope$14,500
Single-deployment engagement< 5 business days
After engagement close30 days default
Per Rules of Engagement// WHEN THIS IS RIGHT
Honest fit criteria// THE RIGHT FIT
—
Your AI deployment is live, and you specifically want to understand prompt injection exposure — not general AI security posture.
—
You're shipping in 6–12 weeks and need to close injection gaps before launch.
—
You've had a generic security audit that didn't cover prompt injection, and you need that specific gap addressed.
—
You want a narrower, faster engagement than full Adversarial Probing as a first pass.
// THE WRONG FIT
—
You want a full security assessment of your AI stack — Adversarial Probing is the broader engagement.
—
Your system isn't deployed yet — without a live deployment, the surface inventory phase doesn't have a real target.
—
You need findings only on a single input channel — engagements have a 2-week minimum even for narrow scopes.
—
You expect a clean report — every Injection Vector Mapping engagement finds working vectors. That's why you run it.
// RELATED ENGAGEMENTS
Where this connects to the rest of our workAdversarial Probing
The broader engagement — covers injection plus jailbreak, system-prompt extraction, output handling abuse, and full exploitation chains.
DETAILS →
RAG Perimeter
If retrieval is in your stack, this defensive engagement hardens the document-layer injection surface specifically.
DETAILS →
Agentic Guardrails
After we find injection surface, this engagement designs runtime defenses against it.
DETAILS →
Injection Vector Mapping engagements start from $14,500. Reply within 24h. NDA before scope.
BOOK THIS ENGAGEMENT →