VECTORBREAK SECURITY · EST. 2026
Productized red-teaming, defensive engineering, and training for agentic and RAG-enabled AI systems. The artifact your cyber-insurance carrier, EU AI Act conformity assessor, and acquirer’s diligence team are now asking for.
THE METHODOLOGY · BY THE NUMBERS
Attack surfaces
Risk classes
Public case studies
Unit tests, all green
METHODOLOGY · FIVE SURFACES v0.1
LLM application security used to be one surface: a chatbot’s input box. In 2026 it’s five — and four of them are where the production incidents live. OWASP-ASI + MITRE-ATLAS + OWASP-LLM-Top-10 mapped. MIT-licensed.
01 INPUT / OUTPUT
Direct prompts, structured outputs, jailbreaks, sanitization gaps.
02 RETRIEVAL
RAG corpora, indexers, indirect injection, knowledge-base poisoning.
03 TOOL-CALL / MCP
Function calling, MCP servers, tool poisoning, privilege escalation.
04 MODEL
Weights, adapter chains, system prompts, training-data extraction.
05 RUNTIME
Sandbox escape, prompt-to-RCE, agent loops, memory persistence.
PUBLIC CASE STUDIES
Eight published assessments. Six PASS verdicts on Claude-family hosts. Two FAIL verdicts on cross-family direct-to-model targets — the empirical property that auditors, insurers, and acquirers need to see before they accept a methodology as evidence-grade.
| # | Target | Surface scope | Findings | Verdict |
|---|---|---|---|---|
| 07 | Direct-to-model · MiniMax-M2 | FS1 · FS3 · FS4 | 16 (12 HIGH) | FAIL |
| 08 | Direct-to-model · gpt-oss:120b | FS1 · FS3 · FS4 · FS5 | 38 (36 HIGH) | FAIL |
| 01 | Claude Code · Opus 4.7 | FS3 · full battery | 0 | PASS |
| 03 | Claude Code · Opus 4.7 (extended) | FS1 · FS3 | 0 | STRONG PASS |
| 04 | Antigravity · Opus 4.6 Thinking | FS1 · FS3 · FS5 | 1 disclosed | STRONG PASS |
| 05 | Claude Code · Sonnet 4.6 | FS3 · full battery | 0 | STRONG PASS |
| 06 | Claude Code · Haiku 4.5 | FS3 · full battery | 0 | STRONG PASS |
| 02 | Redacted under NDA | — | — | UNDER NDA |
SERVICES · FOUR PILLARS
Four ways to engage Vectorbreak Security, depending on the decision you’re driving and the team you already have in place.
Fixed-scope red-team engagements against your live AI agent or RAG pipeline. Five Surfaces methodology in full. Insurance-grade deliverable, retest included, sign-off letter for compliance, carrier and acquirer use.
SKU ladder · $4.5k–$285k →Two-day on-site or virtual Five Surfaces workshop for AppSec, ML, and platform teams. Hands-on labs against intentionally vulnerable agents. Certification track. Ninety days of async Q&A and follow-up review.
Workshop · from $60k →Custom defensive tooling: hardened MCP servers, attestation pipelines, prompt-injection monitoring, agent-loop circuit breakers, automated red-team CI. Built to your stack. Maintained on retainer if you want it.
Scope a buildout →Vetted private community of AI red-teamers, AppSec engineers, ML-platform people, and compliance leads. Weekly threat-class drops, live PoC reviews, monthly threat-intel briefing.
Apply to join →PRICING · FIXED FEE
Fixed-fee at every level. No hourly creep. No “as-needed” travel costs. PoCs and infrastructure on me. 60% on signature, 30% at delivery, 10% on retest sign-off.
| SKU | Scope | Duration | From |
|---|---|---|---|
| Pulse | Public 10-probe Surface-3 battery against your MCP server(s). 1-page red/yellow/green + 30-min readout. | 1 day | $4,500 |
| MCP Triage | Surface 3 only — full fuzzer run + manual creative testing + findings memo. | 1 week | $12,500 |
| Pilot | Single in-scope surface, single product. Full deliverable shape, narrower target. | 2 weeks | $28,500 |
| Standard | One product, ≤3 MCP servers, ≤2 retrieval pipelines, all five surfaces in scope. | 4 weeks | $48,500 |
| Multi-Agent | Standard + multi-agent orchestration (LangGraph / AutoGen / CrewAI), 4–6 MCP servers, sub-agent trust analysis. | 4 weeks | $78,500 |
| Compliance-Anchored | Standard + EU AI Act Article 15/16/26 conformity mapping + ISO/IEC 42001 Annex A + insurance-attestation pack. | 5 weeks | $125,000 |
| Annual Program | Quarterly assessments + monthly threat-intel briefing + 24-hr emergency-triage SLA + annual board readout. | 12 months | $185K – $285K |
THE EXPERT YOU’RE HIRING
Founder · Vectorbreak Security · Maintainer · Five Surfaces
Two decades in offensive security and infrastructure. Author of the Five Surfaces methodology and the open-source mcp-fuzzer — 139 unit tests passing, CI across Ubuntu, macOS, and Windows. Thirty-four adversarial MCP tools across seven Surface-3 risk families.
The cross-family case studies — including the public FAILs on MiniMax-M2 and gpt-oss:120b — were authored solo. So is every engagement. Your code is not subcontracted to a junior analyst pool. There is no junior analyst pool.
Disclosure pipeline currently includes a Cursor cross-family disclosure and an Antigravity MCP env-block bug, both pending coordinated release through vendor channels.
COMMUNITY · DISCORD
A vetted private community of AI red-teamers, AppSec engineers, ML-platform people, and compliance leads. Weekly threat-class write-ups, live PoC reviews, monthly threat-intel briefing. No vendors, no recruiters, no AI-twitter noise.
Practitioner tier
Application required
Threat-class drops
SCOPE AN ENGAGEMENT
Direct line to founder. No SDR layer. Response in 24 hours.
Or join the practitioner Discord if you’re here to talk shop, not scope an engagement.