The State of AI Security Engineering Report 2026

SECURITY REVIEW ATTESTATION

Independent Assessment · Evidence-Based · Public-Safe

This attests that

ACME Corp

acmecorp.io

ACME Corp engaged aisecurity.llc to conduct a security review of the systems, processes, and public trust surfaces described below.

Service(s) performed

🎯

AI Red Team Assessment

Full adversarial engagement against AcmeAssist: prompt injection, jailbreaks, indirect attacks, and abuse scenarios.

💉

Prompt Injection Testing

Direct and indirect injection attacks against system prompt, user context, and retrieved document content.

⚙️

Agentic Pipeline Abuse

Tool-call manipulation, unauthorized action escalation, and out-of-scope action attempts via crafted inputs.

📤

Data Exfiltration Probes

Attempts to surface training data, system instructions, customer records, or cross-tenant content via the model interface.

Scope

Systems / Features in ScopeAcmeAssist AI assistant: customer-facing chat interface, underlying agentic pipeline, integrated tool calls (CRM lookup, ticket creation, knowledge retrieval), and the API gateway surface.

Review TypeBlack-box and grey-box adversarial testing. Scenarios included direct prompt injection, indirect injection via documents, goal hijacking, tool misuse, and exfiltration probes.

Engagement IDAISC-2025-0512

Engagement PeriodMay 19, 2025 – June 6, 2025

Report DeliveredJune 10, 2025

Results summary

Strong

AcmeAssist demonstrated resilient prompt handling and strong output guardrails across the majority of test scenarios. Two high-severity findings were identified — one involving indirect injection via crafted support documents and one involving partial system instruction leakage. Both were remediated prior to this attestation being issued.

2High findings

6Medium findings

10Low findings

7Informational

Domains reviewed

✓

AI Security

Prompt handling, output controls, and adversarial resilience.

✓

Application Security

API surface, authentication, and injection vectors.

✓

RAG & Data Access

Document injection, retrieval manipulation, and context poisoning.

✓

Identity & Access

Privilege escalation paths and cross-account action attempts.

✓

Data Security

Exfiltration paths and sensitive data surfacing via the model interface.

◑

Monitoring & Detection

Coverage of adversarial patterns in telemetry and alerting.

◑

Incident Response

Response playbook coverage for AI-specific abuse scenarios.

Attestation

aisecurity.llc attests that an authorized AI Red Team assessment was completed against the systems described herein.

✓The assessment was conducted under a signed Rules of Engagement agreement with defined scope, test accounts, and authorized scenarios.
✓All testing was performed in accordance 's published assessment methodology.
✓High-severity findings identified during the assessment were remediated prior to issuance of this attestation.
✓No critical vulnerabilities were identified that would enable unauthorized data access or system compromise within the agreed scope.
✓Full findings, attack narratives, evidence, and remediation guidance were delivered in the associated private report.

Caveats

This attestation confirms completion of the agreed red team scope — it does not represent a guarantee of security against all possible attack vectors.
Testing was limited to authorized scenarios, accounts, and environments described herein.
New attack techniques, model updates, or system changes may introduce risks not covered by this assessment.
This attestation is not a certification, penetration test certification, or formal compliance audit.

Attestation level

Strong

Score range: 78 – 89

Adversarial resilience within tested scenarios is strong. High-severity findings were identified and remediated prior to attestation.

Authorized by

David Wolf

Principal Security Architect

aisecurity.llc

Date of attestation

June 11, 2025

Verification

ATT-AISC-2025-0512

https://aisecurity.llc/trust-center/attestations/ATT-AISC-2025-0512