Manual AI security testing. Australia.
Manual penetration testing applied to LLM applications, RAG pipelines, and agentic systems that have moved past the demo stage and into a real workflow. AI security is where Cyber Node's penetration testing methodology meets the founder's chemical-engineering background in safety-critical systems. Cyber Node tests prompt injection, indirect prompt injection through ingested content, RAG leakage and tenant boundary breaks, agent tool-use abuse, model supply-chain risk, and training-data exposure. Aligned to the OWASP LLM Top 10 and MITRE ATLAS. Reports are written for engineers shipping the system and for the executives signing off the deployment.
Led by
One operator across every Cyber Node path. Chemical and process engineer turned cybersecurity specialist. Shell Prelude FLNG, Albemarle Kemerton lithium hydroxide, AREVA nuclear, Kazakhstan ISL uranium. Masters Chemical Engineering, EMBA, PMP, AWS Certified Security Specialty. Engineers Australia member.
Read Matt’s story →What we test
Prompt & context
User-input prompt injection. Indirect injection through documents, URLs, emails, and tool responses ingested into the context window. System prompt extraction. Jailbreak resilience under realistic adversary effort.
RAG & data
RAG leakage across tenants and authorisation scopes. Document-level access bypass. Embedding-store poisoning. Source-document exfiltration through crafted queries. Training-data exposure where sensitive content can be coaxed back out.
Agents & tools
Agent tool-use boundary breaks where the model can call APIs, browsers, or filesystem. Privilege escalation through tool chaining. Sandbox escape from code-execution tools. Indirect prompt injection that hijacks agent intent across multi-step workflows.
Why us
Most AI consultancies will run a prompt audit. Few will reason about an agent the way an engineer reasons about a P&ID hazard analysis. Cyber Node's lead engineer combines AWS Security Specialty plus AWS Solutions Architect Associate with 15 years of safety-critical engineering across FLNG, lithium hydroxide, nuclear, and uranium operations. The same hazard-tree thinking that asks "what fails when the BPCS fails" gets applied to "what fails when the model fails closed, fails open, or fails confidently wrong".
Mis-routed
Have OT, ICS, or industrial control systems in scope, including agentic AI deployed inside the plant network? Start at OT and Industrial →
Need a compliance-driven penetration test of corporate IT and SaaS applications, with no AI in scope? Start at Cyber and Compliance →
Go deeper
Capability
Worked examples and the methodology behind AI engagements, including the agent threat surface model.
Open →Research
Findings dataset across 54 manual penetration testing engagements and 1,000+ Cyber Exposure Snapshot scans.
Open →Reference
Plain-language definitions for prompt injection, RAG, agentic AI, MITRE ATLAS, and the OWASP LLM Top 10.
Open →