Skip to content

AI Security and AI Trust Layer - securing AI agents

Prompt injection, indirect prompt injection, data exfiltration, the lethal trifecta, MCP security and the OWASP LLM Top 10 create a new layer of risk in AI projects. The greater the access AI agents have to data, tools and systems, the greater the importance of a security review before production launch.

What your organisation gains

Lower risk of critical data leakage

AI Security Review helps identify scenarios in which an AI agent could gain access to sensitive data, disclose information through an answer, logs or tools, or be exploited to exfiltrate data. We identify these risks before deployment, while they can still be mitigated through architecture, permissions and safeguards.

Readiness for NIS2, DORA and AI Act requirements

An AI deployment should have a documented risk assessment, access control, usage logging, oversight rules and an audit trail. SNOK prepares the AI Security Review as material supporting compliance, internal audit, and the decision to approve a solution for production.

An audit trail for AI agent activity

The AI Trust Layer and logging mechanisms allow queries, answers, sources used, tools invoked, escalations and human decisions to be recorded. This lets the organisation trace what the AI agent did, on what basis, and in what context.

Protecting reputation and operational control

An AI-related incident can mean not only a technical problem, but also reputational, regulatory and operational risk. It is better to identify vulnerabilities at the project stage than to react after go-live, when the solution already has access to data, users and systems.

What we deliver on this project

AI Security Review

We test solutions for direct and indirect prompt injection, jailbreaking, retrieval poisoning, data exfiltration, unauthorised access to sources, tool misuse and flaws in permission design. As a baseline we use the OWASP LLM Top 10, the NIST AI RMF, MITRE ATLAS and good security practice for LLM-based applications.

AI Trust Layer in UiPath

We implement and configure governance mechanisms for AI agents: access control, action logging, usage rules, monitoring, escalation paths and an audit trail. The goal is an AI deployment that can be overseen, analysed and developed in a controlled way.

Source-aware access control

We design data access so that an AI agent only uses sources the user is authorised to access. This applies both to direct answers and to answers generated from documents, knowledge bases, enterprise systems and external tools.

MCP Security

We audit the use of the Model Context Protocol and tools connected to AI agents. We check tool sandboxing, input validation, control of side effects, data separation, permission constraints, and the risk of command injection or uncontrolled tool behaviour.

AI agent red teaming

We run simulated attacks on AI agents: prompt injection, indirect prompt injection, data exfiltration, privilege escalation, tool misuse, source manipulation and attacks on the decision process. For critical data we recommend additional red-team testing before production launch.

AI Act compliance

We support classification of AI systems, gap analysis, preparation of an AI systems register, documentation, oversight rules, ownership roles, usage logging and an audit trail. If the organisation needs a quick start, we can prepare a basic AI governance framework within 4 weeks - with further extension to specific systems, data sources and security requirements.

How we deliver projects in this area

We start with threat modelling. We establish what the AI agent can do, what data it has access to, which tools it uses, which decisions it supports, and which misuse scenarios are realistic in the given environment.

We then run technical testing: prompt injection, indirect prompt injection, data exfiltration, jailbreak, retrieval poisoning, MCP security, and scenarios aligned with the OWASP LLM Top 10. We also check the AI Trust Layer configuration, usage logging, permissions and escalation paths.

The final report covers risk descriptions, prioritisation, remediation recommendations, an action plan and the scope of retesting. For production projects we recommend that a positive AI Security Review be one of the conditions for launching the solution.

Technology stack

UiPath AI Trust LayerOWASP LLM Top 10NIST AI RMFMITRE ATLASModel Context ProtocolLangChain SecurityPyRITPromptArmorLakera GuardAzure AI Content SafetyAnthropic ClaudeOpenAIAzure OpenAI

The team’s experience in cybersecurity, AI and enterprise systems confirms SNOK’s readiness to deliver AI security projects.

Where we have delivered similar solutions

Healthcare operator

AI Security Review for an HR agent with access to employee data. The review covered data access, misuse scenarios, action logging, and remediation of risks before production launch.

Financial sector bank

AI Security Review for a KYC agent, including red-team testing, access control for sources, analysis of the decision process, and preparation of material supporting the requirements of a regulated environment.

Technology company

Audit of MCP tools for a DevOps agent, covering command-injection risk, uncontrolled tool use, access to the CI/CD pipeline, and mechanisms limiting the impact of the agent’s faulty behaviour.

FAQ - AI Security

How does AI Security differ from a classic penetration test? +

A classic pentest focuses on the application, API, front end, infrastructure and security configuration. AI Security additionally examines the model and AI orchestration layer: prompt injection, jailbreaking, retrieval poisoning, access to sources, tool use, MCP security and data-exfiltration risk. It does not replace a classic pentest - it complements it for systems built on LLMs and AI agents.

Does the AI model provider protect the organisation against these risks? +

Partly. Model providers apply their own safeguards and guardrails, but a large share of the risk arises at the application layer: in data access, retrieval, tools, integrations, permissions and process logic. It is this layer that the organisation needs to design, test and monitor.

What is the lethal trifecta? +

The lethal trifecta is a scenario in which an AI agent simultaneously has access to private data, contact with untrusted external content, and the ability to communicate or act externally. This combination increases the risk of data exfiltration through prompt injection. In practice it means the agent could read sensitive data, be manipulated by external content, and use an available tool to disclose information.

Is an AI Security Review mandatory in SNOK projects? +

For agentic automation projects and AI solutions with access to data, tools or systems, we recommend an AI Security Review as a standard element of the deployment. In production projects we treat a positive review result as a condition for the safe launch of a solution, or as the basis for a decision on additional remediation.

Get in touch