[PERDITION//SEC]Contact
// 01   capabilities

Services

Five focused practices. Every engagement is led by a principal with ten years of hands-on offensive and defensive experience — no pyramid, no subcontracting, no surprises.

// featured  ·  fixed_price

Startup Security Audit

A two-week, fixed-price security review for funded startups. One senior practitioner. One report your engineers will actually act on. Retest included.

// price  $5,000 – $10,000 USD// duration  2 weeks
See details & intake
  • 1 web app pentest
  • External attack-surface scan
  • Cloud config review
  • Threat model + readout
  • Free retest
// featured  ·  flagship_capability

AI Penetration Testing & Red Teaming

Adversarial testing for LLMs, agents, and AI-powered products — prompt injection, jailbreak engineering, agent red teaming, RAG poisoning, and model supply-chain review. Tested across SMB, enterprise, and global-enterprise systems.

// aligned to  OWASP LLM / MITRE ATLAS// scope  custom per system
See the practice
  • Prompt injection & jailbreaks
  • Agent red teaming
  • RAG & retrieval poisoning
  • Tool & function-call abuse
  • Model supply-chain review
// all_capabilities
// 01

Penetration Testing

Hands-on, manual-led testing of web applications, internal and external networks, cloud environments (AWS, Azure, GCP), and APIs. Every engagement maps to MITRE ATT&CK and OWASP, with findings ranked by real exploitability — not just CVSS.

  • Web application & API testing
  • Internal & external network
  • Cloud configuration review (AWS / Azure / GCP)
  • Re-test included
// 02

Red Team & Adversary Emulation

Goal-oriented, multi-vector engagements that emulate threat actors relevant to your industry. We work with your blue team (or quietly around them) to validate prevention, detection, and response — and produce a debrief your engineers will actually use.

  • Initial access via phishing, web, or assumed-breach
  • Custom tooling, OPSEC-aware
  • Purple team debrief with detection gaps
  • Threat-actor emulation (FIN, APT, ransomware)
// 03

Security Consulting & Advisory

Architecture review, security program strategy, vendor risk, secure SDLC, cloud landing zones. Direct work with engineering leaders — no ten-person consulting pyramid, no outsourcing to juniors.

  • Security architecture review
  • Program strategy & roadmap
  • Cloud landing zone hardening
  • Fractional CISO engagements
// 04

GRC — ISO 27001, ISO 42001, PCI

Pragmatic governance, risk, and compliance work for ISO/IEC 27001:2022, ISO/IEC 42001 (AI Management Systems), and PCI-DSS. Built around your existing engineering practices instead of bolted on top of them.

  • ISO 27001:2022 implementation & readiness
  • ISO 42001 AI management system
  • PCI-DSS scoping & remediation
  • Policy, controls, internal audit prep
// 05

AI Penetration Testing & Red Teaming

Hands-on offensive testing of LLM and agent systems — prompt injection, jailbreak chains, tool and function abuse, RAG and retrieval poisoning, model supply chain, output handling, and training-data exfiltration. We've tested AI deployments from seed-stage SMB products to Fortune 500 and global-enterprise platforms, and map every finding to the OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF.

  • Prompt injection & jailbreak engineering
  • Agent red teaming (tool abuse, planner hijack, lateral pivots)
  • RAG, retrieval & memory poisoning
  • Model supply-chain & output-handling review
  • Tested across SMB, enterprise & global-enterprise scale
  • Aligned to OWASP LLM Top 10 / MITRE ATLAS / NIST AI RMF
// engagement_model

Fixed-scope projects, retainer advisory, or purple-team collaborations. Talk to us about what you need.

Start an engagement