Security review for tool-using agents

AI Agent Security Audit Service

A fixed USD $1,000 async audit for one AI agent, MCP server, or tool-using product slice before launch. The review focuses on the places agent products fail in production: tool calls, credentials, auth boundaries, prompt/tool injection, browser sessions, memory/state, write actions, tests, and deployment assumptions.

Start AI agent audit Reserve audit slot Run free scanner Open AI Agent Radar Use Code Scanning Open fixed quote Review terms

PriceUSD $1,000 fixed

ScopeOne agent, repo, MCP server, or product slice

Turnaround48-hour target after scope and payment confirmation

OutputBoundary map, ranked findings, tests, launch notes

Review areas

What the audit checks

This is for teams that have an agent already calling tools, moving data, or preparing to connect real users. The goal is a ranked fix plan, not a generic checklist.

Tool inventory, write/destructive classification, and human approval gates

Prompt injection and tool output injection paths from web pages, tickets, docs, logs, memory, and RAG content

Credential loading, token scope, secret redaction, and agent-readable error or log exposure

Auth and tenant boundaries across users, workspaces, accounts, sessions, and connected providers

Browser automation risks: authenticated sessions, clicks, downloads, form submission, and JavaScript execution

Tests, CI, rollback notes, and launch gates that prove high-impact tools fail closed

Good fit

When this is worth booking

Your agent can send messages, edit files, publish content, place orders, query databases, control browsers, or call cloud APIs.

You are adding MCP, function calling, LangGraph, hosted tool execution, RAG, browser automation, or workspace integrations.

You need a launch-readiness review that engineering can act on within days.

You can provide a public repo, private repo access, sanitized docs, traces, SARIF findings, or a focused product slice without secrets.

Free triage first

Use scanner evidence to scope the paid review

The free scanner can inspect public GitHub repos, private local files, or GitHub Code Scanning SARIF output before a paid scope is accepted. It is heuristic triage, not certification.

BrowserScan a public GitHub URL or private local files

SARIFUpload scanner output to GitHub Code Scanning

RadarCompare popular AI agent repo scan signals

MCPUse the MCP server scan entry point

HumanAttach the evidence to an AI agent audit request

Common audit targets

Agent risk surfaces that deserve human review

MCP servers with local, stdio, HTTP, SSE, WebSocket, hosted, or multi-tenant transports.

Browser automation agents that act inside authenticated sessions or extract private pages.

Workspace agents connected to email, calendar, docs, drive, chat, CRM, tickets, and internal knowledge bases.

Cloud and database agents that can mutate infrastructure, SQL, queues, storage, Kubernetes, or admin APIs.

Trading and payment agents with irreversible financial actions, account credentials, or order placement paths.

Flow

How the paid sprint starts

Open an intake issue with repo/product URL, scope, evidence, delivery visibility, payment network, and highest concern.
Optionally attach browser scanner output, SARIF alerts, traces, or sanitized architecture notes.
Scope is accepted in writing for one repo, agent, MCP server, or product slice.
Pay USD $1,000 equivalent only after scope acceptance, or agree an invoice-first path before work starts.
The 48-hour target starts after both scope acceptance and payment confirmation.

Open AI agent intake Open fixed quote Read sample reports Use checklist first