Verified Background
Check LinkedIn. Four years at Tesla, agency work before that, and 15 years shipping production systems. No anonymous team-just Matt Owens.
View LinkedIn ProfileSecurity testing for AI platforms
Security-First Architecture for AI Platforms
Traditional scanners miss AI-specific threats. CodeWheel tests LLM behavior, RAG pipelines, agent permissions, and multi-tenant isolation-plus OWASP methodology for the application layer. Same engineer who finds vulnerabilities fixes them-no handoffs, no lost context.
Related services: Penetration Testing , Prompt Injection Defense , Secure RAG Builds
Honest stats
15 Years
Production engineering (including Tesla)
Independent Architect
Direct access, no handoffs
AI + Security
RAG builds, prompt injection, pen testing
Early clients: Preferred rates for the first five launches.
How engagements work
From discovery to architecture to build
Security testing is where most teams start. Architecture review is where we find root causes. Building is where we fix them permanently.
1
Discovery
Pressure-test the system
Adversarial testing finds how your AI fails under real attack conditions - prompt injection, RAG leakage, agent abuse, tenant isolation gaps.
Typical: 1-2 weeks
2
Architecture
Find the root causes
Vulnerabilities are symptoms. Architecture review traces them to design decisions - missing RLS, retrieval filter gaps, tool permission models.
Typical: 2-3 days
3
Build
Fix it permanently
Remediation pairing, platform hardening, or full rebuilds - from the same engineer who found the issues. No handoff, no lost context.
Typical: 2-8 weeks
Most teams start at step 1. Some skip straight to architecture review. A few need all three. We figure out where you are on the first call.
Is this you?
You're a fit if…
Security urgency
You need to pass a vendor review, SOC questionnaire, or investor security diligence within weeks-not quarters.
AI surface area
You ship RAG or agents that touch real data, and you want retrieval filters, semantic search safety, and tool guardrails locked before GA.
Full-loop delivery
You want findings, remediation code, and retests from the same person-no handoff to a separate team.
Anonymized examples
Stopped a prompt-injection chain that bypassed content policy; patched retrieval filters that allowed cross-tenant leakage; added confirmation/rollback workflow to an agent that could mutate billing data.
Services offered
Penetration Testing + AI Security
OWASP testing plus AI-specific attacks (Prompt Injection, RAG isolation, tool abuse). Includes prioritized findings, proof-of-concept payloads, and retests.
Prompt Injection & Guardrail Audits
Focused 1-2 week engagements covering adversarial prompts, context poisoning, tool validation, and output filtering for RAG/chat/agent features.
Investor Due Diligence
Security audit package for pre-seed to Series A startups. Executive-ready report that investors recognize, risk roadmap, and SOC 2 readiness assessment.
RAG Implementation & Hardening
Next.js + Supabase builds with ingestion pipelines, eval harnesses, pgvector hybrid search, and observability so testing has real telemetry.
Architecture & Advisory Sessions
One-off reviews or recurring advisory covering threat modeling, identity/billing integration, and practical roadmaps for lean teams.
Want to go deeper before we talk? Read the penetration testing guide , the prompt injection defense playbook , or download the AI security testing checklist .
Why security still matters
Threats CodeWheel tests for
Prompt Injection & Jailbreaks
Inputs that override system prompts, leak credentials, or trigger unauthorized tool calls. Traditional scanners rarely cover it-manual testing is required.
RAG Data Leakage
Vector databases don't enforce tenant isolation by default. Attackers can pivot between customers unless filters, metadata, and ACLs are locked down.
Agent/Tool Abuse
Agents calling payment APIs, CRUD functions, or MCP servers can be coerced into destructive behavior if parameter validation and allowlists are weak.
Context Manipulation
Huge uploads, encoding tricks, or multi-turn prompts designed to exhaust context windows and bypass safety instructions.
Plain Old Web Vulns
Auth issues, misconfigured rate limits, exposed secrets, and CI/CD gaps still exist-especially when teams sprint to ship AI features.
These threats are covered in depth inside the AI penetration testing guide and prompt injection defense playbook .
No fake social proof
Trust signals you can verify
First Clients Program
CodeWheel is new. Early clients get preferred early-adopter rates, direct influence on process, and priority access. In exchange, we get honest feedback and the ability to document real case studies.
Talk about becoming an early clientBuilding in Public
Weekly blog posts + LinkedIn updates cover what we're building, testing, or learning about AI security. No mystery. Judge us by the work.
Read the BlogProcess
How CodeWheel works
Kickoff to understand your architecture, baseline scans to find obvious gaps, deep manual testing for prompt injection and RAG issues, then remediation and retest. Findings are shared in real time-not just a final PDF.
Kickoff & Architecture Review
Share your architecture, environments, and priorities. We decide together if staging or production testing makes sense, set communication cadences, and schedule the work.
Baseline Testing + Instrumentation
Set up monitoring/logging if needed, run lightweight OWASP scans, map attack surfaces, and confirm access before deep manual testing begins.
Manual AI-Specific Testing
Prompt Injection playbooks, RAG isolation checks, agent/tool abuse attempts, and context manipulation attacks. Findings are shared as they happen-not just in a final PDF.
Report, Remediation, and Retest
Markdown + PDF report with impact, reproduction steps, and fixes written in your stack. We pair on patches if needed, then retest within 30 days.
Ready to see it in action?
Walk through threat modeling for your AI platform
See how CodeWheel maps attack surfaces, prioritizes risks, and builds remediation roadmaps in a 30-minute session tailored to your stack.
Engagement options
How we can work together
Scoped to fit your stage. Reports ready to share with investors or customers.
Prompt Injection Audit
1-2 Weeks
- 200+ adversarial prompts
- RAG isolation testing
- Tool/agent abuse checks
- Remediation guidance + retest
Penetration Test + AI Coverage
2-3 Weeks
- OWASP Top 10 + AI-specific testing
- Infrastructure & CI/CD review
- Executive + technical reports
- 30-day retest window
Investor Due Diligence Package
1-2 Weeks
- Security audit for fundraising
- Executive-ready report for investors
- Risk assessment + remediation roadmap
- SOC 2 / compliance readiness check
Platform Build or Hardening
3-8 Weeks
- RAG Implementation or refactor
- Identity/billing integration
- Security Testing baked in
- Early-adopter discount available
Advisory / Architecture Review
1 Week to Schedule
- 60-minute working session
- Threat modeling + next steps
- Follow-up summary
- Great for quick gut-checks
Honesty first
Common questions
Do you have client testimonials?
Not yet. CodeWheel is new. We lean on LinkedIn recommendations and public technical content. Early clients get discounted pricing in exchange for honest feedback and the ability to publish future case studies.
How many AI platforms have you secured?
Across Matt's career: dozens of production systems (Tesla, agencies, startups). Under the CodeWheel banner: building that portfolio now. If you need enterprise references today, we're probably not the right fit.
Do you handle formal compliance audits?
CodeWheel focuses on Security Readiness and technical evidence. We build the guardrails and run the tests that auditors require, but do not issue formal compliance certificates. If you need third-party attestations or certification paperwork, we can introduce you to partners once the product is ready.
What access do you need?
Role-based accounts in staging (or production if necessary), API keys, and architecture context. CodeWheel never requests raw production databases. Everything is covered by NDA.
Are we too early for security testing?
If you're handling customer data, building RAG/agent features, or planning a launch, it's the right time. Early-stage teams are our specialty-you get senior engineering without the agency markup.
Learn more
Free resources
Prompt Injection Guide
Deep dive on how Prompt Injection works and how CodeWheel tests for it.
Read the prompt injection guideAI Security Checklist
Free checklist covering the exact controls CodeWheel stands up on builds.
Get the AI security checklistRAG Architecture Guide
How CodeWheel designs ingestion, retrieval, and eval harnesses before testing.
Read the RAG architecture guideReady to get started?
Share your architecture and timeline. We'll outline scope, approach, and pricing. If we're not the right fit, we'll tell you.
CodeWheel doesn't just identify risks - we help fix them through architecture reviews, remediation pairing, and secure platform builds.
Contact
Email: matt@codewheel.ai
Phone: (650) 600-0498
Based in the Bay Area. Happy to meet virtually or in person if you're nearby.
Learn more about our approach in the complete penetration testing guide.
Serving companies across the San Francisco Bay Area, Silicon Valley, and remote teams worldwide.