Penetration testing · Prompt injection · Agent & RAG security
Security testing that mirrors how AI platforms actually break
Traditional scanners miss AI-specific threats. CodeWheel blends OWASP methodology with prompt injection playbooks, RAG isolation checks, and agent abuse testing. The same team that finds vulnerabilities fixes them — no handoffs, no lost context.
Honest stats
15 Years
Production engineering (including Tesla)
Engineering Studio
Direct access to senior engineers, no handoffs
Full Coverage
Prompt injection, pen testing, agent & RAG security
Fixed-scope pricing with no surprise invoices.
Anonymized examples
What recent tests uncovered
Multi-tenant RAG
Caught cross-tenant retrieval via weak metadata filters; patched query scopes and replayed hostile corpora before audit.
Agent tool abuse
Found agent-triggered billing mutation without confirmation; added RBAC + confirmation workflow and rollback path.
Prompt injection
Detected jailbreak chain that bypassed content policy; added guardrails and regressions before GA.
Testing scope
Threats CodeWheel tests for
Prompt Injection & Jailbreaks
Inputs that override system prompts, leak credentials, or trigger unauthorized tool calls. Traditional scanners rarely cover it — manual testing is required.
RAG Data Leakage
Vector databases don't enforce tenant isolation by default. Attackers can pivot between customers unless filters, metadata, and ACLs are locked down.
Agent/Tool Abuse
Agents calling payment APIs, CRUD functions, or MCP servers can be coerced into destructive behavior if parameter validation and allowlists are weak.
Context Manipulation
Huge uploads, encoding tricks, or multi-turn prompts designed to exhaust context windows and bypass safety instructions.
Plain Old Web Vulns
Auth issues, misconfigured rate limits, exposed secrets, and CI/CD gaps still exist — especially when teams sprint to ship AI features.
Process
How CodeWheel tests
Kickoff to understand your architecture, baseline scans to find obvious gaps, deep manual testing for prompt injection and RAG issues, then remediation and retest. Findings are shared in real time.
Kickoff & Architecture Review
Share your architecture, environments, and priorities. We decide together if staging or production testing makes sense, set communication cadences, and schedule the work.
Baseline Testing + Instrumentation
Set up monitoring/logging if needed, run lightweight OWASP scans, map attack surfaces, and confirm access before deep manual testing begins.
Manual AI-Specific Testing
Prompt injection playbooks, RAG isolation checks, agent/tool abuse attempts, and context manipulation attacks. Findings are shared as they happen — not just in a final PDF.
Report, Remediation & Retest
Markdown + PDF report with impact, reproduction steps, and fixes written in your stack. We pair on patches if needed, then retest within 30 days.
Engagement options
How security engagements have been structured
Scoped to fit your stage. Reports ready to share with investors or customers.
Advisory Session
1 Week to Schedule
- 60-minute working session
- Threat modeling + next steps
- Follow-up summary
- Great for quick gut-checks
Prompt Injection Audit
1-2 Weeks
- 200+ adversarial prompts
- RAG isolation testing
- Tool/agent abuse checks
- Remediation guidance + retest
Full Penetration Test
2-3 Weeks
- OWASP Top 10 + AI-specific testing
- Infrastructure & CI/CD review
- Executive + technical reports
- 30-day retest window
Investor Due Diligence
1-2 Weeks
- Security audit for fundraising
- Executive-ready report for investors
- Risk assessment + remediation roadmap
- SOC 2 / compliance readiness check
Platform Build or Hardening
3-8 Weeks
- RAG, agent, or orchestration implementation/refactor
- Identity/billing integration
- Security testing baked in
- Transparent, fixed-scope pricing
FAQ
Common questions
Do you have client testimonials?
We publish detailed case studies and technical content so you can evaluate the work. Our founder's background spans 15 years of production engineering, verified on LinkedIn. Happy to walk through past engagements on a call.
Do you help fix the issues you find?
Yes. Every report includes remediation guidance. We pair with your team to implement fixes and validate through retesting. If you want us to handle fixes directly, we can scope that separately.
Does this satisfy compliance requirements?
CodeWheel focuses on security readiness and technical evidence. We build the guardrails and run the tests that auditors require, but do not issue formal compliance certificates. For third-party attestations, we can introduce you to partners.
What access do you need?
Role-based accounts in staging (or production if necessary), API keys, and architecture context. CodeWheel never requests raw production databases. Everything is covered by NDA.
What's the difference between prompt injection and jailbreaking?
Jailbreaking defeats model-level safety filters. Prompt injection hijacks downstream systems — tools, APIs, billing — after the model accepts a malicious instruction. Both are covered in every engagement.
Are we too early for security testing?
If you're handling customer data, building RAG/agent features, or planning a launch, it's the right time. Early-stage teams are our specialty — you get senior engineering without the agency markup.
Ready to get started?
Share your architecture and timeline. We'll outline scope, approach, and pricing. If we're not the right fit, we'll tell you.
Contact
Email: matt@codewheel.ai
Based in the Bay Area. Happy to meet virtually or in person if you're nearby.
Verify our founder's background on LinkedInServing companies across the San Francisco Bay Area, Silicon Valley, and remote teams worldwide.