Access level ▸ Black-Box  ·  Open for engagements

Find out if your agentic AI actually holds

AI red teaming, architecture review, and control validation for teams building with LLMs, coding agents, MCP, RAG, tool integrations, and multi-agent systems. Human-led testing, AI-assisted campaign workflows, and manually verified findings.

Request red team assessment View methodology

OWASP GenAI Security Project contributor Microsoft PyRIT contributor Packt author 2026 Financial-sector AI security

Black-Box // Services

Security work built
around validation

Prove where your agentic AI system fails, understand why it fails, and validate whether the controls actually work.

RT—01Red Team

AI Red Teaming & Control Validation

Adversarial testing against LLM and agentic applications with reproducible evidence, severity assessment, and practical remediation paths.

  • Prompt injection and indirect prompt injection via documents, email, calendar, CRM, and RAG
  • Tool misuse, MCP tool poisoning, privilege escalation, and delegation abuse
  • Data exfiltration paths via rendering, tool calls, side channels, and agent workflows
  • Guardrail bypass, system prompt extraction, and monitoring evasion
  • Black-box, grey-box, and white-box testing with technical and executive reporting
AD—02Advisory

Agentic AI Security Advisory

Architecture review, threat modeling, security requirements, and operating-concept support for enterprise agentic AI stacks.

  • Coding-agent, MCP, RAG, and tool-use architecture review
  • Threat modeling across model, implementation, infrastructure, and runtime
  • Trust-boundary analysis: user/agent, agent/tools, agent/data, agent/agent
  • Security control catalogue mapped to BSI, OWASP, NIST, and MITRE ATLAS
  • MCP server and tool supply-chain risk assessment
PT—03Partnership

Ongoing Security Partnership

Continuous advisory and validation for teams shipping AI features, coding-agent workflows, and agentic applications.

  • Quarterly red team assessments as systems evolve
  • New deployment and feature security validation
  • Threat intelligence briefings on emerging AI attack vectors
  • Executive reporting and AI security posture tracking
  • Retest support and remediation validation
TR—04Training

Enterprise Training & Enablement

Selected author-led training for teams that want to build internal capability around agentic AI red teaming and secure engineering.

  • 3-day training on securing and red teaming agentic AI applications
  • Hosted lab environment with a vulnerable agentic AI application
  • Black-box → grey-box → white-box methodology transfer
  • Monitoring, detection review, and sandboxing exercises
  • Optional management summary and follow-up validation sprint
Every engagement

Clear scope, reproducible technical evidence, executive summary, prioritized remediation guidance, and a debrief for engineering and security stakeholders.

Grey-Box // Methodology

The agentic AI
red teaming lifecycle

A structured operating model for moving from architecture and controls to adversarial evidence, remediation, and retesting. Phases run in sequence — each one feeds the next.

Phase01

Architecture & Scope

Understand the AI system, data flows, model access, tools, agent permissions, deployment boundaries, and business-critical workflows.

Phase02

Threat Model & Trust Boundaries

Identify what can go wrong across user/agent, agent/tool, agent/data, agent/agent, and internal/external boundaries.

Phase03

Control Mapping

Map concrete technical controls to BSI, OWASP, NIST, MITRE ATLAS, and enterprise-specific requirements.

Phase04

Black / Grey / White-Box Red Teaming

Execute realistic attack scenarios with increasing information access, from external behavior to source-level analysis.

Phase05

Detection & Monitoring Review

Review traces, logs, guardrail events, risk scores, and detection rules to understand what attacks are visible and what stays hidden.

Phase06

Remediation & Retest

Translate findings into concrete fixes, support engineering teams, and validate whether implemented controls actually hold.

AI-assisted, human-verified red team operations

The methodology combines human-led adversarial testing with AI-assisted campaign generation, attack-surface enumeration, evidence collection, trace analysis, and report drafting. Findings are manually verified before delivery for exploitability, severity, business impact, and remediation quality.

Grey-Box // Engagement Models

From focused assessment
to continuous validation

Engage for a targeted red team assessment, a security foundation review, a validation sprint, or selected team enablement.

Most requestedScoped

Focused AI Red Team Assessment

A targeted adversarial assessment of one LLM or agentic AI system, focused on exploitability, evidence, and actionable remediation.

  • Attack scenarios based on your actual stack
  • Prompt injection, tool abuse, exfiltration, and guardrail bypass
  • Technical report and executive summary
  • Engineering debrief and remediation guidance
AdvisoryScoped

Agentic AI Security Foundation

Architecture review, threat modeling, control mapping, and operating-concept support for teams building agentic AI systems.

  • Architecture and trust-boundary review
  • Threat model and attack-surface map
  • BSI, OWASP, NIST, and MITRE mapping
  • Security requirement catalogue
ValidationSprint

AI Control Validation Sprint

Offensive validation of implemented controls against realistic attack chains and enterprise-specific AI workflows.

  • Retest of implemented controls
  • Detection and monitoring review
  • Residual risk assessment
  • Remediation debrief and next-step plan
Enablement3 days · ≤15

Enterprise Training

Hands-on training based on a realistic vulnerable agentic AI lab and practical AI red teaming methodology.

  • Black-box, grey-box, and white-box progression
  • MCP, RAG, tool abuse, and multi-step agentic attack chains
  • Monitoring, detection review, and sandboxing exercises
  • Optional management outcome summary

Grey-Box // Track Record

Real systems,
real AI security work

Regulated environments, agentic AI advisory, product assessments, open source, standards, and enterprise enablement. Client identities stay under NDA — the work doesn't.

Regulated AI NDA

Financial-Sector AI Security

Full-time AI red team engineering

Practical AI security work in a regulated banking environment, including assessment of customer-facing AI systems, attack scenario development, control validation, and security enablement for engineering teams.

Client: ████████Banking

Architecture NDA

Agentic AI Security Advisory

Architecture review & operating concept

Security advisory for enterprise agentic AI stacks involving coding agents, MCP-style tool integrations, containerized environments, model gateways, threat modeling, and BSI/OWASP-aligned control mapping.

Client: ████████Enterprise IT

Product NDA

AI Coding Platform Assessment

AI development tools

Security assessment of an AI-powered development platform with IDE integration, multi-tenant architecture, agent workflows, and code-assistance features.

Client: ████████Dev platform

Agents NDA

Tool-Using Agent Assessment

CRM, email, calendar & workflow tools

Assessment of autonomous agent workflows with business-tool integrations, focusing on prompt injection, tool misuse, data exposure, permission boundaries, and unsafe delegation.

Client: ████████Enterprise SaaS

Open Source Public

Microsoft PyRIT

AI red teaming framework

Top contributor to Microsoft PyRIT, helping improve practical tooling for AI red teaming, adversarial testing, and campaign automation.

github.com/microsoft/PyRIT ↗

Standards Public

OWASP GenAI Security

Guides and methodology

Contributor to multiple OWASP GenAI Security Project guides, including red teaming, agentic threats, incident response, and securing agentic applications.

OWASP GenAI Security Project

Training Public

Enterprise Enablement

Agentic AI red teaming training

Author-led training format for technical teams working with LLM applications, coding agents, MCP, RAG, tool integrations, and agentic workflows.

Cohorts from mid-July 2026

AI Red Teaming in Practice book cover by Volkan Kutal
ISBN 978-1-80638-085-5 Packt · 2026

The methodology, published

AI Red Teaming in Practice

Plan, execute, and report AI red team engagements against LLMs and agentic systems.

A hands-on guide to finding and exploiting vulnerabilities in LLMs, agentic systems, and AI pipelines through structured labs and real attack techniques.

Topics include black-box, grey-box, and white-box AI assessments, threat modeling, reconnaissance, model fingerprinting, attack-surface mapping, prompt injection, data extraction, tool and agent exploitation, MCP server exploitation, supply-chain and deployment attacks, PyRIT integration, campaign automation, and reporting strategies for executives, engineers, and auditors.

Black/Grey/White-Box Threat Modeling Prompt Injection Data Extraction RAG Pipelines MCP Servers Tool & Agent Exploitation PyRIT Campaign Automation Executive Reporting
Pre-order on Amazon View on Packt

White-Box // Enterprise Training

Securing & red teaming
agentic AI applications

Selected 3-day hands-on training for technical teams that want to understand, attack, monitor, and harden agentic AI applications in a realistic lab environment.

Capability transfer for technical enterprise teams

Participants work against a realistic vulnerable agentic AI application with agent loop, RAG pipeline, MCP-style tools, tool use, guardrails, audit data, and selected monitoring and sandboxing exercises.

The training follows a clean Black-Box → Grey-Box → White-Box progression — the same arc as this page — and uses L0–L3 security levels so teams can compare which controls block, detect, or fail against specific attack classes.

3Days
15Max per cohort
L0–L3Defense levels

Defense levels under test

BaselineHardened
  • For Data Scientists, ML Engineers, Developers, Security Engineers, Red Teamers, and technical leads
  • Technically demanding but progressive: no specialized AI-security background required
  • Hosted lab environment, no local setup required
  • Uses methodology and lab concepts from AI Red Teaming in Practice, extended with private training scenarios
  • First enterprise cohorts available from mid-July 2026
Day 1 Black-Box

External behavior, prompt injection, recon

Participants start from portals, browser traffic, and error messages. They identify trust boundaries, perform active recon, fingerprint guardrails, and exploit direct and indirect prompt injection.

Day 2 Grey-Box

RAG, MCP-style tools, exfiltration, agent abuse

Participants use curated grey-box materials such as architecture notes, tool schemas, selected system-prompt extracts, threat-model excerpts, and prepared attack scenarios to analyze RAG, tools, and agent trust boundaries.

Day 3 White-Box

Monitoring, defensive controls, sandboxing

Repo access opens selected implementation details. Participants review audit data and traces, test L3 controls, discuss hardening options, and run an isolated coding-agent sandboxing exercise.

White-Box // About

The operator
behind the work

Offensive AI security research, applied in regulated enterprise environments — and published as open methodology.

Volkan Kutal

Volkan Kutal

Founder & Lead AI Red Team Engineer

  • Author: AI Red Teaming in Practice — Packt, 2026
  • AI Red Team Engineer @ Commerzbank AG
  • OWASP GenAI Security Contributor
  • Microsoft PyRIT Contributor
  • Anthropic Invite-Only Jailbreak Program
  • AIUC-1 Consortium Member

Practical AI security for enterprise systems

I help organizations building with LLMs and agentic AI understand how their systems fail under adversarial pressure — and how to turn that knowledge into concrete controls, monitoring, and secure engineering practice.

My work spans the full lifecycle: architecture review, threat modeling, AI red teaming, control validation, and team enablement.

As a contributor to OWASP GenAI Security guidance and Microsoft’s PyRIT framework, I combine offensive AI security research with practical experience in regulated enterprise environments.

My upcoming Packt book, AI Red Teaming in Practice, turns this methodology into a hands-on guide for planning, executing, and reporting AI red team engagements against LLMs and agentic systems.

White-Box // Contact

Ready to validate your AI systems?

Request an AI red team assessment, control validation sprint, security advisory engagement, or selected team enablement.

info@papertocode.de

Email

info@papertocode.de

LinkedIn

Connect with Volkan ↗

Book

AI Red Teaming in Practice ↗

GitHub / PyRIT

View contributions ↗

Based in Berlin · Engagements remote or on-site