AI Security Testing
Your AI screener will do
whatever a resume tells it to.
One sentence in a cover letter caused a production HR AI system to write a haiku inside its own rejection letter. That same gap exists in your hiring pipeline right now. We find it before someone else does.
Get the Scan — $500 →The Attack Surface
Every field an applicant or user fills out is a potential injection vector. Most AI systems deployed in HR and intake workflows were never tested against adversarial input.
1
Resume / CV
2
Cover Letter
3
Form Fields
4
LinkedIn Scraping
5
Doc Metadata
6
Email Follow-Up
What We Test For
Instruction Following
Does the AI execute commands embedded in applicant input? The haiku test is the baseline — a plain English instruction in a cover letter that caused the system to follow it without filtering. Any system that passes this step is confirmed vulnerable to basic injection.
Behavioral Manipulation
Can injected text shift how the AI scores or routes a candidate? This tests whether an attacker can bias outcomes — pushing an application toward approval or triggering specific flags — through instructions embedded in submitted documents.
Data Extraction
Can injected instructions cause the AI to reveal its system prompt, scoring rubric, decision criteria, or data from other applicants? Extraction attacks turn your AI into an unintentional data disclosure channel.
Output Contamination
Does injected content appear verbatim or paraphrased in recruiter-facing output? The haiku-in-rejection-letter failure mode falls here. Contaminated output exposes your organization to legal and reputational risk every time a recruiter reads it.
Services & Pricing
One-Time
AI Vulnerability Scan
$500
- All 6 attack vectors tested
- Instruction following, manipulation, extraction, and contamination tests
- Written findings report with severity ratings
- Proof-of-concept documentation for confirmed injections
- Remediation checklist with specific fixes
- Delivery in 3–5 business days
Monthly
Retainer
$500 first month
$350/month after
$350/month after
- Everything in One-Time Scan
- Re-scan after remediation
- Updated findings report each cycle
- Ongoing advisory on new injection vectors
- Cancel anytime after first month
Annual
Annual Retainer
$3,000/year
- Everything in Monthly Retainer
- Quarterly re-scans included
- Priority turnaround on new findings
- Coverage as your AI tooling changes
- Bilingual delivery available (EN/ES)
- Best value for teams shipping AI features regularly
Sample Finding
This is a redacted example from a confirmed injection. The format matches what appears in every findings report.
Finding — Confirmed Instruction Execution (Critical)
Vector: Cover letter — plain text field
Payload: Natural language instruction embedded in closing paragraph
Result: AI-generated output (rejection letter) contained the injected content verbatim
Severity: Critical — The system executed attacker-controlled instructions without filtering, sanitization, or output validation. The injected content appeared in recruiter-facing correspondence sent to the applicant.
Remediation: Input sanitization layer before LLM context injection. Output validation against known injection signatures. Human review gate before AI-generated correspondence is sent externally.
Status: Open — Action required immediately.
Payload: Natural language instruction embedded in closing paragraph
Result: AI-generated output (rejection letter) contained the injected content verbatim
Severity: Critical — The system executed attacker-controlled instructions without filtering, sanitization, or output validation. The injected content appeared in recruiter-facing correspondence sent to the applicant.
Remediation: Input sanitization layer before LLM context injection. Output validation against known injection signatures. Human review gate before AI-generated correspondence is sent externally.
Status: Open — Action required immediately.
Common Questions
What is prompt injection in an HR AI system?
Prompt injection is when an attacker embeds instructions inside applicant-supplied text — a resume, cover letter, or form field — that the AI executes as commands. A confirmed example: a single instruction embedded in a cover letter caused a production HR AI system to write a haiku inside the rejection letter it sent back. The instruction was followed without any filtering or validation.
What AI systems does this scan cover?
Any AI system that reads external, uncontrolled input. Primary targets: applicant tracking systems with AI layers, AI chatbot screeners, automated outreach tools, and HR intake form processors. The same methodology applies to customer support AI, onboarding bots, and any pipeline where an end user supplies free-form text that an LLM processes.
How long does the scan take to deliver?
One-time scans are delivered in 3 to 5 business days. The retainer includes a re-scan after you complete remediation, delivered within the same window.
What access is required?
Access to the AI-facing intake forms or system — the same access any applicant or user would have. No source code or admin credentials required for external-facing surfaces. A signed engagement agreement is required before testing begins.
We use an off-the-shelf HR tool. Can you still scan it?
Yes. Off-the-shelf tools are often the most vulnerable because the vendor shipped a general-purpose AI layer without injection hardening for your specific intake configuration. Most findings in off-the-shelf tools come with vendor-specific remediation steps — configuration changes you can make without touching code.