Platform · Teardowns
What is an AI agent security teardown?
A teardown runs your agent the way an attacker will — hostile tickets, poisoned pages, malicious retrieval results, tool-description drift, consent spoofing, and exfiltration pressure. It maps which source crossed into which action, then turns each failure into a rule the runtime can enforce.
By the Ultra13 teamPublished Updated
TL;DR
- Attack first: exercise the full agent loop, not just the prompt.
- Map each exploit path from untrusted source to privileged sink.
- Convert findings into source-to-sink policy.
- Keep the exploit replay as a regression test.
From finding to control
A report without enforcement is a screenshot of yesterday’s risk. Each teardown finding becomes an enforced rule and a replay — see agentic AI red teaming and the anonymised teardown example.