Agent Security
Your agents are in production. Their security review isn't.
Fixed-scope security review for companies running AI agents and MCP servers in production — mapped to the OWASP Agentic AI Top 10, AISVS 1.0, and NIST AI RMF. Built for 100–1,000-person engineering organizations where agents already hold credentials and call tools.
Why agents need their own review
The exposure is structural, not hypothetical
Agents hold real credentials, call real tools, and act without a human in the loop. The protocol layer most stacks are built on ships with four gaps you inherit on day one:
Auth is delegated to the transport
The MCP specification leaves authentication to the transport layer. Your agent stack inherits whatever the connection provides — nothing in the protocol checks who is calling.
No per-tool authorization
A connected agent can typically call every tool a server exposes. There is no standard mechanism to scope an agent to the two tools it actually needs.
No standard agent identity
There is no built-in way to attest which agent — or which version of it — performed an action. Identity and attestation are bolt-ons, if they exist at all.
No standard audit-log format
When something goes wrong, there is no protocol-level record of what your agents did. Reconstructing agent actions after an incident is archaeology.
The regulatory clock runs alongside the technical one. The Colorado AI Act has been live since February 2026 for high-risk AI systems making consequential decisions, other states are following, and EU AI Act Annex III obligations land December 2, 2027. SOC 2 and HIPAA scope is already reaching agent deployments through customer due-diligence questionnaires.
What independent audits found
The tooling is noisy. The exposure is real.
~78%
false-positive rate on MCP tool-description scans
Source: An independent audit found ~78% of YARA detections on MCP tool descriptions were false positives (AppSec Santa audit, April 2026).
71%
of audited public MCP servers graded F — zero received an A
Source: AgentsID 100-package audit, 2026. Every vendor-maintained tool-exposing server in the sample failed.
~5%
of MCP servers carried tool-poisoning patterns
Source: Hasan et al., academic study of 1,899 servers, 2025.
Read those together: free scanners flag everything, most of it isn't real, and some of what's real is severe. The scarce skill isn't running the scan — it's knowing which findings matter. That judgment layer is what we sell.
Start here
Agent Security Snapshot
$1,500 flat · 5 business days
Know which of your AI agent security risks are real — in five days. You send configs and repo access; we run chained scans in an isolated sandbox, throw out the false positives, and hand you the exposures that actually matter, mapped to the OWASP Agentic AI Top 10, with a 30-minute readout.
100% fee credit
The full $1,500 credits toward the Agent Security Assessment if you upgrade within 30 days — so the Assessment is effectively $7,000, and your environment is already mapped. The credit doesn't combine with founding-slot pricing; one concession per engagement.
Scope cap — and why it exists
Up to 10 MCP servers or one agent repo with its config, on one agent platform. The cap is what makes a fixed price and a 5-day SLA honest. Bigger environment? Skip straight to the Assessment.
The flagship
Agent Security Assessment
$8,500 fixed
2 founding-client slots at $5,500 while we build the public track record
The full-depth engagement: everything the Snapshot triages, plus the runtime and architecture layers a config review can't reach. Snapshot credit applies within 30 days (founding-slot pricing already carries the discount — the two don't stack).
What the Assessment covers
- Full agent and MCP inventory with trust-boundary map — the inventory → scope → gate → log spine, mapped to OWASP ASI01–ASI10
- Runtime and architecture review the Snapshot can't reach: prompt-injection susceptibility, trust-boundary design, agent identity and attestation posture
- Tool-authorization and credential-scope analysis across your deployment
- Findings assessed against OWASP Agentic AI Top 10, AISVS 1.0, and NIST AI RMF
- Prioritized remediation roadmap with severity and effort estimates
- Executive readout for leadership, audit, or insurance conversations
Payment: 100% at engagement-letter signing via Stripe invoice. Refunds: 100% up to 48 hours before kickoff, 50% inside 48 hours, none after kickoff.
Tell us what you're running — agents, servers, harness. We'll reply within one business day.
After the baseline
Point-in-time reviews go stale. Here's what comes next.
Agent stacks change weekly — new tools, new servers, new CVEs. Two continuations are available to Snapshot and Assessment clients as delivery capacity opens:
Agent Watch
$950–$1,500/mo · monitoring subscription
Monthly re-scan diffed against your Snapshot baseline, CVE/advisory watch for your stack, drift alerts, and a one-page human-triaged note each month with a quarterly readout. Requires a completed Snapshot — it isthe baseline. Static and config surface only; every monthly note states what monitoring can't see (runtime, architecture, identity), so Watch feeds the Assessment rather than replacing it.
Agent Security Retainer
$9,500 Growth / $16,000 Scale per month · fractional architect
A fractional security architect embedded with your team: design reviews on agentic features, pre-launch security gates, incident on-call, and insurer/audit support. For organizations shipping agent surface area continuously, where a point-in-time review can't keep up with the roadmap.
Agent identity is an attestation problem. That's our home turf.

Peter Kwidzinski
Founder, Shadow AI Labs
Fellow-Level Security Architect
Two decades in platform security at semiconductor leaders Intel and AMD — confidential computing, hardware attestation, secure boot.
Founding contributor to Caliptra
The open-source hardware root of trust now used across the cloud-and-silicon industry.
Least-privilege authorization, identity, attestation, audit trails — the problems agent deployments are hitting now are the problems hardware root-of-trust work has spent a decade solving. Reviews are run against the OWASP Agentic AI Top 10 and AISVS 1.0, and every finding ships defensible: no inflated severities, no scare-count reporting.
Common questions, answered directly
We already ran a free scanner. Why pay for a review?
What's the difference between the Snapshot and the Assessment?
How does the $1,500 credit work?
Do you need access to our production environment?
Do you fix what you find?
What if we have more than 10 MCP servers?
What are the payment terms?
Baseline in five days. Depth when you need it.
Start with the Snapshot and know which of your agent exposures are real — or scope the full Assessment directly. Either way, the first artifact you get is a prioritized list, not a wall of red.