Model-vs-model attacks
We point fine-tuned attacker models at your LLM features — prompt injection, jailbreaks, tool-abuse and training-data leakage tested at thousands of permutations, not a sampled handful.
A cyber company for the next generation of threats.
Basalt points machine-learning attackers at your AI systems, identity layer and code — the same way the next wave of adversaries will. We map exploit chains a human pentester can’t cover at the same depth or speed, then turn every finding into a CI test so jailbreaks don’t come back. Senior operators across NZ, AU, UK and SG.
How we red-team
Adversarial ML against your stack.
Agentic exploit chains
Our agents enumerate tool surfaces, MCP servers and identity grants, then chain abuse paths end-to-end — the same way an attacker with a goal and a budget will.
Continuous regression
Every finding lands as a reproducible test in your CI. The next deploy gets re-tested by the same models, so jailbreaks don’t silently come back.
Service lines
Four operations, one doctrine.
AI Red Teaming
Adversarial testing for LLMs and AI systems
Code & App Security
Source code review, SAST/DAST and threat modelling
Identity Threat Detection & Response
Detection engineering for identity-driven attacks
Adaptive Defense
Behavioural detection and AI-driven response
Specialist topics
On the frontier.
Cyber Security Consulting
Independent cyber security consulting that aligns your security investment with the risks that actually matter to your business — board-ready reporting, no vendor bias, measurable outcomes.
AI Red Teaming
Adversarial testing for production LLM and AI systems — prompt injection, jailbreaks, training-data leakage, agentic tool abuse and model manipulation tested against your real deployments.
Penetration Testing
CREST-aligned penetration testing for web apps, APIs, internal networks and cloud environments — findings ranked by exploitability, not just CVSS.
Code Security Audit
Manual and tooled code review across your highest-risk repos — secrets, auth, injection, deserialisation and supply-chain risk, with CI integration that keeps findings from coming back.
Identity Threat Detection & Response
Detection and response engineering focused on identity-driven attacks — credential stuffing, session hijacking, MFA fatigue, lateral movement and privilege escalation in identity providers.
Adaptive Defense
Behavioural detection and AI-driven response that learns from your environment — turning attacker dwell time into hours, not weeks, with detections tuned to your real stack.