Full spectrum
cyber security everywhere.

Basalt points machine-learning attackers at your AI systems, identity layer and code — the same way the next wave of adversaries will. Senior operators across NZ, AU, UK and Singapore. We turn every finding into a CI test so jailbreaks don’t come back.

Book a scoping call See the operations
AI Red TeamingCode & App SecurityIdentity Threat Detection & ResponseAdaptive Defense Research

Our approach

The pipeline below outlines the client-centric way Basalt scopes, runs and follows up every engagement. Senior operators end-to-end — no junior pipeline.

Scoping

  • Scoping meeting
  • Statement of Work (SoW) drafted by Basalt
  • SoW reviewed and signed by client

Pre-engagement

  • Timelines and resourcing confirmed
  • Kick-off meeting
  • Requirements gathering (testing access, clearances, etc.)

Delivery

  • Delivery
  • Quality assurance and delivery of report

Post-engagement

  • Client feedback survey
  • Post-engagement session
  • Invoicing
  • Re-testing (verification of remediation)

What we do

AI Red Teaming

Adversarial testing for LLMs and AI systems

  • Prompt injection and jailbreak coverage across 200+ techniques
  • Agentic tool-use and function-calling abuse testing
  • Training data leakage and membership inference checks
  • Multi-modal model testing (vision, audio, code)
Learn more

Code & App Security

Source code review, SAST/DAST and threat modelling

  • Manual review of high-risk code paths and auth flows
  • SAST, DAST and SCA tuned to your stack
  • Threat models per service and trust boundary
  • Developer-grade remediation guidance with sample patches
Learn more

Identity Threat Detection & Response

Detection engineering for identity-driven attacks

  • Identity-focused detections for your SIEM/XDR
  • IdP hardening review across Entra, Okta and Workspace
  • Service principal and OAuth app risk inventory
  • Account compromise playbooks and tabletop exercises
Learn more

Adaptive Defense

Behavioural detection and AI-driven response

  • Detection engineering backlog mapped to MITRE ATT&CK
  • Behavioural baselines for users, services and identities
  • Purple-team validation cycles
  • Automated triage and response playbooks
Learn more

Social responsibility

Basalt is built understanding how Environmental, Social and Corporate Governance (ESG) can benefit a business far beyond the metric of financial success. Learn about some of our initiatives below.

Hacking for Heroes

Basalt gives away (approx) 250 hours of cyber security consulting time to not-for-profit organisations.

Learn more

Green Team

The Green Team looks at making Basalt a more environmentally responsible and sustainable business.

Learn more
It was a small job, but scheduled at short notice and tailored to meet our needs — much appreciated! The work from Basalt helped provide assurance and comfort to our governance board. — Not-for-Profit

Advisories View all

Cyber Security Consulting

13 November 2026

Strategic cyber security consulting.

View advisory

Insights View all

Prompt-injection coverage in the 2026 jailbreak library

13 May 2026

How we keep our active jailbreak corpus current against frontier models.

View insight

Identity-first attack chains across federated SaaS

24 Apr 2026

OAuth abuse, session hijack and federation drift in the post-Okta era.

View insight

Events View all

BSides San Francisco

4 May to 5 May 2026

CityView at SF Metreon

View event

TuskCon

14 October to 15 October 2026

Cotton Tree Caravan Park, Maroochydore

View event

BSides Canberra

28 September to 30 September 2026

Canberra, Australia

View event

Take the next stepTalk to us today

Say hi!