AI and devices security

Break and harden LLM apps and connected devices together or separately.

Book 30-min scoping

Fixed-fee programs

LLM Break & Harden Sprint

3 weeks

  • Jailbreak & prompt-injection testing (OWASP LLM Top-10)
  • RAG/MCP context isolation review
  • Tailored test suite for regression
  • Guardrail & policy enforcement plan

From €17k per system per model

See scope

RED Gap & Evidence Pack

3 weeks

  • Threat model mapping to RED clauses
  • Update process review
  • “Safe-to-network” evaluation
  • Privacy/data-flow review
  • Evidence pack

From €20k per shipping product

See scope

CRA Technical Readiness

4–5 weeks

  • SBOM & vulnerability triage design (client-integrated)
  • VEX (CSAF/CycloneDX) with evidence for “not affected”
  • Secure update & rollback protection evidence
  • Vulnerability handling & CRA reporting runbook (24h/72h/14-day)

From €35k per shipping product

See scope

Why now

  • LLM attacks are mainstream (OWASP GenAI / LLM Top 10 2025).
  • RED cybersecurity requirements are mandatory since 1 Aug 2025 for many radio-connected products.
  • CRA is in force; vuln reporting starts 11 Sep 2026; full obligations including Software Bill of Materials (SBOM) obligations from 11 Dec 2027.
  • More and more products combine LLMs and connected devices yet focus on one or the other.

Ready to ship securely?

Book 30-min scoping

Or email: hello@lavenix.com