AI and devices security
Break and harden LLM apps and connected devices together or separately.
Fixed-fee programs
LLM Break & Harden Sprint
3 weeks
- Jailbreak & prompt-injection testing (OWASP LLM Top-10)
- RAG/MCP context isolation review
- Tailored test suite for regression
- Guardrail & policy enforcement plan
From €17k per system per model
RED Gap & Evidence Pack
3 weeks
- Threat model mapping to RED clauses
- Update process review
- “Safe-to-network” evaluation
- Privacy/data-flow review
- Evidence pack
From €20k per shipping product
CRA Technical Readiness
4–5 weeks
- SBOM & vulnerability triage design (client-integrated)
- VEX (CSAF/CycloneDX) with evidence for “not affected”
- Secure update & rollback protection evidence
- Vulnerability handling & CRA reporting runbook (24h/72h/14-day)
From €35k per shipping product
Why now
- LLM attacks are mainstream (OWASP GenAI / LLM Top 10 2025).
- RED cybersecurity requirements are mandatory since 1 Aug 2025 for many radio-connected products.
- CRA is in force; vuln reporting starts 11 Sep 2026; full obligations including Software Bill of Materials (SBOM) obligations from 11 Dec 2027.
- More and more products combine LLMs and connected devices yet focus on one or the other.
Ready to ship securely?
Book 30-min scoping
Or email: hello@lavenix.com