Services AAISAF Framework Open Source Contact
AI-Powered Security Research & Assessment

We find what your pentester can't.

We use frontier AI to find vulnerabilities across web apps, infrastructure, source code, and AI systems. Your pentester checks manually. We run the same tools used to find a 22-year-old Linux kernel zero-day.

Get in touch → View AAISAF
91
Attack Techniques
10
Tactic Categories
6
Compliance Mappings
What We Do

Full-spectrum. AI-powered.

We use frontier AI to find what human pentesters miss — across every attack surface, not just AI systems.

Security Research

AI-Powered Offensive Security

Full-spectrum security assessment powered by frontier AI. Web applications, source code review, infrastructure, smart contracts, and AI systems — assessed with tools that found a 22-year-old Linux kernel zero-day.

  • Web App Pentest
  • Source Code Review
  • Infrastructure Assessment
  • AI System Assessment
  • Smart Contract Audit
  • Posture Analysis
Steadwise AI — Implementation

Production AI Architecture

Voice agents, workflow automation, workplace AI, and fractional AI leadership for teams moving from prototype to production.

  • Voice Agents
  • Automation
  • Workplace AI
  • Fractional Head of AI
The Framework

AAISAF

AI Security Assessment Framework — the first comprehensive attack taxonomy for AI systems. Open-source. Battle-tested.

91
Techniques
10
Tactics
6
Compliance Frameworks
4
Assessment Types

Novel coverage of Voice AI attack surfaces (9 techniques — first of its kind) and MCP Server Security (12 techniques — first of its kind). Maps to ISO 42001, NIST AI RMF, EU AI Act, OWASP, MITRE ATLAS, and Australian regulatory standards. Includes Passive Posture Assessment, Quick, Standard, and Deep assessment methodologies.

View on GitHub →
aaisaf — TA10 MCP Server Security
Category-Defining AI Security Assessment
Attack Taxonomy

10 Tactics. 91 Techniques.

Click any tactic to explore its techniques. Every entry includes detection, remediation, AISS scoring, and compliance mapping.

OWASP LLM Top 10 ↗ MITRE ATLAS ↗ NIST AI RMF ↗ ISO/IEC 42001 ↗ EU AI Act ↗ AU Regulatory ↗
Open Source

Published infrastructure.

Open-source tools for building, evaluating, monitoring, and securing AI systems.

bifrost-eval
MCP pipeline evaluation toolkit — accuracy, cost, reliability.
PyPI
bifrost-rag
Production RAG pipeline with vector retrieval and evaluation harness.
PyPI
bifrost-monitor
Zero-config AI agent observability — one decorator, local SQLite.
PyPI
claude-shield
Security hooks for Claude Code — blocks destructive commands, audit trail.
npm
cost-guardian
Real-time token cost tracking and budget enforcement for Claude Code.
npm
agent-mcp-framework
Python framework for building multi-agent MCP servers.
PyPI
View all packages on GitHub →
Jarrad Bermingham

Jarrad Bermingham

Founder — Bifrost Labs

"Your pentester checks your web app manually. We run the same tools Anthropic's security team uses to find zero-days in the Linux kernel. The gap between what traditional assessment finds and what AI-powered assessment reveals is not incremental — it's generational."

📍 Sydney, Australia

Get in touch.

🔴

Security

AI red teaming, security assessments, AAISAF implementation.
🟡

Implementation

Voice agents, automation, workplace AI, fractional leadership.