Services AAISAF Framework Open Source Contact
AI Security Research & Assessment

We find what your security team can't see.

AI-specific security assessment, adversarial research, and the open-source framework redefining how AI systems are tested. Authors of AAISAF.

Get in touch → View AAISAF
91
Attack Techniques
10
Tactic Categories
6
Compliance Mappings
What We Do

Security research. Production deployment.

We assess AI systems for vulnerabilities no one else is testing — and build the ones that survive.

Security Research

AI Red Teaming & Assessment

Independent AI security assessment using AAISAF — covering attack surfaces that traditional pentesting misses. Prompt injection, RAG poisoning, voice AI manipulation, MCP server security.

  • AI Red Team
  • Security Assessment
  • Posture Analysis
  • Compliance Mapping
  • Continuous Monitoring
  • Training
Steadwise AI — Implementation

Production AI Architecture

Voice agents, workflow automation, workplace AI, and fractional AI leadership for teams moving from prototype to production.

  • Voice Agents
  • Automation
  • Workplace AI
  • Fractional Head of AI
The Framework

AAISAF

AI Security Assessment Framework — the first comprehensive attack taxonomy for AI systems. Open-source. Battle-tested.

91
Techniques
10
Tactics
6
Compliance Frameworks
4
Assessment Types

Novel coverage of Voice AI attack surfaces (9 techniques — first of its kind) and MCP Server Security (12 techniques — first of its kind). Maps to ISO 42001, NIST AI RMF, EU AI Act, OWASP, MITRE ATLAS, and Australian regulatory standards. Includes Passive Posture Assessment, Quick, Standard, and Deep assessment methodologies.

View on GitHub →
aaisaf — TA10 MCP Server Security
Category-Defining AI Security Assessment
Attack Taxonomy

10 Tactics. 91 Techniques.

Click any tactic to explore its techniques. Every entry includes detection, remediation, AISS scoring, and compliance mapping.

OWASP LLM Top 10 ↗ MITRE ATLAS ↗ NIST AI RMF ↗ ISO/IEC 42001 ↗ EU AI Act ↗ AU Regulatory ↗
Open Source

Published infrastructure.

Open-source tools for building, evaluating, monitoring, and securing AI systems.

bifrost-eval
MCP pipeline evaluation toolkit — accuracy, cost, reliability.
PyPI
bifrost-rag
Production RAG pipeline with vector retrieval and evaluation harness.
PyPI
bifrost-monitor
Zero-config AI agent observability — one decorator, local SQLite.
PyPI
claude-shield
Security hooks for Claude Code — blocks destructive commands, audit trail.
npm
cost-guardian
Real-time token cost tracking and budget enforcement for Claude Code.
npm
agent-mcp-framework
Python framework for building multi-agent MCP servers.
PyPI
View all packages on GitHub →
Jarrad Bermingham

Jarrad Bermingham

Founder — Bifrost Labs

"Most security frameworks weren't built for AI. I wrote one that was — then tested it against real systems. The gap between what organisations claim about their AI security and what 90 minutes of assessment reveals is alarming."

📍 Sydney, Australia

Get in touch.

🔴

Security

AI red teaming, security assessments, AAISAF implementation.
🟡

Implementation

Voice agents, automation, workplace AI, fractional leadership.