The AI attack surface, mapped and tested.
Bifrost Labs builds open frameworks and tooling for securing AI systems — prompt injection, poisoned retrieval, agent and MCP abuse, voice AI. Home of AAISAF: 87 assessment techniques mapped to six compliance frameworks including ISO 42001, NIST AI RMF, and the EU AI Act.
Research, assessment, implementation.
Independent AI security research and assessment built on AAISAF — plus production AI implementation through Steadwise.
AI Security Assessment
Structured assessment of AI systems using AAISAF — prompt-injection and jailbreak testing, RAG and knowledge-pipeline review, agent and MCP security, and posture analysis. Every finding maps to the standards your auditors already use.
- AI System Assessment
- Prompt-Injection Testing
- RAG & Pipeline Review
- Agent & MCP Security
- Posture Analysis
- AAISAF Implementation
Production AI Architecture
Voice agents, workflow automation, workplace AI, and fractional AI leadership for teams moving from prototype to production.
- Voice Agents
- Automation
- Workplace AI
- Fractional Head of AI
AAISAF
AI Security Assessment Framework — the operational layer between high-level frameworks and the practitioner who has to actually test something. Open-source, technique-by-technique, compliance-mapped.
Dedicated depth on attack surfaces most frameworks haven’t operationalised yet — Voice AI (9 techniques) and MCP server security (12 techniques). Every technique maps to ISO 42001, NIST AI RMF, the EU AI Act, OWASP LLM Top 10, MITRE ATLAS, and Australian regulatory standards. Three assessment depths, from a 30-minute self-assessment to a 10-day deep review.
View on GitHub →10 Tactics. 87 Techniques.
Click any tactic to explore its techniques. Every entry includes detection, remediation, AISS (AI Security Scoring), and compliance mapping.
Published infrastructure.
Open-source tools for building, evaluating, monitoring, and securing AI systems.
Operator
Jarrad Bermingham
"AI systems fail in ways traditional security testing was never built to catch — prompt injection, poisoned retrieval, agents that can be talked into misusing their own tools. AAISAF exists to make those failure modes testable, technique by technique, and mappable to the standards teams are already accountable to."