How ZeroLeaks Works
Our comprehensive process helps identify if your AI's system instructions can be extracted through prompt engineering.
1Initial Setup
We begin by collecting information about your AI system and setting up access for our assessment.
What This Includes:
- Provide access to your AI system
- Brief overview of your AI's functionality
- Define the scope of the assessment
- Sign our confidentiality agreement
2Prompt Engineering Tests
Our team uses specialized prompt engineering techniques to attempt extracting your AI's system instructions and internal tools.
What This Includes:
- System instruction extraction attempts
- Internal tags and tools discovery
- Role-playing and impersonation attacks
- Jailbreaking attempts
- Prompt injection techniques
3Detailed Report
We deliver a comprehensive report documenting any system instructions or internal tools we were able to extract.
What This Includes:
- Documentation of all extracted information
- Exact prompts used for successful extractions
- Severity assessment of each vulnerability
- Screenshots and examples
- Comparison with similar AI systems
4Protection Recommendations
We provide clear recommendations on how to protect your AI from prompt engineering attacks.
What This Includes:
- Specific technical recommendations
- Prompt injection defense strategies
- System instruction protection methods
- Internal tool access control improvements
- Follow-up support during implementation
Frequently Asked Questions
For most AI systems, we can complete our check within 2-3 business days. Enterprise clients with multiple AI applications may require up to 5 business days for a comprehensive assessment.
No, we don't need access to your source code. We only need access to your AI system's interface, similar to how a regular user would interact with it.
We take confidentiality extremely seriously. All assessments are conducted under strict NDAs, and any system instructions or internal tools we extract are securely documented and shared only with you.
If we don't find any way to extract your system instructions or internal tools, we'll provide a report confirming this and suggestions for maintaining your security posture. We offer a satisfaction guarantee - if we don't find any vulnerabilities, we'll provide a 50% refund.
Our core service focuses on detection and recommendations only. However, we offer implementation services as an add-on if you need help implementing the protection strategies we identify. Our team can guide you through the implementation process or handle it entirely for you.