AI SECURITY TESTING · ARTIFACT SECURITY · 2026

The first adversarial validation that actually measures what your AI security does.

YOU'RE BUYING DETECTION.
YOU NEED PREVENTION.

Detection rates are what your vendor sold you. Prevention rates are what your board needs to know.

YOUR CLAIMS NEED
INDEPENDENT PROOF.

Third-party proof that your platform stops attacks — not just sees them.

The AIDR Evaluation Methodology is the only independent, empirically-run framework that tests AI security platforms across four attack categories — measuring detection and prevention separately, every time.

Book a Briefing

All test data is synthetic. Findings represent platform-capability assessments, not compliance opinions.

THE PROBLEM

The Gap No One Is Talking About.

YOU'RE BUYING DETECTION. YOU NEED PREVENTION.

You're paying for AI security that watches attacks happen.

Enterprise AI security platforms are increasingly deployed in detect-only mode. Detection confirms the attack happened. It does not stop it. The gap between those two things is the risk your board is carrying.

YOUR CLAIMS NEED INDEPENDENT PROOF.

Your detection rate is not your efficacy rate.

Every AIDR platform claims high detection efficacy. None have been independently tested for prevention. The AIDR Evaluation Methodology separates those two numbers for the first time — and gives you the evidence to show the difference.

Detection
Prevention

Independent validation is the only claim that holds up in a sales cycle.

METHODOLOGY

What We Test

Four attack categories. MITRE ATLAS aligned. Each test produces both a detection number and a prevention number.

Cat I · DPI

Direct Prompt Injection

We test whether your platform detects and blocks prompt injection attacks delivered directly by a user — across encoding obfuscation, jailbreak patterns, and privilege escalation via natural language.

AML.T0051.000 AML.T0054 AML.T0043
Cat II · IPI

Indirect Prompt Injection

We test whether your platform detects and blocks injection attacks embedded in content your AI agent retrieves — documents, emails, and tool outputs — where the user is not the attacker.

AML.T0051.001 AML.T0058 AML.T0060 AML.T0061
Cat III · MCP

MCP Rugpull

MCP servers can change behaviour after deployment. We test whether your platform detects and prevents tool definitions that evolve from legitimate to malicious — after trust has already been established.

AML.T0061 AML.T0059 AML.T0062
Cat IV · MMCC

Jailbreak via Multi-Modal Context Confusion

We probe whether AI security platforms can identify and block attacks that exploit the gap between how models process text, images, and structured data simultaneously — and use that confusion to bypass controls.

AML.T0054 AML.T0059 AML.T0060
PROCESS

How It Works

01

Deploy

The harness runs against a live or sandboxed platform instance. No vendor involvement. No pre-briefing.

02

Attack

Multi-stage attack scenarios execute across all four categories. Detection and prevention are measured independently at every stage — input, tool call, database access, and final response.

03

Evidence

Structured output: outcome taxonomy, MITRE-mapped findings, detection-prevention gap analysis, and full evidence chain.

Detection rate alone is not a finding.
Every test produces both numbers.
DELIVERABLES

What You Get

FOR SECURITY TEAMS
  • Full outcome classification per attack scenario
  • Detection-prevention gap analysis
  • Platform-specific findings with evidence chain
  • Executive summary for board or audit reporting
  • MITRE ATLAS technique mapping per finding
FOR AIDR PLATFORMS
  • Independent structured test report
  • MITRE-mapped findings across all tested categories
  • Publishable third-party validation statement
  • Benchmark positioning against methodology standard
  • Evidence chain for customer due diligence
// WHY TRUST THIS ——

Built on Independent Rigour

MITRE ATLAS Aligned

October 2025 · 15 tactics · 66 techniques

OWASP LLM Top 10 2025

Aligned to current standard

Empirically Run

Live platform testing, not modelled

All Test Data Synthetic

No real customer or organisational data

Independent

No vendor funding · No commercial relationships with tested platforms

GET STARTED

Ready to know the real numbers?

YOU'RE BUYING DETECTION. YOU NEED PREVENTION.

Test your AIDR stack.

Find out if your platform prevents attacks — or just watches them happen.

Book a Security Briefing
YOUR CLAIMS NEED INDEPENDENT PROOF.

Get independently validated.

Third-party proof that separates your prevention rate from your detection rate.

Book a Validation Call