LLM / GenAI Security
Red-Teaming a Customer-Facing GenAI Assistant
Adversarial testing of a retail bank's customer-facing GenAI assistant before a national rollout.
Client profile
A retail bank preparing to launch a customer-facing generative AI assistant integrated with account and product systems.
The challenge
The assistant connected a large language model to sensitive customer data through a retrieval pipeline and several internal tools. Leadership needed independent assurance that it could not be manipulated into leaking data or taking unauthorised actions before a national rollout.
What we did
- Mapped the full GenAI architecture, trust boundaries, and data flows.
- Ran direct and indirect prompt-injection campaigns against the assistant and its retrieval pipeline.
- Tested tool-calling and output handling for excessive agency and data leakage.
- Benchmarked findings against the OWASP Top 10 for LLM applications.
What we found
- Indirect prompt injection through retrieved documents could override system instructions.
- Insufficient output validation allowed sensitive context to surface in some responses.
- Tool permissions were broader than the assistant's actual use cases required.
The outcome
All critical and high findings were remediated and re-tested before launch. The bank shipped with hardened guardrails, least-privilege tool access, and a repeatable testing process for future model changes.
They tested our GenAI assistant the way an attacker would, not the way a checklist would. The findings changed how we ship.
Related case studies
Book a Free 60-Minute Briefing
A scoping discussion and threat-landscape overview with our ANZ specialists. No sales pressure.
Book a Briefing