Managed Assessments
For organizations that need expert-led security evaluation, TrustTrace offers comprehensive OWASP LLM Top 10 assessments with live testing, compliance mapping, and a detailed remediation roadmap.
What You Get
A TrustTrace managed assessment is a 1–2 week engagement that evaluates your entire AI agent ecosystem. It includes everything the self-service scan covers, plus live adversarial testing, manual expert analysis, and a written report you can present to your board or auditors.
Assessment Scope
| Capability | Self-Service Scan | Managed Assessment |
|---|---|---|
| MCP server scanning | ✅ | ✅ |
| Tool schema analysis | ✅ | ✅ |
| Dependency CVE scanning | ✅ | ✅ |
| Code vulnerability scanning | ✅ | ✅ |
| Injection payload generation | ✅ | ✅ |
| OWASP scoring | ✅ | ✅ |
| Passive reconnaissance | — | ✅ |
| Log file analysis | — | ✅ |
| Live adversarial testing | — | ✅ |
| System prompt review | — | ✅ |
| Expert manual analysis | — | ✅ |
| HIPAA/SOC 2 compliance gap analysis | — | ✅ |
| 42-page branded PDF report | — | ✅ |
| Executive readout presentation | — | ✅ |
| 30/60/90-day remediation roadmap | — | ✅ |
Assessment Tiers
| Tier | Price | Scope | Timeline |
|---|---|---|---|
| Essential | $8,000 | Passive recon + intake interview + log analysis + tool audit | 1 week |
| Professional | $12,000 | Everything in Essential + code review + MCP scanning + dependency analysis | 2 weeks |
| Enterprise | $15,000 | Everything in Professional + live adversarial injection testing | 2 weeks |
How It Works
Before the Engagement
Passive Reconnaissance (Day 0) — Before we even speak, we run our passive recon scanner against your domain. We discover publicly accessible MCP servers, check for exposed API keys in public repositories, enumerate AI-related subdomains, and assess your vendors' compliance posture. You'll see these results in the kickoff call.
Day 1 — Kickoff
We conduct a structured intake interview with your technical team to inventory your AI agents. For each agent, we document: framework, tools, data access, PHI handling, MCP server connections, human-in-the-loop controls, and vendor BAA status.
This interview alone produces 30–40+ initial findings based on architectural risks — before any scanning begins.
Days 2–7 — Scanning and Analysis
As you provide materials (log exports, code access, tool schemas, MCP configurations), we run our full scanner suite:
- Log Scanner — Analyzes agent log files for PHI in plaintext, leaked secrets, system prompt fragments in error responses, and excessive data in tool call outputs
- Repo Scanner — Reviews agent source code for hardcoded credentials, prompt injection sinks, unsafe code execution, SQL injection vectors, and MCP-specific vulnerabilities
- Dependency Scanner — Checks all dependencies against CVE databases, identifies unpinned packages, detects typosquatting candidates
- MCP Scanner — Evaluates every MCP server your agents connect to: tool poisoning, authentication, transport security, rug pull risk, scope analysis
- Tool Auditor — Assesses every tool permission for least-privilege violations, dangerous patterns, and missing constraints
Our team also performs manual analysis that automated tools can't replicate: reading system prompts for subtle misconfigurations, cross-referencing findings with your specific compliance requirements, and identifying architectural risks unique to your deployment.
Days 5–10 — Live Testing (Enterprise Tier)
For Enterprise engagements, we run adversarial testing against your test or staging environments:
- Prompt injection attacks (direct and indirect)
- System prompt extraction attempts
- Data exfiltration probes
- Tool abuse scenarios
- MCP tool poisoning simulations
Every attack attempt is recorded with the exact payload, the agent's response, and an assessment of whether the attack succeeded. These are Confirmed findings — the highest confidence level.
Days 8–10 — Report and Readout
We generate a comprehensive assessment report and present findings in a readout call with your security and engineering leadership.
Report contents:
- Executive Summary (1 page — designed for CISO/board consumption)
- Engagement Overview
- Overall Risk Score with OWASP Radar Chart
- Critical and High Findings (detailed)
- Medium and Low Findings (catalog)
- MCP Security Assessment
- Supply Chain Assessment
- Passive Reconnaissance Results
- HIPAA/SOC 2 Compliance Gap Analysis
- 30/60/90-Day Remediation Roadmap
- Appendix (evidence, payload catalog, methodology)
Deliverables package:
- Assessment Report (PDF, 40+ pages)
- Report (DOCX, editable version)
- Findings Spreadsheet (Excel, filterable)
- Adversarial Payload Catalog (JSON)
- MCP Baseline Snapshots (JSON)
- Scan Artifacts (ZIP)
What We Need From You
| Tier | Materials Required |
|---|---|
| All | Domain name (for passive recon), 1-hour kickoff call |
| Essential+ | Log exports from AI agent systems |
| Professional+ | Read-only access to agent code repositories, tool schemas, MCP server configs, dependency files |
| Enterprise | Test/staging environment access (endpoint URLs + credentials) |
We work with whatever you can provide. The more access you grant, the more comprehensive the assessment. Materials can be provided incrementally — we start scanning as each piece arrives.
After the Engagement
Remediation Support
Every finding includes specific, actionable remediation guidance. For critical findings, we provide step-by-step implementation instructions. Our team is available for follow-up questions during the 30 days after report delivery.
Ongoing Monitoring
Many findings represent ongoing risks — MCP servers that could change their tool definitions, new dependencies that could introduce CVEs, log files that accumulate PHI daily. We offer two options for continued coverage:
Self-service scanning — Use your TrustTrace Scan account to run regular scans against your MCP servers and configurations. Baseline comparison (Pro+) catches changes between scans.
Monitoring retainer ($2,500/month) — We run periodic scans on your behalf, monitor for changes, and provide a monthly delta report with new findings and remediation updates.
Reassessment
We recommend a full reassessment every 6–12 months, or after major changes to your AI agent architecture (new agents deployed, new MCP servers connected, framework upgrades).
Assessment clients receive a 20% discount on reassessments within 12 months.
Get Started
Ready to assess your AI agents? Start with a conversation.
Or try a free self-service scan first to see what TrustTrace finds before committing to a full engagement.