Frequently Asked Questions

General

What is TrustTrace?

TrustTrace is a security platform for organizations running AI agents in production. We identify vulnerabilities in your AI agents, MCP servers, and their dependencies using the OWASP LLM Top 10 framework. We offer self-service scanning for developers and expert-led managed assessments for organizations.

Who is TrustTrace for?

  • Developers building AI agents who want to find and fix security issues before deployment
  • Security teams responsible for the security posture of AI systems in their organization
  • CISOs and CTOs who need to demonstrate that their AI agents meet compliance requirements (HIPAA, SOC 2)
  • DevOps and platform engineers who want to integrate AI security scanning into their CI/CD pipelines

What frameworks and platforms do you support?

TrustTrace works with any AI agent framework, including LangChain, LangGraph, OpenAI Assistants API, CrewAI, AutoGen, Vercel AI SDK, and custom implementations. For MCP server scanning, we support any server implementing the Model Context Protocol specification (stdio, SSE, and HTTP transports).

Do I need to give you access to my systems?

For self-service scanning: you provide an MCP server URL (for MCP scans) or upload files (for config scans). We don't need access to your internal systems.

For managed assessments: we work with whatever access you can provide. The more access you grant (logs, code, test environments), the more comprehensive the assessment. All access is documented in the engagement agreement and all data is destroyed after the engagement.

Self-Service Scanning

What does a self-service scan test?

Depending on what you provide:

  • MCP server URL — Tool enumeration, authentication check, tool poisoning detection, transport security, scope analysis, baseline comparison (Pro+)
  • Tool schemas (.json) — Permission analysis, dangerous patterns, hidden instructions, missing constraints
  • Dependency files — Known CVEs, unpinned versions, typosquatting detection, abandoned packages
  • System prompts (.txt, .yaml) — Adversarial payload catalog generation
  • Code files (.py, .js, .ts) — Hardcoded secrets, injection sinks, unsafe execution, SQL injection, MCP-specific patterns

How long does a scan take?

MCP server scans typically complete in 30–90 seconds. File upload scans typically complete in 60–120 seconds, depending on the number and size of files.

Is my data safe?

Uploaded files are processed in an isolated temporary directory and deleted immediately after the scan completes — whether it succeeds or fails. MCP server connections are ephemeral; we connect, enumerate tools, and disconnect. We do not cache your tool definitions (except for baseline comparisons on Pro+), store your authentication tokens, or retain your uploaded files.

Scan results (findings, scores, metadata) are stored in your account for scan history purposes. See our Privacy Policy for complete details.

Why can't I see the full finding details on the free plan?

The free plan shows you the severity and title of each finding — enough to know what's wrong and how urgent it is. Full descriptions, evidence, and remediation guidance are available on the Developer plan ($49/month) and above. This lets you try TrustTrace at no cost and upgrade when you're ready for actionable detail.

Can I scan local MCP servers (stdio transport)?

The self-service MCP scanner connects to your server over the network, so it can't directly reach local stdio servers. Instead, export your tool definitions to a JSON file and use the file upload scan. You'll get tool schema analysis, hidden instruction detection, and permission auditing — everything except the live authentication check.

What happens when I hit my scan limit?

The scan page shows how many scans you've used and when the limit resets (first of each calendar month). When you reach your limit, you'll see an option to upgrade your plan or wait for the reset.

Managed Assessments

What's the difference between a self-service scan and a managed assessment?

A self-service scan is an automated point-in-time test of a specific MCP server or set of configuration files. A managed assessment is a 1–2 week expert-led engagement that evaluates your entire AI agent ecosystem, including passive reconnaissance, log analysis, live adversarial testing, manual expert review, and a comprehensive written report.

Think of it this way: a self-service scan is like running a linter on one file. A managed assessment is like hiring a security firm to audit your entire application.

What do I receive at the end of an assessment?

A complete deliverables package:

  • Assessment Report (PDF, 40+ pages, branded and executive-ready)
  • Assessment Report (DOCX, editable)
  • Findings Spreadsheet (Excel, filterable and sortable)
  • Adversarial Payload Catalog (JSON, for your team's internal testing)
  • MCP Baseline Snapshots (JSON, for future change detection)
  • Scan Artifacts (ZIP, raw evidence)

How do you handle sensitive data during assessments?

All assessment work is performed on a dedicated, encrypted engagement workstation. Client data never leaves the engagement laptop. PHI and other sensitive data encountered during scanning is redacted in all deliverables. All client data is destroyed within 30 days of report delivery, with written certification provided on request.

For healthcare engagements, we execute a HIPAA Business Associate Agreement (BAA) before the engagement begins.

Can I start with a lower tier and upgrade?

Yes. Many clients start with an Essential assessment ($8,000) and upgrade to Professional or Enterprise on subsequent engagements. Assessment clients also receive a 20% discount on reassessments within 12 months.

MCP Security

Why should I worry about MCP security?

MCP servers sit between your AI agent and your critical systems. They have access to databases, APIs, and services. Security research has identified over 1,800 MCP servers on the public internet without authentication. Critical CVEs have been discovered in widely-used MCP packages. Tool poisoning attacks have been demonstrated that can hijack agent behavior through hidden instructions in tool descriptions.

For a comprehensive overview, see our MCP Security Guide.

What is a "rug pull" in MCP?

An MCP rug pull occurs when an MCP server modifies its tool definitions after your initial security review. On Day 1, the server exposes safe, appropriate tools. On Day 7, it quietly adds a new destructive tool or injects malicious instructions into an existing tool's description. Without baseline monitoring, this change goes undetected.

TrustTrace's baseline comparison feature (Pro+) catches rug pulls by comparing current tool definitions against a saved snapshot from your previous scan.

Do you support MCP server scanning for private/internal servers?

The self-service scan requires network-accessible MCP servers (your server must be reachable from our scanning infrastructure). For internal MCP servers, you have two options:

  1. Export tool definitions to JSON and use file upload scanning
  2. Book a managed assessment — we can scan internal servers from within your network

Security and Compliance

Is TrustTrace itself secure?

TrustTrace requires MFA (authenticator app) on all accounts. We use Clerk for authentication, which provides email verification, brute force protection, and session management. API keys use cryptographically random generation. All connections use TLS. Uploaded files are processed in isolation and deleted immediately.

Do you have SOC 2 certification?

SOC 2 certification is on our roadmap. We maintain an internal information security policy that aligns with SOC 2 Trust Services Criteria. Contact us at hello@trusttrace.io for our current security documentation.

Do you offer a HIPAA Business Associate Agreement?

Yes. We execute BAAs for managed assessment engagements with healthcare organizations. Contact us at hello@trusttrace.io.

Where is my data stored?

Scan results and account data are stored in the United States. Uploaded files are processed in the US and deleted immediately after scan completion. For specific data residency requirements, contact us.

Billing

How does billing work?

Self-service plans are billed monthly via Stripe. You can upgrade, downgrade, or cancel at any time from your account page. Managed assessments are invoiced separately (50% upfront, 50% on report delivery, or net-30 for enterprise).

Can I get a refund?

Self-service plans can be canceled at any time. We don't offer refunds for partial months, but your access continues through the end of your billing period. For managed assessments, refund terms are specified in the engagement agreement.

Do you offer discounts for startups or open-source projects?

Contact us at hello@trusttrace.io. We're happy to discuss options for early-stage startups and open-source maintainers building AI agents.

Still Have Questions?

Email us at hello@trusttrace.io. We respond within 24 hours on business days.