AI Platform Security Testing

Client:

AI SaaS Platform Developer

Industry:

AI Technology

Focus:

Comprehensive AI product security testing, including prompt injection resilience assessment, data leakage analysis, agent tool evaluation, and compliance review against the OWASP LLM Top 10.

Main challenge:

Critical AI environment vulnerabilities, including full system prompt extraction and arbitrary file write capabilities without path validation.

Market:

International

Services provided:

AI Systems Penetration Testing (OWASP LLM Top 10)

Key Takeaways

51 vulnerabilities identified, including 2 critical

Full system prompt disclosure confirmed

Arbitrary file write vulnerability discovered due to missing path validation

None of the 15 sandbox escape techniques succeeded

Assessment conducted across all 10 OWASP LLM Top 10 (2025) categories

vulnerabilities identified

critical vulnerabilities

10/10

OWASP categories assessed

Jun 9, 2026

3 min

The AI platform handles personal data and system settings. Any vulnerability poses a business risk. The company engaged Datami to conduct a comprehensive security assessment of its AI product. Pentest identified 51 vulnerabilities, including 2 critical ones.

The client developed an LLM-powered AI SaaS platform with chat, agent tools, file uploads, and web browsing.

Because it processes personal data, system configurations, and credentials, a single vulnerability could expose internal instructions, compromise user data, or enable agent takeover.

Project goals & challenges

The client engaged Datami to perform a comprehensive security assessment of its AI platform.

The primary objective was to evaluate the system’s resilience to prompt injection attacks, verify the protection of sensitive data, and identify weaknesses across the application stack.

Test direct and indirect prompt injection attacks
Identify vulnerabilities in API endpoints and the codebase (DAST + SAST)
Assess compliance with the OWASP LLM Top 10 (2025 edition)

Prompt injection testing

Evaluating LLM resilience to manipulation via chat, files, images, and web browsing.

Code and API analysis

Automated and manual testing of 9 API endpoints and the codebase.

Reporting and recommendations

Findings classified by severity, with clear remediation timelines and mapping to OWASP categories.

Datami methodology: AI systems security assessment

Our approach

In this case, Datami used a combined approach: Black-box testing for the public interface and White-box testing for the codebase. This helped simulate external attacks and uncover hidden architectural vulnerabilities.

API security was assessed using automated scanners and manual testing. Static code analysis was performed with SonarQube and Snyk, as well as locally deployed language models.

Black-box

Testing the public interface by simulating the actions of an external attacker without access to the source code.

White-box

Analyzing internal logic and security mechanisms with full access to the codebase.

Key project stages and solutions

The engagement began with setting up a secure testing environment, ensuring the client’s codebase was never transferred to external servers.

Another task was validating attack vectors across multiple languages, as some security filter bypasses were only possible through non-Latin scripts.

Preparation

Scope alignment, isolated environment setup, and engagement of specialists for security testing.
Testing

Application of more than 20 attack techniques through chat, files, images, and web browsing, along with dynamic scanning of 9 API endpoints.
Reporting

Classification of 51 vulnerabilities by severity and remediation timelines, with findings mapped to the OWASP LLM Top 10.

Results and recommendations

Datami conducted a penetration test of the AI platform and identified 51 vulnerabilities, including two critical issues: full system prompt extraction through a multi-step attack chain and arbitrary file writing caused by missing path validation. Through editing tools, files could be written to any location within the server’s file system.

The assessment also revealed security filter bypasses through language switching, confirmed in 6 of 14 tested categories, as well as prompt injection via uploaded PDF and DOCX files and images containing embedded text.

Recommendations:

Immediately remediate arbitrary file write and system prompt extraction vulnerabilities.
Within 30 days, address unauthorized session access, authentication bypass, and injection vulnerabilities.
Within 60 days, eliminate personal data exposure in error responses.
Expand security classifiers beyond English-language keywords.

Key project results

The AI platform processed personal data and system configurations in an environment where an attacker could bypass protections through a standard chat interface and gain access to internal system instructions.

Through Datami’s penetration test, critical threats were identified and remediated before they could be exploited. This cybersecurity case confirms that AI products require specialized security assessments that go beyond traditional web application testing.

Metric

Before the project

Result after the project

System prompt

Fully extractable through a multi-step attack

Recommendations provided to eliminate system prompt extraction

File writing

Arbitrary file write without path validation

File system path validation recommended and implemented

Language-based attack vectors

Security filters failed to detect non-Latin prompts

Semantic analysis recommended regardless of language

OWASP LLM compliance

Not assessed

All 10 categories evaluated and remediation plan provided

Execution environment isolation

Status unknown

Strong isolation confirmed (15 sandbox escape techniques failed)

More success stories with Datami

Browse other project case studies

GCP security audit for PCI DSS readiness

PCI DSS compliance achieved.
Risk of unauthorized access reduced by 90%.

Services:

Cloud penetration testing, cloud security assessment

Apr 25, 2026

Azure Audit for a Government Business Platform

ISO/IEC 27001 and GDPR compliance achieved
Infrastructure set up for the website update launch

Services:

Azure Security Audit (White-box)

Mar 5, 2026

AWS Security Audit for a Recruiting Platform

Threat detection time reduced to 20 minutes.
Full compliance with GDPR requirements ensured.

Services:

AWS cloud environment security assessment (White-Box)

Mar 3, 2026

Back to home page

Datami articles

Oleksandr Filipov

Top Business Cyber Security Issues

Which issues in cyber security do businesses face most frequently? In this article, we examine the top 9 most relevant cybersecurity issues by criticality level and provide recommendations for their remediation.

May 4, 2026 3 min

Oleksandr Filipov

What is a Cybersecurity Incident?

Cyber incidents have long ceased to be a headache only for large corporations and government institutions. Today, they are a common part of the digital reality faced by companies of all sizes.

May 4, 2026 3 min

Top 3 Industries with the Highest Number of Critical Cybersecurity Vulnerabilities from Datami Practice

Oleksandr Filipov

Top 3 Industries with the Highest Number of Critical Cybersecurity Vulnerabilities from Datami Practice

Which industries face the highest concentration of critical cybersecurity risks? Based on an analysis of the Datami project results, we identified three sectors where the average number of critical vulnerabilities discovered per project is the highest.

Mar 31, 2026 15 min

Show all articles

On this page you will learn what cookies are and how and when we use them. Definition of the term Cookies Cookies are pieces of data that a web server generates and that a website stores on your user device (computer, smartphone, tablet, etc.). Each website or third-party service sends cookies to the browser installed on your device only if your browser allows it. This is possible if you have not set any restrictions in your browser settings to save cookies. Browsers are a very well thought out technology. They protect personal data and allow websites to access only cookies that were previously sent to them. Cookies are divided into: session cookies. They are stored in the memory of the browser only during your session, after leaving the site immediately removed. permanent. They are stored in the memory of the browser for a long time. Definition of the term “browser” A browser is an application for browsing websites. The most popular browsers are Chrome, Internet Explorer, Firefox and Safari. All listed browsers are safe. In the settings of these browsers, cookies can be easily disabled, as well as change the settings of their work. You can: accept all cookies; ask the browser to notify when cookies are used; do not accept cookies. Cookies on datami.ee and how we use them We use cookies to: our site is more functional; to understand how you navigate on the site, what content you consume better, to develop the content strategy of the site; understand how many visits to the site were per day, month, year. Analyze the geographical identity of users of the site, the number of repeated visits and other data. Cookies that we use on our site. Third-party cookies. The buttons of social networks, videos and some other services of our site are the property of other companies. These companies may also use cookies on your device if you have used them on our site or have been previously registered with them. The privacy policy of the use of personal data by these services can be found on the websites of these services. Blocking cookies All browsers allow simple actions to disable cookies. To disable them, you must go to your browser settings and find cookies in them. But we must remember that blocking cookies can have a negative impact on the performance of many websites. How to delete files You can also always delete cookies that are stored on your computer. To do this, follow the instructions of your browser Again, deleting cookies can have a negative effect on the performance of many websites.