Artificial Intelligence

Square One Technologies Inc. conducted a specialized penetration test for RAS Legal Group's Artificial Intelligence (AI) enabled solution with the objective of assessing vulnerabilities and security risks specific to AI technology. The focus was on evaluating the protection of information technology assets specifically data, systems, and processes with a special emphasis on the effectiveness of logical access and security controls. The testing methodology was highly tailored to address emerging AI threats, covering critical areas such as Sensitive Information Disclosure (exposure of training data), Data Manipulation (altering model behavior), and Model Theft (unauthorized extraction from repositories). It also included rigorous checks for Model Poisoning via supply chain compromise or input manipulation, Denial of Service attacks against the model, and sophisticated Prompt Injection techniques (both direct to overwrite system prompts and indirect via external sources). Furthermore, the test assessed architectural weaknesses, including Bypassing Access Control, improper handling of model responses via Insecure Output Handling, flaws in Insecure Plugin Design that lack validation, and violations of Least Privilege principles. The entire penetration testing was designed to be non-intrusive, providing a validated understanding of risks, security gaps, and vulnerabilities, with the goal of identifying strengths, weaknesses, opportunities, and threats to deliver recommended security improvements.