SVC-01 · Security Assessment
Security Assessment
A Security Assessment is the structured entry point for organisations that need a clear picture of exposure before committing to a full offensive engagement. We review network architecture, identity flows, endpoint posture, and cloud configuration against your stated threat model. Deliverables include an executive summary for board-level readers, a technical findings register with severity ratings tied to exploitability, and a 90-day remediation sequence. Assessments typically run two to four weeks depending on estate size. We align with frameworks your auditors already recognise — ISO 27001 control mapping, NIST CSF tiers, and OSFI B-13 expectations for federally regulated financial institutions — without turning the exercise into a paperwork drill.
SVC-02 · AI-Assisted Pen Testing
AI-Assisted Pen Testing
Penetration testing at CyberForge AI is human-led and machine-augmented. Our operators use AI-assisted tooling to accelerate reconnaissance, fuzzing, and log correlation — but every exploitation decision, chain validation, and business-impact assessment is made by a named consultant. This hybrid model lets us cover more attack surface in the same window without the false confidence that automation-only scans provide. Engagements include external perimeter testing, internal network pivoting, web application review, and API abuse scenarios. Each finding ships with reproduction steps your engineers can verify independently. We document lateral movement paths, privilege escalation chains, and data exfiltration feasibility so remediation priorities reflect real breach mechanics.
SVC-03 · Red Teaming
Red Teaming
Red team engagements simulate a motivated adversary with defined objectives: access a crown-jewel dataset, achieve domain admin, or exfiltrate synthetic credentials. Unlike standard pen tests, red teams operate under stealth constraints — testing whether your SOC detects initial access, command-and-control traffic, and privilege escalation over days or weeks. We coordinate closely with your incident response lead through encrypted channels and pre-agreed callback procedures. Debrief workshops walk defenders through the full attack timeline, highlighting detection gaps and playbook failures. Red teaming is ideal for mature security programmes that already patch regularly but have never validated end-to-end response under realistic pressure.
SVC-04 · Detection Engineering
Detection Engineering
Detection Engineering closes the loop between offensive findings and defensive readiness. We analyse your SIEM rules, EDR policies, and network sensor coverage against MITRE ATT&CK techniques observed in recent Canadian-sector intrusions. Where gaps exist, we draft detection logic, tune false-positive thresholds, and run purple-team exercises to confirm alerts fire within your target mean-time-to-detect window. This service is often paired with a red team engagement: attackers demonstrate the chain, engineers build the detection, attackers attempt the chain again. The result is measurable improvement — not a slide deck claiming your SOC is already perfect.
SVC-05 · Vulnerability Management
Vulnerability Management
Scanner output without context creates alert fatigue. Our Vulnerability Management practice helps you build a programme that ranks findings by exploitability in your specific environment — not generic CVSS alone. We define asset criticality tiers, establish patch SLAs aligned with regulatory expectations, and integrate threat intelligence on actively exploited CVEs affecting your technology stack. Quarterly reviews assess programme maturity: are critical findings closed within SLA? Are exceptions documented with compensating controls? Do penetration test results correlate with scanner blind spots? We turn vulnerability management from a compliance checkbox into an operational discipline your engineers respect.
SVC-06 · Securing AI / LLM
Securing AI / LLM
Production large language models introduce attack surfaces that traditional AppSec reviews miss. Our Securing AI/LLM service tests prompt injection resistance, training-data leakage paths, plugin and tool-call abuse, and output-filter bypass techniques. We evaluate whether your guardrails prevent users from extracting system prompts, invoking unauthorised API actions, or poisoning retrieval-augmented generation pipelines. Deliverables include a threat model specific to your model architecture, tested attack scenarios with severity ratings, and hardening recommendations aligned with emerging OWASP LLM Top 10 guidance. As Canadian firms deploy customer-facing chatbots and internal copilots, this service answers the question regulators and boards are starting to ask: what happens when someone tries to break your AI on purpose?