Skip to main content
INSIGNIA.
Engage
SPEC0001
PG. SUB · security
/ CAPABILITY · SECURITY

Security

Engineered defense for the systems we build.

Manifesto

Security isn't a feature, it's a discipline. We don't bolt it on; we ship from a secure baseline. The cost of fixing a finding at design time is two orders of magnitude cheaper than fixing it in production after an audit catches it, and most studios know that and still don't behave like they do.

We engineer with attackers in the room. STRIDE at design review, SAST + dependency audits at every PR, infrastructure that assumes breach. The threat model is a living document, not a kickoff deliverable that sits in a wiki until the next compliance audit.

Compliance is the floor, not the ceiling. SOC 2, ISO 27001, GDPR, HIPAA, we ship inside all of them by construction. The audit log isn't an afterthought, it's the architecture. Every privileged action carries the principal, the resource, and the rule that fired.

The pillars
/ 01

Secure SDLC

SAST and DAST in CI on every PR, dependency audits with signed provenance, container images verified at admission. The build pipeline is a defense surface, not just a delivery one.

  • Semgrep
  • CodeQL
  • Sigstore
  • SLSA L3
/ 02

Threat modeling

STRIDE at architecture review, attack-tree analysis at design time, PASTA where the regulatory surface warrants it. Threats named in advance, mitigations shipped with the feature.

  • STRIDE
  • PASTA
  • Attack trees
  • Design review
/ 03

Cloud + infrastructure hardening

IAM scoped to the least privilege the workload actually needs, secrets in KMS-backed stores, network posture audited continuously. Infrastructure assumes breach so the application doesn't have to.

  • Vault
  • SOPS
  • OPA
  • CSPM
/ 04

Identity, access, audit

RBAC enforced at every boundary, MFA on every administrative path, append-only audit logs cryptographically chained. Every privileged action attributable to a human or a service identity, never to a shared account.

  • RBAC
  • MFA
  • Audit ledger
  • SSO
/ 05

Incident response + red team

Playbooks rehearsed before they're needed, tabletops on a quarterly cadence, simulated breaches against the production-equivalent. When an advisory drops, the response is muscle memory.

  • IR playbooks
  • Tabletops
  • Red team
  • Postmortems
/ 06

AI / Agent security

LLMs in production need their own threat model. Prompt isolation, tool-permission scoping, deterministic gates over load-bearing outputs, runtime auditing of every model call. The agent's confused-deputy property is the new attack surface.

  • Prompt isolation
  • Tool scoping
  • Deterministic gate
  • Runtime audit

What we ship

  • Application security · SAST/DAST · secure SDLC · dependency audits
  • Threat modeling & architecture review · STRIDE / PASTA
  • Cloud & infrastructure security · IAM · secrets · network posture
  • Compliance · SOC 2 Type II · ISO 27001 · GDPR · HIPAA readiness

Stack

Burp · Semgrep · CodeQL · Snyk
SOPS · age · Vault · OpenVAS
The attack surface · interactive

Five entry points. Pick one to see the mitigation playbook.

FIG. iii · threat-surface map · five entry points
Click any marker to read the mitigation playbook
/ 01
INTERNET
users + bots
/ 02
API GATEWAY · WAF
edge + rate limit + DDoS
/ 03
SUPPLY CHAIN
deps · registry · CI
/ 04
APPLICATION TIER
services · workers · jobs
/ 05
EXT. INTEGRATIONS
OAuth · webhooks
/ 06
DATA STORE
OLTP + warehouse
/ 07
CACHE · QUEUE
Redis + Kafka
! Attack vector

Authentication bypass

The attacker's goal

Reach internal services without a valid credential, often by forging a token or exploiting a weak verification path at the edge.

How we ship against it
  1. 01WAF auth-bypass signatures + reject paths that don't carry a valid issuer
  2. 02MFA enforcement on all admin and operator paths, with risk-based step-up
  3. 03Asymmetric token validation (RS256, EdDSA) with strict aud + iss + exp checks
  4. 04No shared secrets in any verification path; per-route key material
The threat model · walkthrough

Six categories. Real threats. The mitigations we ship against them.

FIG. i · STRIDE threat model · walkthrough
What it is

Identity is misrepresented. An attacker poses as a known user, service, or device to bypass authentication boundaries.

Example threats
  1. 01Forged JWTs signed with shared-secret keys (HS256 with weak entropy)
  2. 02Service-to-service auth bypassed via missing or mis-configured mTLS
  3. 03OAuth scope tampering in third-party flows without audience binding
How we ship against it
  1. 01Asymmetric signing (RS256, EdDSA) with rotating KMS-managed keys
  2. 02mTLS mandatory on every internal hop, enforced at the service mesh
  3. 03Strict OAuth scope validation with explicit aud + iss checks per route
Where we've seen this

Authentication overhaul for , replaced shared-secret JWT with KMS-signed RS256; the audit ledger captured every cross-service hop.

AI / Agent security

AI security isn't a checkbox. It's a different threat model entirely.

Most teams bolting on LLM guardrails treat prompt injection as a 'validate the input' problem. It isn't. The user input IS the instruction context; there's no input-control separation to validate against. The model holds attacker-controlled text and trusted capabilities in the same context, and the prompt convinces it to combine them.

Every LLM in production is a confused deputy. When the prompt overrides the system instruction, the deputy carries out the attacker's intent with the system's authority. The mitigation isn't filtering, it's containment. Tool-permission scoping, deterministic gates, runtime audit, defense in depth.

The deterministic gate is the only honest mitigation for hallucination as a security risk. Verum's own architecture is the proof: load-bearing decisions live in code, the LLM contributes extracted facts and synthesis texture, and the production loop runs unchanged whether the model is right, wrong, or made-up. Hallucination becomes non-load-bearing texture instead of a critical-path failure.

The LLM threat catalog · walkthrough

Six categories. Real attacks. The mitigations we ship.

FIG. iv · LLM threat catalog · walkthrough
What it is

An attacker writes a prompt that overrides system instructions, jailbreaking the model into ignoring its alignment, leaking the system prompt, or executing attacker-controlled instructions inside a privileged context.

Example threats
  1. 01Direct injection via user input ("ignore previous instructions and...")
  2. 02Role-play injection that smuggles new behavior under a fictional frame
  3. 03Adversarial suffix attacks; gradient-optimized strings that defeat alignment filters
How we ship against it
  1. 01Prompt isolation: system + user + retrieved content in clearly delimited blocks; user content never instructs
  2. 02Deterministic gates over LLM output for any load-bearing decision; the model contributes evidence, never the verdict
  3. 03Structured outputs validated against strict JSON schema; reject any response that doesn't conform
Where we've seen this

Pre-launch threat model for a , closed seventeen prompt-injection vectors via prompt isolation and structured-output validation.

AI security · posture

18
LLM systems hardened
47
PI vectors closed at pre-launch
9
Agentic systems with deterministic gates
0
Load-bearing LLM calls in Verum
Defense in depth · interactive

Five concentric walls. Pick one to see what we ship there.

FIG. ii · defense in depth · concentric shields
0102030405

Perimeter

The outermost wall. Everything an attacker can hit without prior access goes through here first.

  • WAF + edge rate-limiting at the CDN (Cloudflare, AWS WAF, Fastly)
  • DDoS protection at L3/L4 (anycast scrubbing) and L7 (challenge interstitials)
  • Bot management with behavioral signals; verified-bot allowlists
  • Public attack-surface inventory; weekly external scan against our own asset list
Red team

Red team is a discipline, not a deliverable.

A pen-test report doesn't make you secure. A red-team engagement reveals what your detection actually catches, what your runbooks actually contain, and what your team actually does at three in the morning.

We don't write findings to a PDF and disappear. We work alongside your blue team to close, verify, and re-test until the chain is broken. The first engagement maps your kill chain end-to-end; each subsequent engagement measures the delta and quantifies operational improvement.

We engage on a rolling cadence rather than a one-shot annual assessment. Tabletops quarterly, simulated breaches semi-annually, full kill-chain walkthroughs annually. Security operations is a muscle; we exercise it.

FIG. v · red-team kill chain · seven stages
/ 01

Reconnaissance

Passive and active info gathering. The attacker's first move is to learn what's there.

Techniques
  • 01OSINT via public GitHub commits and employee LinkedIn
  • 02Passive DNS enumeration and subdomain harvesting
  • 03Rate-limited port scanning calibrated under detection thresholds
Detections expected
  • 01SIEM alerts for unusual external scanning patterns
  • 02DLP signatures on leaked GitHub commits and access tokens
  • 03Perimeter rate-limit violations at the edge
What we close
  • 01GitHub secret scanning with automated revocation
  • 02Employee social-engineering training cadence
  • 03Exposed-service inventory cleanup against shadow IT
/ 02

Initial Access

First foothold. Phishing, credential abuse, known-but-unpatched CVE exploitation.

Techniques
  • 01Phishing with target-crafted lures and pretexting
  • 02Password spraying against published auth surfaces
  • 03Exploitation of known-but-unpatched CVEs on edge appliances
Detections expected
  • 01Anomalous login geo and time fingerprints
  • 02Failed-auth burst alarms above per-account baselines
  • 03IDS signatures for known-exploit traffic shapes
What we close
  • 01MFA on every external surface, no exceptions
  • 02Patch cadence SLAs with measured time-to-deploy
  • 03Phish-resistant credentials (passkeys) for privileged paths
/ 03

Execution / Persistence

Establish presence. Persistence mechanisms survive reboots, credential rotations, and IR's first sweep.

Techniques
  • 01Scheduled-task or systemd-timer creation under benign names
  • 02Registry, cron, or launchd persistence on compromised endpoints
  • 03Cloud IAM role assumption with stale or over-provisioned credentials
Detections expected
  • 01EDR process-tree alerting on unfamiliar children of known parents
  • 02Cron and scheduled-job change monitoring
  • 03IAM activity from stale identities flagged at the access analyzer
What we close
  • 01Credentials rotated on automated lifecycle, no manual exceptions
  • 02Cron and job-scheduler changes under change-management review
  • 03Identity lifecycle automation with off-boarding instrumented
/ 04

Privilege Escalation

Gain higher access. Local privilege first, then domain or cloud-tenant elevation.

Techniques
  • 01Token impersonation against under-segmented service accounts
  • 02Kernel exploitation on outdated container base images
  • 03IAM policy misconfiguration abuse for cross-resource access
Detections expected
  • 01User-to-admin elevation alerts on every privilege grant
  • 02Kernel-syscall anomaly detection from runtime EDR
  • 03IAM Access Analyzer findings on overly permissive policies
What we close
  • 01Container base-image refresh cadence with vuln-scan gating
  • 02Least-privilege policy refactor across IAM
  • 03Break-glass attestation enforcement on all elevation paths
/ 05

Lateral Movement

Move through the environment. Service accounts, RBAC traversal, network pivots.

Techniques
  • 01SMB or RDP pivot to internal hosts via stolen credentials
  • 02Service account abuse across organizational boundaries
  • 03Kubernetes RBAC traversal via mis-scoped ServiceAccount tokens
Detections expected
  • 01East-west traffic monitoring against zero-trust expected flows
  • 02Service account use outside expected calling identities
  • 03Kubernetes audit log correlation across cross-namespace activity
What we close
  • 01Zero-trust segmentation with default-deny east-west
  • 02Service account scoping to single-purpose identities
  • 03Kubernetes RBAC review cycle with surface-area reporting
/ 06

Exfiltration

Extract data. The objective the previous five stages were enabling.

Techniques
  • 01DNS exfil over the resolver chain in steady-rate bursts
  • 02Cloud-bucket dump to an attacker-controlled external account
  • 03Slow drip via expected-traffic channels under volume baseline
Detections expected
  • 01DNS anomaly detection on outbound query volume and entropy
  • 02Cloud bucket cross-account access alerts at the data plane
  • 03Egress volume baselines per workload with drift detection
What we close
  • 01Egress allowlists per workload, no unbounded internet from compute
  • 02Cloud-account boundary policy with SCPs that deny cross-org
  • 03DLP signatures on outbound responses at the application layer
/ 07

Defense Evasion

Stay invisible. Log tampering, timestamp manipulation, runbook reconnaissance.

Techniques
  • 01Log tampering at the source forwarder before SIEM ingestion
  • 02Runbook access reconnaissance to learn IR detection coverage
  • 03Time-stomped activity evading SOC review windows
Detections expected
  • 01Log forwarder integrity monitoring with checksum validation
  • 02Runbook and IR-doc access alerting via documentation telemetry
  • 03Timestamp delta auditing across the event pipeline
What we close
  • 01Write-only log forwarding tier with no source-side editing
  • 02Runbook access audited and reviewed quarterly
  • 03Immutable log retention for forensic continuity

Engagement modes

  • 01
    External black-box

    Perimeter only, public info, no credentials. Models an outside attacker with zero prior access.

  • 02
    Assumed breach

    Start with one compromised credential. Measure how far lateral spread goes before detection.

  • 03
    Insider threat

    Start with junior-employee access. Model the malicious-insider scenario end-to-end.

  • 04
    Application gray-box

    Source code plus credentials. Deep application-layer assessment with insider knowledge.

  • 05
    Red vs blue (extended)

    Multi-week engagement measuring detection and response cadence across the full kill chain.

Red team · posture

14
Engagements · 2025
8.5h
Mean time to first P1
96%
Findings closed within SLA
4
Mean P1s · assumed-breach

Posture

47
Audits delivered
340+
Findings closed
9
Active certifications
12
Domains
Monitoring active
Frameworks · audited
  • SOC 2 Type II
  • ISO 27001
  • GDPR
  • HIPAA
  • PCI DSS

Certifications · on bench

  • CISSP
  • OSCP
  • CISM
  • OSCE
  • GIAC GPEN
  • CCSP

Engagement domains

  • Fintech
  • Healthcare
  • Public Sector
  • Critical Infrastructure
Engagement · redacted sample

Engagement with Pharma, 14-day red team, 9 P1 findings, all resolved within SLA.

Hover or focus the bar to reveal · client identity protected

REGISTER · BLUEPRINTIN.↓ CH.04