Penfield: SOC 2 and AI agent security testing
How an AI process intelligence company tested agent guardrails, RAG ingestion, and traditional app/API surfaces in one engagement.
“Generic pentesters do not understand AI agent tool abuse or process verification pipelines. DeepScan tested our agent guardrails, RAG ingestion paths, and traditional web/API surfaces in one engagement, exactly what our financial services buyers asked for.”
agent surfaces tested
buyer evidence
ingestion paths covered
combined report
Challenge
What needed to be proven
Penfield needed security proof for financial services buyers who asked about SOC 2, app security, and AI agent controls together.
The attack surface included customer workflows, API authorization, RAG ingestion, and agent tool boundaries.
Approach
How DeepScan tested it
DeepScan combined web/API pentesting with AI-specific scenarios including indirect prompt injection, retrieval leakage, and unsafe tool calls.
Human operators reviewed evidence quality and translated technical issues into buyer-readable risk language.
Results
What changed
Penfield received one report covering traditional and AI-native risks, reducing the need for separate vendor engagements.
The evidence helped answer financial services procurement questions with concrete proof rather than policy-only responses.
Services used
- Ai Agent Pentest
- Api Pentest
- Soc2 Iso Hipaa Pentest
Need evidence like this for your audit or deal?
Start self-serve with a target today, or book a DeepScan-led pentest if you need the report delivered for you.
DeepScan delivers agentic pentesting with CyberImmune and CREST Certified partner delivery where required.