Deterministic Analysis

Agent Containment
Review

Deterministic review of what your agents can and cannot do. We map actual capability boundaries, test whether your architecture stops on unknown input, and deliver concrete policy patches ready to deploy.

15,000 DKK · Deterministic analysis · Enforceable policy patches

The problem with agent security today

Probabilistic containment

— System prompts that say "do not access external services"
— Relies on the model following instructions
— Bypassed by prompt injection or tool misuse
— No audit trail when boundaries are crossed

Deterministic containment

→ Enforceable policies that block unauthorised actions
→ Works regardless of what the model decides
→ Cannot be bypassed through conversation
→ Every policy violation is logged and traceable

Most agent deployments rely on the left column. We deliver the right column.

What you get

A concrete assessment of your agent's actual boundaries — not what the documentation says, but what the system enforces.

review outputsample

CONTAINMENT REVIEW — SUMMARY

Agent boundary mapping complete.
4 capability domains evaluated.

────────────────────────────────────────

  External network access     ✗ UNRESTRICTED
  Data exfiltration path      ✗ BOUNDARY VIOLATION
  Privilege scope             ✓ CONTAINED
  Unknown input handling      ✓ FAIL-CLOSED

────────────────────────────────────────
RESULT: 2 FAIL / 2 PASS
Enforceable policy patches: 2 included
Deployment-ready: YES

Review areas

BOUNDARIES

Capability mapping

What can your agent actually reach? We map every external service, API, and data store your agent has access to — intended or not.

FAIL-CLOSED

Architecture validation

Does your system stop or continue when something unexpected happens? We test whether unknown input triggers a safe shutdown or an open door.

ENFORCEMENT

Policy patches

Not a report with recommendations. Concrete, deployment-ready policy patches that enforce the boundaries your agents should have had from day one.

Deliverables

Included

✓ Full capability boundary map of your agent infrastructure
✓ Fail-closed / fail-open status for every access path
✓ Deployment-ready policy patches
✓ EU AI Act Art. 14 compliance mapping

Not included

— Penetration testing of non-agent systems
— Model fine-tuning or retraining
— Ongoing monitoring (available separately)
— General IT security audit

Not recommendations. Enforceable rules.

Book a containment review

15,000 DKK · Delivered within 5 business days

Agent ContainmentReview