Case Study Download (PDF)
The Snapshot
1
AI security boundaries validated for a private LLM chatbot before it touched proprietary research and manufacturing data.
2
Devoteam Cyber Trust AI Pentesting methodology applied, grounded in MITRE ATLAS, OWASP LLM & Agentic Top 10.
3
Critical findings remediated across the LLM and Web application layers ahead of go-live.
The Client
A global CDMO (Contract Development & Manufacturing Organisation) with ~18,000 employees across more than 30 sites on five continents. Operating across pharmaceutical, biologics, cell & gene therapy and specialty ingredients divisions, it handles highly regulated and commercially sensitive research data, and introduced a private LLM-powered chatbot to support internal scientific workflows.
The Challenge
-
AI expands the attack surface. LLM-powered systems introduce an entirely new class of risks that traditional security testing was not designed to address. Organisations deploying AI cannot assume that existing security controls are sufficient.
-
Sensitive data at model boundaries. The organisation handles highly regulated and commercially sensitive research data across five continents. Misconfigured model behaviour risks exposing IP, manufacturing processes or patient-adjacent data.
-
RAG introduces non-deterministic risk. Retrieval-Augmented Generation architectures create complex trust boundaries where response quality depends on what documents are retrieved, and certain failure modes cannot be fully eliminated by traditional input validation.
The Solution
AI Pentesting methodology – A robust, structured approach grounded in MITRE ATLAS, OWASP LLM and Agentic Top 10, the industry's most comprehensive frameworks for adversarial AI risk, ensuring every known AI attack category is systematically covered.
AI vulnerabilities add to the old ones – LLMs are built on top of existing infrastructure, APIs and web applications. These were also targeted by our Web Application Testing methodologies.
Enabling the mission – By securing the AI systems that underpin scientific knowledge management across a global manufacturing network, the engagement directly supports the organisation's ability to accelerate the development and manufacturing of advanced treatments.
MITRE ATLAS
OWASP LLM Top 10
OWASP Agentic Top 10
Key Findings
Critical issues identified and remediated ahead of go-live, across both the LLM and the Web application implementations.
LLM
System Prompt Leakage
Attackers could extract the model's full instructions and operational constraints.
Impact: Exposing internal logic, business rules and undisclosed system behaviour.
RAG
LLM Misinformation
Users could be affected by hallucination under specific conditions.
Root cause: Defective RAG implementation: the LLM hallucinates instead of deflecting in the absence of expected results.
The Impact
Through this engagement, Devoteam Cyber Trust enabled the client to:
- Validate AI security boundaries before exposure to proprietary research and manufacturing data.
- Remediate critical findings across the LLM and Web application implementations ahead of go-live.
- Close the attack surface before exposure, with no impact to live scientific workflows.
- Adopt a repeatable, framework-driven approach to securing future AI deployments.
Back to Case Studies
Your Security
Starts Here
Partner with Devoteam Cyber Trust to gain expert-led cybersecurity assessments and a culture of continuous risk improvement.
→ Get in touch
