THE MANDATE

Our Mandate

Why this firm exists, specifically. A founding manifesto for adversarial AI security — dated, opinionated, and revised quarterly.

Published: Jan 2026 · Revised: May 2026

// FOUNDING THESIS

Most AI systems shipping to production in 2026 will be exploited inside their first year. The discipline of breaking them — adversarially, ethically, before attackers do — does not yet exist at scale. We are building it.

— LogicLeak founding mandate · January 2026

// THE EVIDENCE

why we believe the thesis

73%

of production RAG agents leaked credentials under crafted markdown exfiltration in our 2026 field survey

LogicLeak Field Report 0008 · May 2026

11 / 40

agents in a typical 40-node CrewAI deployment had at least one privilege escalation path on first audit

LogicLeak Engagement 0014 · Q1 2026

AI-specific certifications exist in the major security practitioner bodies (OffSec, SANS, ISC2) as of May 2026

Public certification catalogs · May 2026

boutique firms globally with published, reproducible methodologies for adversarial AI testing

LogicLeak market survey · April 2026

// WHAT WE BELIEVE

six opinions, dated and defensible

Benchmarks lie. Production deployments tell the truth.

Public adversarial benchmarks are static, deterministic, and well-trained-against. They tell you whether a model can pass a known test, not whether your stack can survive an attacker who's seen your codebase. Our work is exclusively against live deployments, with permission.

The interesting attack surface is between systems, not inside them.

Single-model jailbreaks are the easy work. The hard work is chained injection across agents, retrieval-layer poisoning that compromises downstream LLMs, and trust boundary failures between tools. This is where 2026's real losses will happen.

AI security is a software-engineering discipline, not a prompt-engineering one.

Treating AI security as 'find clever prompts' produces toy reports. Treating it as 'audit a software system with a statistical component' produces actionable findings. Our engagements look more like binary analysis than like red-teaming.

Disclosure is part of the work, not a marketing afterthought.

Vulnerabilities found on engagements that affect entire categories of systems get coordinated disclosure with vendors. Always. Our methodology is open. Our findings are sanitized and published. Selling exclusivity on attack patterns slows the field down — and the field needs to go faster.

Compliance is a side effect of doing the work, not the work.

EU AI Act, NIST AI RMF, ISO 42001 — these matter, and we deliver artifacts that satisfy them. But a firm that leads with compliance checkboxes will produce compliance-checkbox results. We start from adversarial reality and let compliance follow.

Small, surgical, and slow beats large, generalist, and fast.

We will not scale this firm into a 200-person consultancy. We will not accept engagements outside our depth. We will not run 12 engagements simultaneously to hit a revenue number. The right size for this work is the size that lets each engagement get full senior attention.

// WHAT WE WON'T DO

a real firm has a refusal list. here's ours.

No engagements without written authorization

Verbal scope creep is how good firms become liable firms.

No work for governments seeking offensive AI capabilities

We help defenders. Selling attack research to nation-state buyers is outside our mandate.

No 'AI red team in 5 days' engagements

Two weeks is our floor. Real adversarial work takes time. Anything faster is theater.

No client testimonials we wrote

All published quotes from clients are their words, with their approval. If we can't get approval, we don't publish.

No claiming compliance certifications we don't hold

When we have SOC 2, we'll show the report. Until then, we don't claim it.

No subcontracting to anonymous offshore teams

Every person on every engagement is named, vetted, and bound by NDA. No hidden labor.

// HOW WE OPERATE

mandate without operations is poetry

01 · INBOUND

Audit request

All inbound goes to a single intake reviewed by senior staff. We accept engagements only when we have the right people and the right time. 24h reply, NDA before scope.

→

↓

02 · ENGAGEMENT

2–6 week campaign

Two senior practitioners per engagement minimum. Daily async updates. Fixed scope, fixed price, weekly findings delivered as they emerge — not at the end.

→

↓

03 · AFTERMATH

Sanitize, disclose, publish

Engagement materials deleted after 30 days. Vulnerabilities affecting third parties get coordinated disclosure. Findings that generalize become Research.

// PROVENANCE

This mandate was written in January 2026 by the founding investigator at LogicLeak's launch. It is revised quarterly. Where we depart from the mandate in practice, the mandate gets revised — not the practice quietly. Change log below.

Last revised: May 2026

MAY 12 2026Added Belief 06 (size discipline) after first quarterly review.

MAR 02 2026Added Refusal #2 (no offensive AI work for governments) after declining first such inquiry.

JAN 08 2026Initial publication.

REQUEST AN AUDIT →