ToxSec - AI and Cybersecurity

ToxSec - AI and Cybersecurity

Home
Notes
Disclaimer
Contact
Consult
About

Consulting

I’m ToxSec. M.S. Cybersecurity Engineering. CISSP. Career split between the NSA, U.S. defense contractors, and big tech AI security. I break AI systems for a living, then write about it.

If you’re shipping AI into production and nobody on your team has thought hard about prompt injection, model exfiltration, or what happens when your agent gets hijacked mid-chain: we should talk.

What I Do

AI Security Architecture Review You built the thing. I look at it the way an attacker would. Trust boundaries, input validation gaps, tool call exposure, agentic control flow. I map the attack surface and tell you what’s actually dangerous versus what’s just ugly.

Adversarial AI Red Team Structured offensive testing against your deployed models and pipelines. Prompt injection. Jailbreak resistance. Data exfiltration paths. Context manipulation. I document the chain, score the risk, and hand you something your devs can actually act on.

AI Threat Modeling STRIDE applied to LLM systems. We walk through your architecture, identify where trust assumptions break, and build a threat model that doesn’t read like a compliance checkbox.

Incident Response Advisory Something weird happened with your model. Outputs are off. Data looks wrong. You suspect compromise but don’t know where to start. I help you triage, scope, and contain -- then figure out how it happened.

Executive / Leadership Briefing Your board or C-suite wants to understand AI security risk but doesn’t want a PhD seminar. I give them a tight, honest briefing -- what’s real, what’s overblown, and what decisions they actually need to make.

Who This Is For

You’re probably a fit if:

  • You’re shipping LLM-powered products and security is an afterthought you’re trying to fix

  • Your red team has no AI-specific experience

  • You got hit with something and don’t understand what happened

  • You need a credible external voice to back up what your internal team has been saying for months

Probably not a fit if:

  • You want someone to fill out a SOC 2 questionnaire

  • You’re looking for a compliance audit with a clean checkbox at the end

  • Your budget is “we were hoping you’d do it for equity”

Contact

Shoot an email to 0xtoxsec@gmail.com with a one-paragraph description of what you’re trying to solve. No NDAs required upfront. First call is 30 minutes, no charge. Just enough to figure out if the problem is in my wheelhouse.

If you’re already a Founding Member, you have direct access.

ToxSec consulting engagements are independent of any employer or government affiliations. Nothing here represents the views or work product of any past or current employer.

© 2026 Christopher Ijams · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture