Tagwercher Security

Working remotely with SaaS teams across DACH, the UK, and the US.

Sebastian Tagwercher

AI & LLM Security Audits, grounded in research.

I audit the security of LLM-powered features — chatbots, copilots, RAG pipelines, agentic systems — backed by published MSc research into attack vectors against large language models. Web pentesting also available via my vetted partner network.

See what I offerGet a free finding

My MSc thesis on LLM attack vectors developed a formal taxonomy of attacks against, using, and within large language models. It combines a comprehensive literature review with four practitioner interviews and an empirical exploration of a Cambridge University dark-web forum dataset. The taxonomy now shapes how I scope and structure security audits.

Read the research →

Article 15 of the EU AI Act, now deferred to December 2027 for standalone high-risk AI systems, requires documented resilience against the same attack categories the thesis taxonomy describes.

Services

One primary practice. Web pentesting available as a direct referral.

AI / LLM Security Audit

From €15,000

Scoping calls from €2,500

3–6 weeks depending on scope

  • OWASP LLM Top 10 2025 + Agentic 2026 coverage
  • Prompt injection, RAG, and agent tool-call testing
  • CVSS-rated findings mapped to NIST AI RMF and EU AI Act
Full details →
Web pentesting

Via referral

Need a standalone web pentest? I'll refer you to senior testers I trust — no margin, direct introduction.

Ask me →

Why work with me

There are plenty of security consultants. Here's what makes this different.

Published research on LLM security

Not a certification badge — peer-reviewed MSc work analyzing real attacker behavior in dark-web forums, with a formal taxonomy of attacks against, using, and within LLMs. Read the research.

Business fluency

BA in Business Administration and corporate tax accounting background. Findings connect to your P&L and your risk register, not just your tech stack.

Research-backed methodology

Six-phase methodology grounded in OWASP LLM Top 10 2025, OWASP Agentic 2026, MITRE ATLAS, and NIST AI RMF Generative AI Profile. Tooling: Garak, Promptfoo, PyRIT, DeepTeam, plus manual testing.

Fixed scope, honest pricing

Every engagement is scoped upfront with a written SOW and a fixed price band. 50/50 billing. No hourly overruns, no scope creep invoices.

See what a real report looks like

Before you commit, see exactly what you'll get. The sample report shows the format, severity ratings, reproduction steps, and remediation guidance from a real AI security engagement.

Download sample report

Case study

What a full AI security engagement looks like

From first contact through scoping, testing, and retainer — a sanitized composite of a real engagement, showing the full methodology and timeline.

Read the case study →

Get in touch

I'll respond within 24 hours. If you want to skip the form — email me directly or book a 20-min intro call.

Get a free finding
s.tagwercher@proton.meBook a 20-min intro call →

By submitting this form, you agree to the processing of your personal data as described in the Privacy Policy.