Know Your Agent

When agents handle real money, trust can’t be assumed.

Enterprises are handing real work — and real budgets — to autonomous agents. An agent that issues refunds, moves funds, or touches customer data is only as safe as its weakest prompt.

You run the open-core engine against your exact configuration — a live attack corpus of prompt injection, tool abuse, system-prompt extraction and data leakage. It runs locally; your keys and transcripts never leave your machine.

Then the server maps your stats-only findings to AIUC-1, ISO 42001 and the EU AI Act and signs an audit-ready certificate — without ever seeing your data. Independence proven by architecture, not just position.

PharosOne

Independent security & compliance infrastructure for AI agents. Know Your Agent — prove it’s safe before you trust it.

npx skills add pharosone/pharosone

Runs locally. Default offline mock tier — no API key, no network, no Docker.

info@pharosone.ai

The product

Prove your agent.

Install the open-core engine and test your own agent locally — free. Pay only when you need the certificate or a human audit.

npx skills add pharosone/pharosone
View the source on GitHub

Prove · Certification

Turn your findings into a signed, audit-ready certificate.

When you need to prove it to a risk committee, our server maps your stats-only findings to AIUC-1 and returns a signed (Ed25519) certificate — without ever seeing your transcripts.

Certificate of Assessment

support-agent

2026-06-30

Attack-success
18.3% (95% CI 14.1–23.0)
Findings
3 high · 9 medium
Coverage
118 probes · mock tier
Standards
AIUC-1 · ISO 42001 · EU AI Act

Ed25519 · stats-only · no transcripts

Premium · Expert audit

When the stakes need a human adversary.

The engine and the certificate prove coverage at scale. For high-stakes deployments, our offensive team audits your agent by hand — chaining attacks a corpus can’t, validating findings, and writing the report your risk committee will defend. We also run traditional penetration tests for organisations that don’t have AI agents yet.

Led by

A Deputy CISO and offensive-security lead — with a team of senior security engineers behind them.

Nine-plus years building and running red teams across enterprises from 3,000 to 120,000 people — research spanning IoT, mobile, web, network and wireless, woven into the SDLC, aligned with ISO 27001 and SOC 2, and translated for the boardroom.

22 CVEs disclosedmost rated critical
Black Hat speaker13 international talks
OSCP · OSEPoffensive certifications
MSc, Information SecurityBMSTU
Author & tool-builderIoTSecFuzz · Pentest Collaboration Framework
CTF top-3Standoff ’21/’22 · DEF CON 28 & 29 IoT winners
Contact

FAQ

What teams ask before they trust an agent.

What does PharosOne actually test?

A live corpus of real-world attacks — prompt injection, tool abuse, system-prompt extraction, data leakage — that you run against your exact agent. Each probe is varied with mutation and LLM-paraphrase (EN/RU and your agent's language), so coverage never hangs on one brittle string.

Can I try it instantly?

Yes. The default offline mock tier runs with no API key, no network, and no Docker, so you can see the engine work in seconds. A real test against your agent is opt-in (--tier model / --tier bridge).

Free or paid — where's the line?

Free and self-run: the open-core engine, onboarding skills, an example corpus, and a raw findings.json. Paid and server-side: the full proprietary corpus, the mapping to AIUC-1, and a signed, audit-ready certificate.

Do my prompts or transcripts ever leave my machine?

No. API keys and system prompts stay in memory for the run — never to disk, logs, or the network. At certification, only stats-only evidence (attack-success rates, counters) is uploaded, Ed25519-signed. WireEvidence has no transcript field by construction, so the proof conversation physically cannot be sent.

Why is the certificate independent?

Because the server maps your findings to the standard and signs the report without ever seeing your data. We don't build agents — and it's the architecture, not just our position, that makes the result neutral.

Which standards do you map to?

AIUC-1, ISO 42001, the EU AI Act, NIST AI RMF and the OWASP Agentic Top 10 — every report is audit-ready for the committees your stakeholders already trust.

From the population to your agent

Knowing the odds isn’t knowing your agent.

Prove your agent is safe before you trust it.