CoWorker Inc. (Headquarters: Shinjuku-ku, Tokyo; Representative Director: Kazuki Yamasato; hereinafter referred to as "the Company" or "CoWorker"), a developer and provider of AI security solutions, has launched the "LLM Diagnosis Service," specializing in the use of generative AI/LLM. This service is a dedicated diagnosis targeting AI utilization integrated into the DX services provided by the Company and internal AI utilization by companies, comprehensively evaluating risks specific to LLM-integrated applications. While traditional vulnerability diagnosis services have primarily focused on the vulnerabilities of web applications and the entire infrastructure, the new service focuses on "safe utilization of generative AI."
Learn more about the "LLM Diagnosis Service" here: https://www.coworker.co.jp/ai-llm-diagnosis
CoWorker, an AI security company, launches "Vulnerability Diagnosis Service" – accelerating diagnosis and suppressing oversight of critical risks with a hybrid diagnosis of proprietary AI "Red Agent" x experts.
**Rapid Expansion of Generative AI Utilization and New Risks** With the spread of large language models (LLMs) like ChatGPT and Gemini, chatbots and AI assistants are rapidly being integrated into corporate DX services and internal operations. However, LLM-specific vulnerabilities such as prompt injection, information leakage, and misuse of output are becoming apparent, making it increasingly difficult to detect them with traditional vulnerability diagnosis services. The Company has developed a new diagnostic service to support the safe utilization of generative AI, based on the LLM Top 10 risks defined by OWASP.
OWASP Defined LLM Top 10 Risks: The Open Worldwide Application Security Project (OWASP) has compiled a list of the 10 most critical security threats and risks specific to large language model (LLM) applications. It was formulated in 2023 to address new vulnerabilities faced by security personnel and developers in the development and implementation of generative AI and AI applications. OWASP Gen AI Security Project https://genai.owasp.org/llm-top-10/
**Multifaceted Evaluation of LLM-Specific Risks** The LLM Diagnosis Service evaluates the overall safety of systems using generative AI by combining the following three approaches: * **Penetration Test Diagnosis:** Simulates attacks on chatbots and AI agents under conditions close to the actual operating environment, verifying prompt injection, privilege escalation, authentication/authorization deficiencies, etc. * **MCP Server Diagnosis:** Inspects the tool integration and API call parts used by LLM agents, confirming the validity of authentication/authorization, input validation, and sensitive information management. * **Source Code Diagnosis:** Statically analyzes the code base and API specification documents for LLM integration parts, evaluating the safety of input validation implementation and prompt construction.
**Main Features** **Dedicated Diagnosis for Safe Generative AI Utilization** The LLM Diagnosis Service achieves a balance of speed, accuracy, and cost by adopting a hybrid diagnosis approach combining its proprietary AI "Red Agent" with experienced engineers. Its main features are as follows: * **Speed:** The AI agent automates the diagnosis, shortening LLM safety verification, which traditionally took several days, to just a few hours. * **High Accuracy:** Red Agent achieved an **89.1% detection rate** in vulnerability diagnosis benchmarks, with AI analyzing diverse test patterns based on public vulnerability information (CVE) and various web attack scenarios. Furthermore, combining this with expert review provides highly accurate diagnostic results. * **Low Cost:** By having the AI handle routine tasks, significant cost reductions compared to traditional diagnosis fees are possible. * **Practical Reporting:** The detection results include risk levels, impact scope, reproduction steps, attack scenarios, and improvement suggestions, providing advice directly relevant to the operation of generative AI adoption projects.
**"LLM Diagnosis Service" Provision Flow** 1. **Hearing:** After inquiry, we will confirm the outline and requirements of the diagnostic target via an online meeting and propose the optimal diagnosis plan. 2. **Diagnosis Execution:** Based on the provided source code and API endpoint information, we will perform the diagnosis using Red Agent, and experts will confirm and evaluate the results. Black-box testing will also be used as needed. 3. **Human Review:** Experienced security engineers will scrutinize the AI results, compiling them into a report that includes risk assessment, prioritization, and improvement measures. 4. **Report Delivery:** The report will be delivered in PDF format within a minimum of 3 business days from the start of the diagnosis. Immediate notification is possible for critical issues. 5. **Improvement Support:** We provide technical advice and re-diagnosis services necessary for fixing vulnerabilities.
**Recommended for Companies Like These** Recommended for companies and needs such as the following: * Companies developing and providing DX services and products utilizing generative AI. * Development and business departments using chatbots and AI assistants internally. * Organizations wishing to mitigate risks such as prompt injection and data leakage when utilizing external LLM APIs. * Projects wanting to confirm security requirements in the early stages of generative AI adoption.
**Introduction to the Expert Team** CoWorker's vulnerability diagnosis service is characterized by the addition of reviews and support from a group of security-proficient experts, in addition to AI-driven autonomous diagnosis. Our professionals collaborate to protect our clients' systems: * **AI Researchers/Developers:** Responsible for R&D of AI algorithms and large language models, achieving improved accuracy and speed in vulnerability diagnosis. They take an integrated approach across AI, Security, and R&D, from the R&D stage to social implementation. * **Penetration Testing Experts:** Experienced Red Team members proficient in actual attack techniques verify the AI's diagnostic results, identifying high-risk vulnerabilities. By complementing the diagnosis from an attacker's perspective, they can address complex issues that AI agents alone cannot find. * **Industry-Experienced Engineers:** Engineers with experience in diverse industrial fields such as insurance, education, healthcare, automotive, and infrastructure participate in projects. They propose practical improvement measures while understanding industry-specific security requirements. * **Collaborative Project Managers:** Project managers who understand the client's business goals and development processes oversee the entire project, not just security measures. CoWorker aims to co-create management, products, and technology with polished expertise and dialogue as a platform for collaboration.
**Message from Representative Director** "With the widespread adoption of generative AI, LLMs are rapidly being integrated into corporate DX services and internal operations. However, AI-powered services present 'AI-specific risks' such as prompt injection and confidential information leakage, in addition to the vulnerabilities of traditional web applications. These cannot be adequately detected by conventional security measures and vulnerability diagnoses alone. CoWorker believes it is crucial to conduct diagnoses with an understanding of AI's internal structure and behavior. The LLM Diagnosis Service we are launching combines an evaluation based on the OWASP LLM Top 10, automated diagnosis by our proprietary AI 'Red Agent,' and expert reviews to comprehensively verify the safety of generative AI applications. Under our philosophy of Security × AI, we believe that 'security protected by AI' is essential in a society that utilizes AI. Through this service, we aim to create an environment where companies can confidently use generative AI and elevate the safety foundation of society to the next stage."
**Free Consultation & Inquiries** You can consult with us for free on everything from how to proceed with vulnerability diagnosis to selecting a plan. Please feel free to contact us via the [Contact Form] on our website (https://www.coworker.co.jp/contact).
Contact CoWorker Inc. for product/service and PR inquiries: CoWorker Inc. PR Team Contact Form https://www.coworker.co.jp/contact
**About CoWorker Inc.** CoWorker Inc. is a small, elite AI technology company that leverages its high technical capabilities across three domains: system development, IT consulting, and security. Through research and development in next-generation security under the philosophy of "Security × AI," it contributes to strengthening the societal safety foundation.
Company Name: CoWorker Inc. Established: February 2019 Address: 6th Floor, Nishishinjuku Mizuma Building, 3-3-13 Nishishinjuku, Shinjuku-ku, Tokyo Representative Director: Kazuki Yamasato Business Activities: IT Consulting / System Development URL: https://www.coworker.co.jp/
FACT BOX
- Source: PR TIMES
- Category: News