GMO Cyber Security by Ierae Launches "AI Agent Penetration Testing"
GMO Cyber Security by Ierae started providing a new service on April 27, 2026, to verify security risks in enterprise AI agents, chatbots, and RAG systems using white hacker expertise.
📋 Article Processing Timeline
- 📰 Published: April 27, 2026 at 20:30
- 🔍 Collected: April 27, 2026 at 12:01
- 🤖 AI Analyzed: April 28, 2026 at 02:43 (14h 41m after Collected)
GMO Cyber Security by Ierae, Inc. (CEO: Makoto Makita), part of the GMO Internet Group, launched the "AI Agent Penetration Testing" service on April 27, 2026. This service targets AI agents, chatbots, and RAG (Retrieval-Augmented Generation) used within corporations, verifying risks of exploitation by cyber attackers using methods equivalent to real-world threats.
In this service, white hackers visualize risks related to information leakage, unauthorized operation, and privilege escalation starting from AI, taking into account the customer's business flow, system permission settings, and integration with external applications. This allows companies to use AI safely in their operations.
**Background of Service Launch**
Recently, the use of AI for business automation and productivity improvement has accelerated across various industries. On the other hand, concerns are rising about risks such as unintentional leakage of personal or confidential business information, and AI being used as a springboard for cyber attacks. Given this background, GMO Cyber Security by Ierae is utilizing its white hacker expertise to provide practical penetration testing focusing on AI as a starting point for cyber attacks.
**Service Overview**
- **Verification of Cyber Attack Risks in Business Environments**: White hackers interview customers on their AI usage and create original test scenarios. By borrowing employee PCs for testing, they verify risks using the same methods as actual attackers.
- **Specific Risks**: In addition to validating prompt injection against LLMs, the service targets system permissions, data access rights, and integrated systems to visualize specific risks of leakage and unauthorized manipulation.
- **Examples of Risks in AI Business Use**:
1. Unintentional information leakage: Risk of data flowing out through malicious prompt injection while the AI has access to sensitive data.
2. Privilege Escalation: Risk of AI agents having permissions beyond the necessary range, allowing access to restricted data.
3. Unauthorized Operation and Lateral Movement: Risk of exploiting integrations with external systems or workflows, using AI as a stepping stone to impact the entire system.
The service can also perform evaluations based on the "Red Teaming Methodology Guide for AI Safety (v1.10)" issued by the AI Safety Institute (AISI).
**Target Examples**:
- Enterprise AI services such as Microsoft 365 Copilot / Azure OpenAI
- AI agents for business automation and internal operation support
- RAG systems for internal knowledge search and answer generation
- Chatbots
- Other AI systems including integrations with internal tools (files, tickets, CRM, workflows, etc.)
In this service, white hackers visualize risks related to information leakage, unauthorized operation, and privilege escalation starting from AI, taking into account the customer's business flow, system permission settings, and integration with external applications. This allows companies to use AI safely in their operations.
**Background of Service Launch**
Recently, the use of AI for business automation and productivity improvement has accelerated across various industries. On the other hand, concerns are rising about risks such as unintentional leakage of personal or confidential business information, and AI being used as a springboard for cyber attacks. Given this background, GMO Cyber Security by Ierae is utilizing its white hacker expertise to provide practical penetration testing focusing on AI as a starting point for cyber attacks.
**Service Overview**
- **Verification of Cyber Attack Risks in Business Environments**: White hackers interview customers on their AI usage and create original test scenarios. By borrowing employee PCs for testing, they verify risks using the same methods as actual attackers.
- **Specific Risks**: In addition to validating prompt injection against LLMs, the service targets system permissions, data access rights, and integrated systems to visualize specific risks of leakage and unauthorized manipulation.
- **Examples of Risks in AI Business Use**:
1. Unintentional information leakage: Risk of data flowing out through malicious prompt injection while the AI has access to sensitive data.
2. Privilege Escalation: Risk of AI agents having permissions beyond the necessary range, allowing access to restricted data.
3. Unauthorized Operation and Lateral Movement: Risk of exploiting integrations with external systems or workflows, using AI as a stepping stone to impact the entire system.
The service can also perform evaluations based on the "Red Teaming Methodology Guide for AI Safety (v1.10)" issued by the AI Safety Institute (AISI).
**Target Examples**:
- Enterprise AI services such as Microsoft 365 Copilot / Azure OpenAI
- AI agents for business automation and internal operation support
- RAG systems for internal knowledge search and answer generation
- Chatbots
- Other AI systems including integrations with internal tools (files, tickets, CRM, workflows, etc.)