PHIXE AI Assurance Book a call
TRUST

How Phixe Handles Your Code and Data

How Phixe handles your code and data: staging over production, least-privilege time-boxed credentials, NDA-first scope, reproducible evidence.

4 min read TrustData handlingNDAResponsible disclosureScope

Trust in an AI security engagement is not a promise — it is a set of concrete controls you can inspect before anyone touches your systems. This page describes exactly how we handle access, your code, and your data, what we put in writing first, and the work we will refuse. If any of it does not fit your constraints, tell us before scope is signed and we will adjust it or decline the engagement.

Access

We default to the least access that can still produce a real finding.

  • Staging over production. We test against staging or an isolated test environment, not your live system. Production access is a documented exception, not the starting point, and it is agreed in writing before it happens.
  • Least privilege. We ask for the narrowest set of credentials and scopes the work requires — read-only where read-only is enough, a single service account rather than shared admin.
  • Time-boxed credentials. Access is granted for the engagement window and revoked at the end. We prefer credentials you can rotate and expire on your own schedule.
  • Isolated environments. Where the test could affect other tenants, other users, or shared data, we run it in an environment isolated from all of them.
  • Written scope before anything runs. No system is touched before the scope, the environments, and the rules of engagement are written down and signed. If a target is not named in scope, we do not test it.

Your data

Minimal handling is the rule, not an aspiration.

  • No client code or data in third-party AI tools without written approval. We do not paste your source, prompts, or data into external AI services by default. Any tooling that would is named in the statement of work and used only within the bounds you approve.
  • Minimal data handling. We collect and retain only what a finding requires as evidence. We do not pull down full datasets when a representative sample proves the issue.
  • NDA before scope. A mutual NDA is in place before we discuss anything specific about your systems.
  • DPA where personal data is in play. When the work involves personal data, a mutual data processing agreement governs how it is handled, stored, and deleted.

Evidence and reporting

Every finding carries reproducible evidence — request traces, exact inputs, and the steps to reproduce, not a screenshot of a vibe. Findings are mapped to the frameworks your reviewers already recognize (OWASP LLM Top 10, the OWASP Agentic Security Initiative work, MITRE ATLAS, NIST AI RMF) so they translate cleanly. Reports are written to be handed directly to your buyer’s or your own security team: severity, impact, reproduction, and a concrete remediation for each item. See a redacted example in the sample assessment report, and how findings are produced in the methodology.

The paper

We keep the paperwork boring and clear on purpose.

  • NDA-first, before any detail of your systems is shared.
  • A clear SOW with fixed scope — the targets, the environments, the rules of engagement, and the deliverables named up front, so there are no surprises about what we will and will not do.
  • Insured. We carry professional liability cover appropriate to security consulting work.

Responsible disclosure

If our testing surfaces something that affects a third party — a vendor, an upstream model provider, an open-source dependency — we practice coordinated disclosure. We report it responsibly to the affected party and give them reasonable time to remediate before anything is made public, and we keep you informed throughout.

What we will not do

Some lines we do not cross, because crossing them would make the work dishonest or unsafe:

  • We will not test systems we lack authorization for. No target outside the signed scope, ever.
  • We will not certify that your AI is “safe.” We reduce risk and prove exactly what we tested. No one can honestly sell a certificate that an AI system is safe, and we will not pretend otherwise.
  • We will not audit our own build for the same client. If we built it under Build and Run, the assurance sign-off belongs to independent eyes — ours reviewing ours is not an independent review.

If you want to see how this maps onto a specific engagement, tell us your constraints and we will describe exactly how we would scope it — or read more about who we are.

Frequently asked

Do you need production access to run an assessment?
Almost never. We work against staging or an isolated test environment with least-privilege, time-boxed credentials. Production access is a documented exception, agreed in writing, only when a finding genuinely cannot be reproduced anywhere else.
Will our code or prompts end up in a third-party AI tool?
Not without your written approval. By default we do not paste client code, prompts, or data into external AI services. Where we do use tooling, the scope is named in the SOW and constrained to what you have approved.
What happens to our data and credentials when the engagement ends?
Credentials are revoked at the end of the engagement, test environments are torn down, and working data is deleted or returned per the agreement. What remains is the report and its evidence, written to hand to your buyer's security team.

There's a security review between you and your next deal.

Ask how we would scope your engagement