We got tired of watching security teams discover AI vulnerabilities the wrong way.
Orithos is built by security engineers who have been on both sides of an AI security incident โ the side that finds the vulnerability during a scan, and the side that finds it during a breach. We built the scanner we needed when we were doing the scanning.
Three things we refuse
to compromise on.
Security tooling earns trust through what it won't do as much as what it will. These are the design constraints we've built Orithos around.
How we designed
the scan engine.
The scan architecture is published. These are the design decisions that distinguish Orithos from generic LLM security tools.
The attack library
is public. Here's why.
Security through obscurity is not a security model. Making our probe catalog public means the security community can challenge our methodology, contribute new attack patterns, and verify our findings. The catalog is version-controlled and published on GitHub.
Frameworks we contribute to
and build against.
Credibility in security is earned through community participation. We contribute to the frameworks we implement.
| Framework / Community | Our role | How Orithos uses it | Relationship |
|---|---|---|---|
OWASP LLM Top 10 2025 edition | Submitted findings data from 200+ production agent scans to inform the 2026 edition update. | Every finding mapped to the specific OWASP LLM control it violates. | Contributor |
NIST AI RMF AI RMF 1.0 | Probe catalog mapped to GOVERN, MAP, MEASURE, and MANAGE functions. | NIST control mapping included in all Team and Business tier exports. | Fully mapped |
EU AI Act Regulation (EU) 2024/1689 | Engaged with EU AI Office technical consultation process. | Full Article 9, 13, 14, 15 evidence export in Business tier. | Contributor |
MITRE ATLAS AI Threat Landscape | All 25 probe categories mapped to MITRE ATLAS TTP identifiers. | Every finding card includes the MITRE ATLAS TTP for threat intelligence integration. | Contributor |
ISO/IEC 42001 AI Management System | Probe catalog aligned to Annex A controls. | Annex A control mapping available in compliance export. | Fully mapped |
FS AI RMF Financial Services AI Risk | Financial services sector probe pack developed with input from security engineers at regulated UK institutions. | CTL-07, CTL-08, CTL-09 mapping in financial sector scan reports. | Sector mapped |
What we commit to
every customer.
Security companies earn trust differently. These are the commitments we make โ in writing, not in marketing copy.
Scan your agents before a regulator โ or an attacker โ does it for you.
Early access spots remain. Security teams that establish their AI agent scanning programme now set the baseline before enforcement begins.