Catch the tenant-leak bug before launch.

A new vector DB, a new MCP server, a new agent framework, a new semantic cache — each is a fresh chance to ship a cross-tenant leak. Code review catches typos; threat modelling catches design flaws; neither catches the 95.4% Retrieval-Pivot Rate the published research found in production hybrid RAG. Sectum AI measures it before you ship.

Start with the OSS Talk to us about a hosted run

The probes that find the launch-blocker

Organic entity-bleed RAG (Class 2)

Benign cross-tenant queries that surface foreign data via shared organic entities (shared people, vendors, compliance terms, amounts, dates). Returns a headline Retrieval-Pivot Rate — the metric that flagged the 95.4% leakage in published research.

MCP confused-deputy + token-passthrough (Class 7)

Tool-call hijacking sub-probes against an MCP server — the Asana-class failure mode that affected ~1,000 enterprises in May 2025. If your MCP server lost tenant context, Sectum AI catches it before your prospects do.

Semantic-cache contamination (Class 4)

Prime the cache as tenant X with a canary-bearing answer; semantically near query as tenant Y; canary surfaces in tenant Y's response = leak. Common failure mode when the cache key does not incorporate tenant scope.

LoRA / adapter cross-tenant influence (Class 9)

Per-tenant fine-tunes that bleed memorized content across tenants, and adapter mis-routing that runs tenant X's adapter on tenant Y's inference. Caught with manifest-grounded memorisation probes.

How to run it

Self-serve with the OSS. Install pip install sectum-ai; run sectum-ai init, sectum-ai seed, sectum-ai probe --output json; read the findings. Free, Apache-2.0, no signup. Most teams start here.
Wire into CI. sectum-ai probe --output json gives you a single JSON object on stdout that a CI step can act on. Fail the build if the Retrieval-Pivot Rate crosses a threshold; open an issue if a new probe lights up.
Upgrade to a hosted run. When the launch is a board-visible release and you want a third-party-signed attestation that the launch is clean, talk to us about the Trust Evidence Pack or a Continuous tier.

What the OSS already does

Provisions synthetic tenants, plants cryptographic canary markers, records a hashed ground-truth manifest
Runs 11 attack-class probes from each tenant's session
Detects findings against the manifest (zero false positives by construction)
Emits a run.json with per-probe findings, the Retrieval-Pivot Rate, per-embedding-model rates when Class 2 sweeps models
Produces a tamper-evident PDF + JSON evidence pack (sectum-ai report); verifies it independently (sectum-ai verify)

When to upgrade from the OSS

The OSS gives you the engineering team's view: did the new feature leak? Upgrade to a hosted SKU when:

You need a third-party attestation to hand to a customer's security team or an auditor
You want scheduled runs and a dashboard, not just ad-hoc local execution (Continuous tier)
You want regression baselines to flag when a model / embedding / prompt change raises the leak rate
You want calibrated semantic-similarity thresholds against your specific embedding model rather than the OSS defaults

Engagement

The OSS is free under Apache-2.0. For continuous, managed verification — scheduled runs against a long-lived stack with an evidence pack delivered each cycle — start an engagement for a quote.

Start with the OSS See engagements