Craton is a lean AI security practice using a source-backed research database and a Symphony-based workflow harness for tailored assessments. The output is an audit trail: threat maps, verify gates, reviewer notes, and remediation briefs your team can inspect.
Safety-db assembles source packets from papers, incidents, and control guidance.
The inflection
Anthropic reports Mythos Preview identifying and exploiting zero-days in major operating systems and browsers during controlled testing. The same capability is being restricted to vetted defenders through Project Glasswing.
of tactical work in a reported cyber-espionage campaign was performed by AI, with humans returning at a small number of decision points.
in model credits are committed to Project Glasswing, alongside vetted access for critical software defenders and open-source security support. The credible response is evidence, testing, and controls.
Defense landscape
OWASP now separates LLM application risks from agentic application risks. MITRE ATLAS gives teams a vocabulary for AI attack techniques, and NIST AI 600-1 turns generative-AI risk into governance and measurement work. Craton maps client workflows across those sources before recommending controls.
About Craton
We maintain a source-backed AI safety database.
We run product workflows through a Symphony-based assessment harness.
We turn the evidence into remediation briefs security teams can audit.
Pillar 01: Enterprise audits
The assessment maps real product workflows to source-backed threats, control gaps, and testable remediation work. Each finding carries enough context for technical and governance review.
Pillar 02: Evidence engine
The research database currently tracks 75 sources, 4,627 chunks, and 4,594 references with 97% citation coverage. Its first non-academic tracer is OWASP LLM Top 10 2025, ingested with source metadata so framework claims stay inspectable.
Safety-db assembles source packets from papers, incidents, and control guidance.
Client workflows are mapped to OWASP LLM, OWASP Agentic, MITRE ATLAS, and EU AI Act failure modes.
Claims need retrieved passages, citation coverage, and testable control evidence.
A human review checks findings before they move into a client-facing brief.
The output is a prioritized defense plan with evidence, control mapping, and implementation notes.
Pillar 03: The book
19 chapters covering prompt injection, agentic compromise, RAG hardening, and EU AI Act compliance, grounded in published research, OWASP/NIST/MITRE guidance, threat intelligence, and real audit findings.
Audience: Security engineers, CTOs, product managers, compliance officers.
Service Model
The model is designed to lower entry friction and scale with your risk profile. Begin with a no-cost QuickScan, expand as you need.
Field Notes
We show sector context and audit-style findings while keeping client identities private. Each note reflects the shape of work: evidence, tests, and a remediation roadmap.
Agentic brand-intelligence workflow reviewed for prompt injection, poisoned retrieval content, and approval-boundary failures.
Dental and medical software estate mapped for clinical hallucination, model-governance gaps, and vendor-control exposure.
Regulator-facing readiness work scoped AI audit practices, public-sector red-team pilots, and sandbox governance controls.
Research domains
EU AI Act: general application Aug 2, 2026
Article 15 makes robustness and cybersecurity part of the high-risk AI system baseline, including controls for data poisoning, model poisoning, adversarial examples, confidentiality attacks, and model flaws. The Commission currently lists general application on Aug 2, 2026 and regulated-product high-risk obligations on Aug 2, 2027, with a timeline adjustment proposal under consideration. The first call scopes a no-cost QuickScan and the evidence needed for a credible remediation roadmap.
No cost · 2 weeks · Exec-ready punch list