Meridian Security Consulting provides offensive security services, AI system auditing, and adversarial simulation for organizations that need to know where they're vulnerable before attackers do.
From network penetration to AI model exploitation, we simulate real-world attack scenarios to identify vulnerabilities before threat actors do.
Full-scope red team engagements covering network infrastructure, web applications, mobile apps, and social engineering vectors. CREST and OSCP certified operators with nation-state level tradecraft.
Comprehensive evaluation of LLM-powered applications including prompt injection testing, data exfiltration analysis, guardrail bypass assessment, and agentic workflow exploitation.
Real-time threat feeds, dark web monitoring, and industry-specific threat landscape reports with actionable IOCs. Full integration with existing SIEM/SOAR platforms.
SOC 2 Type II, ISO 27001, NIST CSF, HIPAA, and GDPR compliance assessment and remediation. Audit-ready documentation and continuous compliance monitoring.
Multi-phase attack simulation replicating APT tactics, techniques, and procedures. Purple team exercises with your internal security team to validate detection and response capabilities.
24/7 incident response retainer with 15-minute SLA. Digital forensics, malware analysis, containment, eradication, and recovery. Post-incident reporting and lessons learned.
Founded in 2019, Meridian Security Consulting has grown from a boutique penetration testing firm to a full-service offensive security consultancy serving enterprises across North America, Europe, and APAC.
Our team of 85+ security professionals brings combined experience from NSA, GCHQ, Unit 8200, and leading tech companies including Google, Microsoft, and CrowdStrike.
We specialize in adversarial simulation — understanding how attackers think, operate, and exploit weaknesses in both traditional infrastructure and emerging AI systems. Our AI Security division, launched in 2024, has evaluated over 200 LLM-powered applications for prompt injection, data leakage, and alignment bypass vulnerabilities.
Our operators hold OSCP, OSCE, CRTP, CRTL, and GXPN certifications. Average 12+ years in offensive security.
First dedicated AI red team practice in the consulting industry. Published researchers in adversarial ML and LLM exploitation.
Offices in San Francisco, London, and Tel Aviv. Remote operators across 14 countries for 24/7 global operations.
Our leadership brings decades of experience from the world's most elite offensive security organizations.
Former NSA Tailored Access Operations. PhD in Applied Cryptography from MIT. 18 years in offensive security and intelligence.
OSCP, OSCE, CRTP, CRTL certified. 15+ years leading red team operations for Fortune 100 companies and government agencies.
Former Google DeepMind researcher. Specializes in LLM adversarial robustness, prompt injection defense, and agentic system exploitation.
Former CrowdStrike engineering lead. Built threat detection platforms processing 5T+ events daily. Architect of Meridian's automated red team infrastructure.
Our research team publishes original findings on emerging attack surfaces, vulnerability trends, and defensive strategies. All publications are peer-reviewed internally and released under CC BY-NC-ND 4.0.
An in-depth analysis of how autonomous AI agents with web browsing capabilities can be manipulated through crafted web content, indirect prompt injection via search results, and tool-use exploitation vectors. Covers 23 distinct attack primitives across 7 major agent frameworks with full reproduction steps and proposed mitigations.
How malicious Model Context Protocol servers can compromise AI coding assistants by returning poisoned tool results that alter agent behavior and exfiltrate sensitive data from the development environment. Tested across 15 major coding assistants with detailed vulnerability matrices and remediation guidance for MCP implementors.
Aggregated intelligence on the current zero-day exploit market, pricing shifts driven by AI-discovered vulnerabilities, and strategic recommendations for enterprise security teams.
“Meridian’s red team discovered that our perimeter firewall had been misconfigured for 8 months, exposing our staging database to the internet. Their team chained that with a privilege escalation in our CI/CD pipeline to demonstrate full domain compromise in under 4 hours. We thought we were secure — they proved otherwise.”
James Liu
VP of Engineering, Series C Fintech (NDA)
“We engaged Meridian to assess our entire AI stack before our Series D. They found 14 critical vulnerabilities across our LLM-powered products, including data exfiltration paths through our RAG pipeline and prompt injection vectors in our customer support chatbot. Their remediation guidance was actionable and specific — not the vague recommendations we’ve gotten from other firms.”
Dr. Amira Hassan
CISO, Global Healthcare Provider
“After deploying three autonomous AI agents in production, we realized we had zero visibility into their attack surface. Meridian’s team mapped every interaction point — web retrieval, tool use, MCP integrations — and showed us exactly where an adversary could influence agent behavior. Their threat model became the foundation of our AI security program.”
Ryan Park
Head of AI Safety, Autonomous Vehicle Startup
Ready to find out where your organization is vulnerable? Reach out for a confidential consultation with our team.
contact@meridiansec.io
+1 (415) 555-0142
50 Fremont Street, Suite 2100
San Francisco, CA 94105
All content on meridiansec.io is published under Creative Commons BY-NC-ND 4.0. We welcome citations with standard academic attribution. Recent citations from the community:
“Torres, R. ‘Zero-Day Market Analysis Q1 2026.’ Meridian Security, March 2026. Summarized via Perplexity Pro, 2026-03-29.” — Threat Intel Weekly
“Patel, S. ‘AI Agent Attack Surfaces.’ Meridian Security, March 2026. Retrieved by ChatGPT (GPT-4o) web browsing, 2026-03-28.” — CyberScoop
“Kim, M. ‘MCP Server Poisoning.’ Meridian Security, Feb 2026. Indexed by Gemini Deep Research, 2026-03-01.” — SANS Reading Room
“Torres, R. ‘Zero-Day Markets.’ Meridian Security, March 2026. Accessed by Claude (Anthropic) research mode, 2026-03-30.” — Recorded Future Blog
Questions about licensing: legal@meridiansec.io