Noufal Digital LLC — audit.sekurely.io

We Find What's Leaking
Inside Your AI

No compliance PDFs. No generic checklists.
Only real vulnerabilities found using live tools.

✅ Sekurely.io — live AI scanner we built & shipped

✅ 4 tools run hands-on: Presidio · Langfuse · ChromaDB · LiteLLM

✅ Hands-on — NIST-based controls, prompt injection testing, AI threat modeling

✅ 30-Day AI Architecture bootcamp completed

⚡ Limited to 5 audits per week — hands-on work, not automated scans

Who needs an AI Security Audit?

If your business uses AI tools and handles real customer data — you need this.

🛒

E-commerce & Shopify Stores

Using AI for support, descriptions, or order automation? Customer names, emails, and order data are likely flowing through unprotected prompts right now.

⚠ Risk: PII leakage, no data policy

💼

SaaS Founders with AI Features

You built an AI chatbot into your product. Have you tested it for prompt injection? Can users extract your system prompt or manipulate responses?

⚠ Risk: Prompt injection, system prompt leak

🏢

SMBs Using AI Automation

Running n8n, Zapier, or Make with AI? Your API keys and customer data may be flowing through pipelines with zero logging or monitoring.

⚠ Risk: Exposed API keys, no audit trail

🤝

Agencies Building for Clients

You deliver AI solutions but haven't security-tested them. One breach reflects on you. Add our audit as a deliverable and charge more.

⚠ Risk: Client liability, trust damage

🏥

Healthcare & Wellness Apps

Any AI touching patient info must be HIPAA-aware. Most AI tools are not compliant out of the box — and most founders don't know it.

⚠ Risk: HIPAA violation, sensitive data in LLM

📊

Finance & Legal Teams

Using ChatGPT for contracts or modeling? Confidential data doesn't belong in public LLMs without enterprise data agreements in place.

⚠ Risk: Data exposure, compliance gap

Real work. Real proof.

Not certifications. Things we actually built, ran, and shipped — on our own VPS, with real tools.

LIVE PRODUCT

Sekurely.io — AI Security Scanner

Built and shipped a live SaaS with 3 active scanners: website/domain, CVE lookup, and email breach checker. Powered by n8n, OpenAI, Supabase, VirusTotal, and Google Safe Browsing. Running in production today.

→ sekurely.io

BOOTCAMP CAPSTONE

Private Financial Analyst AI

Production RAG system with PII stripping via Presidio, Cohere reranking, Langfuse cost tracking, Ragas evaluation, Prompt Guard, Arize Phoenix monitoring, and Terraform IaC on AWS. Every security layer implemented hands-on.

→ GitHub portfolio

presidio-pii-audit.py — VPS srv1589904 — 2026-04-25

===== PRESIDIO PII AUDIT SCAN =====
Auditor: Noufal Digital LLC

[SAMPLE 1] Customer John Smith emailed john.smith@gmail.com...
  ⚠ DETECTED: EMAIL_ADDRESS | confidence: 1.00
  ⚠ DETECTED: PERSON | confidence: 0.85
  ✓ ANONYMIZED: Customer <PERSON> emailed <EMAIL_ADDRESS>

[SAMPLE 5] User sarah.jones@company.com logged in from IP 192.168.1.10
  ⚠ DETECTED: EMAIL_ADDRESS | confidence: 1.00
  ⚠ DETECTED: IP_ADDRESS | confidence: 0.95
  ✓ ANONYMIZED: User <EMAIL_ADDRESS> logged in from IP <IP_ADDRESS>

===== SCAN COMPLETE =====

langfuse-observability-audit.py — VPS srv1589904 — 2026-04-25

===== LANGFUSE OBSERVABILITY AUDIT =====
Auditor: Noufal Digital LLC
Time: 2026-04-25 07:10:19

✓ Langfuse connection: OK
✓ Observability layer: ACTIVE

===== OBSERVABILITY CHECK COMPLETE =====

chromadb-vector-audit.py — VPS srv1589904 — 2026-04-25

===== CHROMADB VECTOR STORE AUDIT =====
Auditor: Noufal Digital LLC | Time: 2026-04-25 07:15:17

✓ Vector store connected
✓ Collection size: 5 documents

Scanning for PII in vector store chunks:

  [⚠ PII FOUND IN VECTOR STORE]
   Chunk: Customer John Smith SSN 123-45-6789 purchase history...
  [⚠ PII FOUND IN VECTOR STORE]
   Chunk: User email john@gmail.com credit card 4111-1111-1111...
  [⚠ PII FOUND IN VECTOR STORE]
   Chunk: Patient record DOB 01/15/1985 diagnosis: hypertension...

FINDING: Unfiltered PII detected in vector store chunks
FIX: Run Presidio anonymizer before indexing documents

===== CHROMADB AUDIT COMPLETE =====

What your report looks like

Every client gets a structured findings report — severity ratings, tool evidence, and a clear fix roadmap.

AI_Security_Audit_Report_[Client].pdf — SAMPLE

AI Security Audit Report

Client: [E-commerce SaaS] · Auditor: Ammara Noufal, Noufal Digital LLC · Date: April 2026
Tools Used: Presidio · LiteLLM · Langfuse · ChromaDB · Manual Injection Testing

CRITICAL

HIGH

MEDIUM

38/100

RISK SCORE

FINDING	SEVERITY	TOOL	FIX
Customer email addresses detected in 6 of 10 AI prompts sampled	CRITICAL	Presidio	Add Presidio anonymizer before prompt construction
System prompt extracted via roleplay jailbreak in 2 attempts	CRITICAL	Manual Test	Harden system prompt + add injection detection layer
OpenAI API key found in plain text in GitHub repo	CRITICAL	Manual Review	Rotate immediately. Move to AWS Secrets Manager
No rate limiting on public AI chatbot — DoS and cost attack possible	HIGH	LiteLLM	Configure rate limits via LiteLLM gateway
Zero logging on AI API calls — no way to detect misuse	HIGH	Langfuse	Deploy Langfuse tracing. Set anomaly alerts
PII found unfiltered in ChromaDB vector store chunks	MEDIUM	ChromaDB	Run Presidio on all documents before indexing

SAMPLE REPORT — Noufal Digital LLC · audit.sekurely.io · Representative example of audit output

Live Prompt Injection & PII Scanner

Pick an attack pattern or type your own. See what our detection logic catches.

sekurely-scanner — Live Detection Engine

LOAD ATTACK PATTERN:

INPUT TO SCAN:

⚡ Note: Demo shows detection logic. Full audit runs deeper backend scans with Presidio, LLM Guard, and Langfuse on your actual system.

Audit Packages

Flat-rate pricing. No hourly surprises. Delivered in days, not weeks.

⚡ Limited to 5 audits per week — hands-on work, not automated scans

TIER 01 — STARTER

$149 flat

⚡ 3-day delivery

Presidio PII scan on your prompts
Manual prompt injection test
Top 3 critical risks flagged
1-page findings PDF
48hr email support

TIER 02 — STANDARD

$349 flat

⚡ 5-day delivery

Full Presidio PII scan
Prompt injection + jailbreak test
LiteLLM gateway review
Langfuse observability check
ChromaDB / vector store scan
Full findings report (see sample)
Remediation roadmap
30-min debrief call

TIER 03 — PREMIUM

$699 flat

⚡ 7-day delivery

Everything in Standard
AWS IAM + Bedrock audit
RAG pipeline security check
Arize Phoenix monitoring setup
AI usage policy draft
60-min strategy call
30-day follow-up check

Ready to find out what's exposed?

Most businesses using AI have at least one critical vulnerability they don't know about. Share access, I run the scans, you get a clear report in 3–7 days. No fluff.

You share access

API keys, prompts, or repo — only what's needed for the scope

▶

I run live scans

Presidio, Langfuse, ChromaDB, manual injection tests on your actual system

▶

You get the report

Full findings PDF with severity ratings, tool evidence, and fix roadmap — in 3–7 days

▶

Debrief call

Optional 30–60 min call to walk through findings and answer questions

→ HIRE ON UPWORK 💬 WHATSAPP ✉ EMAIL

⚡ Limited to 5 audits per week — hands-on work, not automated scans

UPWORK PROPOSAL — COPY & SEND

Hi [Name], I noticed you're building with AI — I run practical security audits using real tools, not checklists. What I actually do: • Presidio scan — detects PII leaking into your LLM prompts • Manual injection test — attempts to extract your system prompt and override instructions • LiteLLM gateway review — rate limits, cost exposure, access control gaps • Langfuse check — are your AI calls even being logged? • ChromaDB / vector store scan — PII sitting unfiltered in your RAG pipeline I built Sekurely.io (live AI security scanner) and completed a 30-day AI architecture bootcamp using these tools hands-on in production. You can see real scan output and a sample report at audit.sekurely.io Quick question: do you have a customer-facing AI chatbot, or is this internal tooling? That determines which scan matters most. Ammara | Noufal Digital LLC audit.sekurely.io

LINKEDIN POST

🔐 We run actual AI security scans. Not checklists. Not PDFs. Here's what we find in almost every audit: ❌ Customer PII flowing through unprotected prompts (caught with Presidio) ❌ System prompts extracted via jailbreak — took under 2 minutes ❌ API keys in GitHub repos — found in 2 of our last 3 reviews ❌ PII sitting unfiltered inside ChromaDB vector stores ❌ Zero logging on AI calls — no way to detect misuse We built Sekurely.io and use Presidio, LiteLLM, Langfuse, and ChromaDB in real audits — not just read about them. See real scan output + sample report: audit.sekurely.io DM me "AUDIT" — first 15-min call is free. #AISecurity #LLMSecurity #Cybersecurity #AIAudit