About
Independent security review for AI-native systems
REDHEXX is a focused review of the attack surface your AI agents and MCP servers add, the part traditional appsec still skips. Independent, technical, and honest about where it is today.
What we bring
Independent, technical, honest
Not a generic pentest with an AI label. A specific, technical read of a surface most reviews still skip.
No platform to sell you and no vendor to defend. The findings are about your exposure, not our roadmap.
Grounded in how MCP and agent frameworks actually work: protocol behavior, tool schemas, and the trust assumptions between them.
We claim only what we can show. Every finding is evidence-backed, and we say so where something is a sample or a limitation.
Founder
Why I’m building REDHEXX
I kept watching teams bolt tools onto language models (MCP servers, agent frameworks, internal actions) and move fast, because it works. What I didn’t see was anyone checking what those agents could actually reach when someone pointed them the wrong way.
The security tooling we have was built for a world where software does what it’s told. Agents do what they’re convinced to do, and the blast radius is whatever tools you handed them. That’s a different problem, and it deserves a review that takes it seriously.
REDHEXX is my attempt to build that review: narrow, technical, and honest about where it is today. If that’s a gap you feel too, I’d like to hear from you.
Get in touch
Questions, or want to be an early design partner? Reach out to the founder directly, or join the waitlist.