General Analysis

Inventory, red-team, and forecast system risk across every AI stack.

AI Detection and Response

Detect, investigate, and contain risky behavior across known agents, shadow AI, copilots, MCPs, and production workflows.

AI Security Asset Management

Inventory models, knowledge bases, MCPs, and agent pipelines while scanning for prompt injections, data leaks, etc.

Automated AI Red Teaming

Context-aware red-teaming that maps tool graphs and generates multi-step exploits before every release.

Runtime Guardrails & Observability

Apply runtime controls derived from red-team findings while monitoring for poisoning and drift.

Blueprints for employee, customer, creative, healthcare, legal, and insurance copilots.

Employee AI Copilots

Secure ChatGPT, Claude Cowork, Microsoft Copilot, Gemini, Slack AI, and other workplace copilots.

AI Coding Agents

Repo-scoped traces, command gates, tool policy, and PR evidence keep coding agents from deleting prod or leaking logic.

Text & Voice Customer Support

Ground every support reply in approved KBs, log escalations, and hand off to humans when cases go off-script.

Content Generation & Moderation

Lock creative models to approved templates, run watermark and deepfake checks, and enforce brand controls.

Media & Marketing

Automated fact-check passes and claim substantiation keep campaigns accurate and regulator-ready.

Healthcare Copilots

Tie clinical copilots to curated guidelines, PHI-safe guardrails, and HIPAA-ready audit trails.

Legal Assistants

Force citations from vetted research databases and log every draft for privilege and ethics reviews.

Financial Copilot

Support banking, lending, and insurance workflows without off-policy advice, data leaks, or regulatory drift.

Frontline writeups and technical writeups from the GA team.

Deep dives on AI security and safety trends.

Evergreen explainers on red teaming, guardrails, and agent security.

Learn more about us

About General Analysis

Get to know our mission.

Join our fast-growing team.

Get a Consultation

Loading page...

General Analysis

General Analysis delivers context-aware red-teaming and vulnerability forecasting for enterprise AI agents, distilling attack findings into practical runtime controls such as custom guardrails.

Newsletter

Research updates and product news from the General Analysis team.

Email address

Platform

Automated AI Red Teaming AI Detection and Response Runtime Guardrails & Observability AI Security Asset Management

Resources

Blogs Guides Open Source

Company

About Book a Demo Email Us

© 2025 General Analysis. All rights reserved.

Terms of Service Privacy Policy Status

Home
Authors

Author profile

Rez Havaei

Co-founder & CEO, General Analysis

Email ↗LinkedIn ↗X ↗

25 works

Authored research and guides

Guide·PLAYBOOK
Claude Code Enterprise Security Deployment
Enterprise deployment guide for Claude Code security across managed settings, identity, dev containers, proxy controls, MCP, hooks, OpenTelemetry, CI/CD, and governance.
May 22, 2026 · 24 min read
Guide·PLAYBOOK
Claude Code Control and Observability with OpenTelemetry
A practical guide to Claude Code observability and control with OpenTelemetry, including metrics, events, traces, tool decisions, hooks, MCP activity, SIEM routing, privacy controls, and enterprise rollout.
May 22, 2026 · 23 min read
Guide·PLAYBOOK
Claude Code Settings, Permissions, and Bash Tool Security
A practical guide to Claude Code settings, permission rules, Bash tool controls, hooks, MCP allowlists, telemetry, and safe defaults for developer teams.
May 21, 2026 · 21 min read
Guide·PLAYBOOK
Best Automated Penetration Testing Platforms in 2026
A practical 2026 buyer guide to automated penetration testing platforms, autonomous pentesting, automated security validation, CTEM, DAST, BAS, and AI security testing.
May 21, 2026 · 18 min read
Guide·PLAYBOOK
Best AI Security Platforms in 2026
A practical 2026 buyer guide to AI security platforms across AI red teaming, agentic AI security, prompt injection protection, runtime controls, AI posture management, model supply chain security, and AI TRiSM.
May 21, 2026 · 16 min read
Guide·PLAYBOOK
security guidance for Claude Cowork and risks
Claude Cowork can reach local files, browser sessions, plugins, MCP servers, scheduled tasks, connectors, and approved desktop apps. This guide explains the main Claude Cowork risks and the security controls enterprises should put in place before broad rollout.
May 20, 2026 · 13 min read
Guide·PLAYBOOK
Anthropic Claude Code Security Best Practices
Security best practices for Anthropic Claude Code across permissions, Bash, hooks, MCP, sandboxing, proxy controls, telemetry, and CI/CD workflows.
May 20, 2026 · 22 min read
Guide·PLAYBOOK
How to Secure Claude Code
A practical enterprise guide to securing Claude Code with permissions, sandboxed Bash, dev containers, managed settings, MCP allowlists, hooks, proxy controls, OpenTelemetry, and CI/CD release gates.
May 19, 2026 · 22 min read
Guide·PLAYBOOK
Best AI Red Teaming and Adversarial Testing Tools in 2026
A practical 2026 comparison of AI red teaming and adversarial testing tools across automated red teaming, LLM security testing, prompt injection coverage, agentic AI testing, multi-step tool-chain attacks, framework support, and enterprise readiness.
May 19, 2026 · 18 min read
Guide·PLAYBOOK
How to Secure Coding Agents
A concise summary of the General Analysis technical whitepaper on securing Claude Code, OpenAI Codex, Cursor, Windsurf, Devin, GitHub Copilot, and Claude Cowork.
May 11, 2026 · 6 min read
Guide·PRIMER
MCP Server Security: A Threat Model for Agent Tool Supply Chains
The Model Context Protocol expanded what AI agents can reach, and expanded the attack surface across at least nine distinct vectors. A primary-source threat model for MCP servers, with concrete controls, real CVEs, and the GA Supabase exploit walked end to end.
May 2, 2026 · 16 min read
Guide·FRAMEWORK
Claude Cowork vs Claude Code: Security Differences for Enterprise
Claude Cowork and Claude Code share an agentic architecture but ship very different enterprise controls. A primary-source comparison of sandbox, network, audit-log, MCP, and decision-framework differences for security teams.
May 1, 2026 · 10 min read
Guide·PLAYBOOK
How to Secure Claude Cowork
Claude Cowork brings Claude Code-style agentic work to local files, browsers, apps, plugins, and scheduled tasks. Here is how to put a middleman proxy, browser controls, computer-use limits, and enterprise monitoring around it before using it on real work.
April 30, 2026 · 16 min read
Blog·NEWS
General Analysis raises $10M to build the security arsenal for the agentic era
General Analysis has raised $10M in seed funding to build the enterprise security layer for agentic systems.
April 29, 2026 · 4 min read
Blog·RESEARCH
Supabase MCP can leak your entire SQL database
In this post, we show how an attacker can exploit Supabase’s MCP integration to leak a developer’s private SQL tables. Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces.
April 10, 2026 · 8 min read
Blog·RESEARCH
50+ customer service agents offer $10,000,000+ in fabricated benefits
50+ customer service agents offer a combined $10,000,000+ in fabricated benefits.
March 22, 2026 · 10 min read
Blog·PRODUCT UPDATES
Guardrail Release
Open-source release of the GA Guard series, a family of safety classifiers that have been providing comprehensive protection for enterprise AI deployments for the past year.
October 1, 2025 · 7 min read
Blog·RESEARCH
Claude Jailbroken to Mint Unlimited Stripe Coupons
We reveal a powerful metadata-spoofing attack that exploits Claude's iMessage integration to mint unlimited Stripe coupons or invoke any MCP tool with arbitrary parameters, without alerting the user.
July 16, 2025 · 7 min read
Blog·RESEARCH
Exploiting Partial Compliance: The Redact-and-Recover Jailbreak
We present the Redact & Recover (RnR) Jailbreak, a novel attack that exploits partial compliance behaviors in frontier LLMs to bypass safety guardrails through a two-phase decomposition strategy.
July 7, 2025 · 8 min read
Blog·RESEARCH
Case Study: Light-Weight Policy Moderators for Indeed Job Postings
Our compact policy moderation models achieve human-level performance at <1% per-review cost, outperforming GPT-4o and o4‑mini on F1 while running faster and cheaper.
May 25, 2025 · 8 min read
Blog·RESEARCH
Comparative Adversarial Analysis of Llama 4 Models
A head-to-head robustness evaluation of Llama 4 (Maverick, Scout) versus GPT‑4.1, GPT‑4o, Sonnet 3.7, etc. using TAP‑R, Crescendo, and Redact‑and‑Recover across HarmBench and AdvBench.
May 10, 2025 · 10 min read
Blog·NEWS
General Analysis x Together AI
We are excited to announce our partnership with Together AI to stress-test the safety of open-source (and closed) language models.
May 6, 2025 · 2 min read
Blog·RESEARCH
The Jailbreak Cookbook
We have created a comprehensive overview of the most influential LLM jailbreaking methods.
March 21, 2025 · 40 min read
Blog·RESEARCH
Generating Diverse Test Cases with Diversity Transfer from LegalBench
We utilized LegalBench as a diversity source to enhance the diversity of our generation of red teaming questions. We show that diversity transfer from a domain-specific knowledge base is a simple and practical way to build a solid red teaming benchmark.
February 19, 2025 · 5 min read
Blog·RESEARCH
Red Teaming GPT-4o: Uncovering Hallucinations in Legal AI Models
In this work we explore automated red teaming, applied to GPT-4o in the legal domain. Using a Llama3 8B model as an attacker, we generate more than 50,000 adversarial questions that cause GPT-4o to hallucinate responses in over 35% of cases.
January 23, 2025 · 5 min read