Skip to main content

The S-Unit

How targenio builds secure enterprise AI agents for the future of service

Clientcase Targenio: Building trust in enteprise ai agents

AI agents are rapidly transforming how organizations deliver service, share knowledge, and support customers. But as AI becomes more deeply connected to business-critical systems, the security risks grow just as fast.

That is why targenio partnered with The S-Unit to perform an extensive penetration test on its AI Agent Creator platform.

Enterprise AI requires enterprise-grade security

targenio develops AI-powered service solutions for enterprise organizations, including customers such as Mercedes-Benz and DHL. The company focuses on helping organizations improve service efficiency and unlock new service revenue streams through AI-driven assistance.

Its platform enables organizations to create AI agents that connect directly with systems such as SAP, Jira, Salesforce, and Confluence. Through these integrations, AI agents can retrieve information, automate workflows, and support both customers and employees in real time. But those same integrations also significantly expand the attack surface.

“AI agents are becoming deeply integrated into core business processes. That means organizations must be able to trust not only the AI itself, but also the integrations, permissions, and architecture surrounding it,”
- Holger Herrmann, lead developer and head of product development at targenio.

That challenge is becoming increasingly important across the AI landscape. Based on our experience assessing dozens of AI agents and AI-powered applications, we frequently see organizations struggle with:

  • AI agents with excessive permissions,
  • insecure tenant separation
  • prompt injection vulnerabilities,
  • insecure inter-agent communication,

 

The experience reinforced how important security is to targenio and its customers. By continuously investing in security knowledge and training, the company helps its teams stay ahead of emerging threats.

Going beyond traditional penetration testing

To validate the resilience of the platform, targenio partnered with The S-Unit for an extensive AI-focused penetration test. The assessment combined an architecture security review, a white-box penetration test of the Mendix platform, an AI agent penetration test and an assessment of the external infrastructure.

The goal was to validate how securely the entire AI-ecosystem operated in practice. During the assessment, the team focused on key security questions around tenant isolation, access control and the secure operation of AI agents, including the risk of exposing sensitive business information.

Particular attention was given to the AI agents themselves. The testing included offensive security assessments based on the OWASP Agentic Top 10, covering risks such as Agent Goal Hijacking, Tool Misuse & Exploitation, Identity & Privilege Abuse, Memory & Context Poisoning and Insecure Inter-Agent Communication.

  • Agent Goal Hijacking;
  • Tool Misuse & Exploitation;
  • Identity & Privilege Abuse;
  • Memory & Context Poisoning;
  • Insecure Inter-Agent Communication.

From Mendix CTF to security partnership

targenio’s collaboration with The S-Unit started within the Mendix community.

Holger Herrmann and two colleagues from targenio recently participated in the Mendix Capture the Flag (CTF) event, organized and sponsored by The S-Unit. During the event, participants were challenged to step into the shoes of an attacker and identify vulnerabilities in realistic Mendix environments. As the driving force behind the event, The S-Unit designed and developed most of the offensive security challenges based on real-world attack techniques and vulnerabilities encountered during Mendix security pentests.

Security earlier in the development process

The project reinforced the importance of integrating security earlier into architecture and design decisions, especially when developing AI-driven applications connected to sensitive enterprise environments.

The process helped validate architectural choices, strengthen internal security awareness, and provide additional assurance to enterprise customers evaluating AI solutions.

Throughout the assessment, The S-Unit acted as a sparring partner, helping targenio evaluate security design decisions and identify opportunities to further strengthen the platform.

As a next step, targenio will participate in The S-Unit’s Mendix Security training to further strengthen internal security knowledge and help developers incorporate security considerations in each stage of the SDLC.

Building trust in enterprise AI

Proactive AI security testing is ultimately about building trust.

As AI agents become more deeply embedded into daily operations, secure AI development will increasingly become the new standard. With its innovative AI-powered platform and a strong commitment to security, targenio is already leading by example.

By continuously investing in security assessments, trainings and regularly validating its environment through penetration testing, the company demonstrates that innovation and security can go hand in hand.

Want to learn more about AI penetration testing or Mendix security? Feel free to contact us to explore the possibilities.