Skip to content
mptr

Security

Security isn't optional. We build it, audit it, run it.

Ten years of sysadmin experience, plus modern AI security. Hungarian team, EU compliance context. Not a checkbox — part of the system.

Why it matters

GDPR

4% of annual global turnover or €20M fine — whichever is higher.

NIS2

Mandatory EU-wide since 2024. Enforced in Hungary too.

$4.88M

Average data breach cost globally in 2024 (IBM).

AI era

New vectors: prompt injection, RAG data leaks, tool abuse. These already show up in live apps.

01 · Traditional

What ten years taught us.

Software security is not one layer. We go from code to infrastructure, app to process — and say clearly where an external expert is needed.

Penetration testing
OWASP-based web and mobile pentests at application and infrastructure level.
Security hardening
Firewalls, VPN, access control. IaC review (Terraform, Ansible).
24/7 monitoring
Log aggregation, anomaly detection, on-call rotation. Postmortem after every incident.
Backup, DR, BCP
Tested restore. Not "we have backups" — proven RTO/RPO.
Compliance
GDPR, NIS2, DORA, sector-specific. Audit-ready.
Secure SDLC
Code scanner, dependency scanner, secret detection, CI-blocking checks.

02 · AI-assisted

Where AI makes us better.

AI doesn't replace the specialist — it cuts the noise out of their day. More time for real risks.

01

AI-assisted code review

Automated review on every PR flagging vulnerability patterns, secret leakage, dependency risks.

02

AI security checks

Continuous infra + config scanning with LLM reasoning layered over static findings.

03

Log triage & anomaly

LLM-assisted first-pass on alerts. Human handoff at critical points.

03 · AI systems

New attack surface — new defense.

LLM apps introduce new vulnerability classes. We prepare for them specifically, and red-team them regularly.

Prompt injection testing

We red-team LLM apps before they see live traffic. Jailbreak, data exfil, tool abuse.

RAG & data governance

Access control, PII redaction, audit trail across the retrieval pipeline.

Model access control

Who can call which model with which data. Rate limits, budget killswitch.

Output filtering

Policy enforcement at the agent layer; PII, toxic content, confidential data.

On-prem as posture

Data never leaves your infrastructure. The strongest answer to 'can we put this through a cloud LLM?' for regulated clients.

Not sure where you stand?

Start with an audit interview. One hour, ends with a concrete picture. We reply within 2 business days.