Security
Security isn't optional. We build it, audit it, run it.
Ten years of sysadmin experience, plus modern AI security. Hungarian team, EU compliance context. Not a checkbox — part of the system.
Why it matters
4% of annual global turnover or €20M fine — whichever is higher.
Mandatory EU-wide since 2024. Enforced in Hungary too.
Average data breach cost globally in 2024 (IBM).
New vectors: prompt injection, RAG data leaks, tool abuse. These already show up in live apps.
01 · Traditional
What ten years taught us.
Software security is not one layer. We go from code to infrastructure, app to process — and say clearly where an external expert is needed.
- Penetration testing
- OWASP-based web and mobile pentests at application and infrastructure level.
- Security hardening
- Firewalls, VPN, access control. IaC review (Terraform, Ansible).
- 24/7 monitoring
- Log aggregation, anomaly detection, on-call rotation. Postmortem after every incident.
- Backup, DR, BCP
- Tested restore. Not "we have backups" — proven RTO/RPO.
- Compliance
- GDPR, NIS2, DORA, sector-specific. Audit-ready.
- Secure SDLC
- Code scanner, dependency scanner, secret detection, CI-blocking checks.
02 · AI-assisted
Where AI makes us better.
AI doesn't replace the specialist — it cuts the noise out of their day. More time for real risks.
AI-assisted code review
Automated review on every PR flagging vulnerability patterns, secret leakage, dependency risks.
AI security checks
Continuous infra + config scanning with LLM reasoning layered over static findings.
Log triage & anomaly
LLM-assisted first-pass on alerts. Human handoff at critical points.
03 · AI systems
New attack surface — new defense.
LLM apps introduce new vulnerability classes. We prepare for them specifically, and red-team them regularly.
Prompt injection testing
We red-team LLM apps before they see live traffic. Jailbreak, data exfil, tool abuse.
RAG & data governance
Access control, PII redaction, audit trail across the retrieval pipeline.
Model access control
Who can call which model with which data. Rate limits, budget killswitch.
Output filtering
Policy enforcement at the agent layer; PII, toxic content, confidential data.
On-prem as posture
Data never leaves your infrastructure. The strongest answer to 'can we put this through a cloud LLM?' for regulated clients.
Not sure where you stand?
Start with an audit interview. One hour, ends with a concrete picture. We reply within 2 business days.