AI Security & Privacy
Data audit, on-prem LLMs on your server, GDPR/HIPAA-ready architecture without headaches.
When you need this service
Three typical triggers:
- Regulatory requirement — GDPR for EU customers, HIPAA for US healthcare, FZ-152 for Russian personal data, sector-specific (banking, insurance, legal)
- Strategic independence — you don’t want to depend on OpenAI/Anthropic potentially cutting service, changing prices, or shifting policy
- Sensitive data — internal docs, customer correspondence, contracts, R&D research
If one applies, this service covers all three.
Threat model
On the audit we check seven typical risks:
- Vendor leakage — data lands in OpenAI/Anthropic logs, can be subpoenaed by foreign authorities
- Prompt injection — user bypasses system prompt with crafted input
- Data leakage between users — AI remembers one user’s context and talks about it to another
- Jailbreak — bypassing model safety filters for harmful content
- Tool misuse — agent uses available tools for unintended actions (e.g., data deletion)
- Secret exfiltration — API keys, passwords, tokens leak into prompts and logs
- Compliance gaps — missing access log, consents, retention policy
”Secure by default” architecture
Default architecture:
- Layer isolation — frontend → API gateway with auth → AI service without direct DB access → constrained tool set with permission checks
- Encryption at rest — all DBs encrypted (Postgres TDE or filesystem-level)
- Secret management — no tokens in code or env files; HashiCorp Vault or Cloudflare Secrets
- Audit-log pipeline — every user request and AI decision in a separate read-only DB
- RBAC — admin role model, least privilege
- Rate limiting — defense against overload and abuse
Local models — selection criteria
Model choice depends on task and hardware:
- Llama 3 8B — great for classification, data extraction, simple QA. Runs on RTX 3090/4090. 30-80 tok/sec.
- Llama 3 70B — close to GPT-4 quality. Needs A100 80GB or 2× A6000. 8-20 tok/sec.
- Mistral 7B / Mistral Large — strong on European languages, Mistral Large commercial version excellent.
- Qwen 2.5 — strong reasoning, excellent multilingual.
On the audit we test several models on your tasks and pick the optimal “quality × inference cost” ratio.
Compliance documentation
Post-deployment deliverables:
- Record of processing for GDPR Article 30
- Privacy policy and consents in audit-ready format
- DPIA (Data Protection Impact Assessment) for high-risk EU deployments
- Self-check checklist for your team
Get started
Book a free 2-day audit. We’ll review your current AI deployment (if any) or planned architecture, deliver a written report with prioritized risks and recommendations.
What you get
Data stays inside
Local models on your VPS / GPU server. No sensitive data sent to OpenAI/Anthropic if you don't want.
Regulator compliance
Audit and configuration for GDPR (EU), HIPAA (US health), FZ-152 (Russia). Documentation for auditors, data access log.
Prompt injection defense
Hardened system prompts, input validation, agent tool restrictions, full audit log of all actions.
Encryption and access control
Encryption at rest, secret management (Vault / Cloudflare Secrets), RBAC for admin panels.
How we work
- 01
Current state audit · 2 days
Map where personal/commercial data flows today, what goes to cloud, what risks exist.
- 02
Architecture and plan · 2 days
Propose target architecture — what stays cloud, what goes local, how to isolate sensitive.
- 03
Local model deployment · 4-5 days
Llama 3 / Mistral on your GPU server (or rented). Test quality against cloud baselines.
- 04
Handoff and training · 1 day
Documentation, team training, self-check checklist.
Tech stack
Pricing
Frequently asked
Book a 30-minute audit.
In half an hour we'll know if there's a reason to go further. If not — we'll say so.