Skip to content
KAIX LAB

About KAIX LAB

Who we are.

We are an independent AI engineering and cybersecurity lab. We build systems that go into production and audit the ones already running. Ten years in the craft.

Tell us your caseSee AI & Automation

01 — Our story

Where we come from.

KAIX LAB was born inside real AI projects: agents leaking data, RAG systems with no access control, models in production with no evaluation evidence. We saw too many prototypes that collapsed the moment real users showed up.

We decided to build a lab that combines two disciplines the industry tends to keep apart: AI systems engineering and offensive security. People who build agents with security by design audit better; people who red team LLMs design sturdier architectures.

We work with European companies: SaaS startups, clinics, law firms, customer-service platforms.

02 — Principles

How we decide what to ship.

These four principles define which projects we accept, how we run them and what we put in writing. They are not slogans: they are the filters we apply every week.

  1. 01

    Bounded scope

    Every proposal names a use case, a scope and concrete deliverables. No open-ended projects.

  2. 02

    Production quality from day one

    Evaluation, observability and security controls from the start of the project, not bolted on at the end.

  3. 03

    We say what we think

    If AI isn't the right answer for your case, we tell you. If a simpler model is enough, the same.

  4. 04

    European frameworks

    We work with EU AI Act, GDPR, NIS2 and ISO 42001. We know them in detail and apply them to your case.

03 — How we work

Four phases, one responsibility.

Every engagement follows the same structure, sized to scope. No surprises in the invoice or the calendar: deliverables and acceptance criteria are agreed in writing before we start.

01 · Scope

Diagnosis

Technical session to understand the system, the data, the regulatory risks and the real goals. Output: signed scope and plan.

02 · Build

Construction

Short iterations with continuous evaluation. Code in your repository, technical documentation and weekly demos with your team.

03 · Harden

Hardening

Red teaming, prompt injection, access control and evidence review. We close findings before the production rollout.

04 · Operate

Operation

Hand-off to the internal team with runbooks, metrics and a maintenance plan. Optional ongoing support with an agreed SLA.

04 — In numbers

What backs up what we say.

Conservative, verifiable figures. We'd rather not count a project than invent a number.

Experience
10+ years

In applied AI, big data and offensive security in production.

Practices
2

AI & Automation and AI Cybersecurity & Compliance, integrated.

Regulation
EU AI Act

GDPR, NIS2 and ISO 42001 covered when the system requires it.

Geography
EU

Based in Madrid, on-site with clients across Europe when the project demands it.

05 — Team

You talk to whoever does the work.

The person on your first call is the one who will write the code or sign the audit. You always talk to whoever is doing the work.

When a project needs more hands, we bring in trusted collaborators with a verified technical profile.

Let's talk about your caseSee AI Security

Let's talk about your AI system.

We respond within 24 – 48 business hours. We'll suggest a first call to understand your case.

[email protected]
Start the conversation